Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected - Random ads pop up in both IE and Mozilla


  • This topic is locked This topic is locked
43 replies to this topic

#1 caddie444

caddie444

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 15 December 2009 - 04:29 PM

Hello all,

brand new to the forum, been having problems recently with both browsers (IE and Mozilla) I had been infected with "Security Tool" and performed a system restore recently. The program disappeared but then I started having random ads pop up in my browsers and do not know how to fix the problem. Any help is greatly appreciated. :(

Caddie444



DDS File:


DDS (Ver_09-12-01.01) - NTFSx86
Run by matt at 13:07:06.22 on Tue 12/15/2009
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_05
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3326.2199 [GMT -8:00]

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Trend Micro Internet Security *disabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox1.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\matt\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ncix.com
uDefault_Page_URL = hxxp://www.ncix.com
mDefault_Page_URL = hxxp://www.ncix.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe
mRun: [EasyTuneV] c:\program files\gigabyte\et5\ETcall.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [RegistryMonitor1] "c:\windows\temp\xxkt.tmp\svchost.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\gammat~1.lnk - c:\program files\magictune premium\GammaTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\matt\appdata\roaming\mozilla\firefox\profiles\dsnhy55m.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np32dsw.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2008-2-15 141840]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-9-19 65536]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-4-26 52624]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-2-15 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2008-2-15 234512]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-9-30 33792]
R3 MarkFun_NT;MarkFun_NT;c:\program files\gigabyte\et5\MARKFUN.W32 [2007-10-3 19776]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2007-10-5 16896]
S4 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2008-8-4 488768]
S4 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-8-4 648456]

=============== Created Last 30 ================

2009-12-15 20:48:36 0 d-----w- c:\program files\TrendMicro
2009-12-15 17:29:03 0 d-sh--w- C:\found.002
2009-12-15 06:21:07 0 d-----w- c:\users\matt\appdata\roaming\Malwarebytes
2009-12-15 06:21:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-15 06:21:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-15 06:21:02 0 d-----w- c:\programdata\Malwarebytes
2009-12-15 06:21:02 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-15 06:12:52 65536 --sha-w- c:\users\matt\ntuser.dat{0b6a174c-e93d-11de-a37b-001a4d516664}.TM.blf
2009-12-15 06:12:52 524288 --sha-w- c:\users\matt\ntuser.dat{0b6a174c-e93d-11de-a37b-001a4d516664}.TMContainer00000000000000000002.regtrans-ms
2009-12-15 06:12:52 524288 --sha-w- c:\users\matt\ntuser.dat{0b6a174c-e93d-11de-a37b-001a4d516664}.TMContainer00000000000000000001.regtrans-ms
2009-12-09 21:24:00 0 d-----w- c:\program files\Mozilla Firefox 3.6 Beta 4
2009-12-09 11:02:11 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 11:02:11 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 11:02:10 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-08 23:01:01 378368 ----a-w- c:\windows\system32\winhttp.dll
2009-12-08 23:00:24 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-08 23:00:24 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-07 22:16:33 0 d-----w- c:\programdata\Lavasoft
2009-12-07 22:16:33 0 d-----w- c:\program files\Lavasoft
2009-12-07 21:15:45 0 d-----w- c:\users\matt\appdata\roaming\QuickScan
2009-12-07 20:44:15 0 d-----w- c:\programdata\34d8166
2009-11-25 11:00:50 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 07:40:38 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 07:40:37 1257472 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 07:40:35 714240 ----a-w- c:\windows\system32\timedate.cpl

==================== Find3M ====================

2009-12-15 06:10:38 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-09-25 16:41:28 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41:26 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41:26 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41:26 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41:26 696320 ----a-w- c:\windows\system32\DivX.dll
2009-07-03 10:23:56 174 --sha-w- c:\program files\desktop.ini
2009-07-03 10:22:42 86016 ----a-w- c:\windows\inf\infstor.dat
2009-07-03 10:22:42 51200 ----a-w- c:\windows\inf\infpub.dat
2009-07-03 10:22:41 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-07-03 10:16:22 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:08:03.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:06:43 AM

Posted 28 December 2009 - 12:21 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Shannon

#3 caddie444

caddie444
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 28 December 2009 - 03:41 PM

Hi Shannon thanks for the reply!

There has been one change since my last post, random ads are still popping up when I am trying to click links on google, but something else is also happening. When I am randomly surfing the web, a separate window will pop up with 5 tabs which include some non-sensical web domains and the link to my c:\windows\system32 file.

Here is the DDS file:

DDS (Ver_09-12-01.01) - NTFSx86
Run by matt at 12:29:44.76 on Mon 12/28/2009
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3326.2306 [GMT -8:00]

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Trend Micro Internet Security *disabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\qtplugin.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 4\firefox.exe
C:\Users\matt\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ncix.com
uDefault_Page_URL = hxxp://www.ncix.com
mDefault_Page_URL = hxxp://www.ncix.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [RegistryMonitor1] "c:\windows\system32\qtplugin.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe
mRun: [EasyTuneV] c:\program files\gigabyte\et5\ETcall.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RegistryMonitor1] c:\windows\system32\qtplugin.exe
dRun: [RegistryMonitor1] "c:\windows\temp\uqhe.tmp\svchost.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\gammat~1.lnk - c:\program files\magictune premium\GammaTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: crash_report - {495FE683-6249-4A05-8D1A-8F7CD8DF5A6D} - c:\windows\system32\crash_report.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\matt\appdata\roaming\mozilla\firefox\profiles\dsnhy55m.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.6 beta 4\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2008-2-15 141840]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-9-19 65536]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-4-26 52624]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-2-15 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2008-2-15 234512]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-9-30 33792]
R3 MarkFun_NT;MarkFun_NT;c:\program files\gigabyte\et5\MARKFUN.W32 [2007-10-3 19776]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-22 135664]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2007-10-5 16896]
S4 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2008-8-4 488768]
S4 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-8-4 648456]

=============== Created Last 30 ================

2009-12-25 22:17:20 54156 ---ha-w- c:\windows\QTFont.qfn
2009-12-25 22:17:20 1409 ----a-w- c:\windows\QTFont.for
2009-12-23 08:35:28 110166 ----a-w- c:\users\matt\rosechristmaspiano.cpr
2009-12-23 07:05:49 165583 ----a-w- c:\users\matt\rosechristmaspart2-01.cpr
2009-12-23 06:12:45 207725 ----a-w- c:\users\matt\rosechristmaspart2.cpr
2009-12-23 06:07:10 102233 ----a-w- c:\users\matt\roshechristmasWpizz.cpr
2009-12-23 00:49:20 264610 ----a-w- c:\users\matt\rosechristmas.cpr
2009-12-20 13:15:42 489984 ----a-w- c:\windows\system32\qtplugin.exe
2009-12-17 04:01:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-17 03:53:38 0 d-----w- c:\program files\Microsoft
2009-12-16 03:02:14 0 d-----w- c:\users\matt\appdata\roaming\mIRC
2009-12-15 20:48:36 0 d-----w- c:\program files\TrendMicro
2009-12-15 17:29:03 0 d-sh--w- C:\found.002
2009-12-15 06:21:07 0 d-----w- c:\users\matt\appdata\roaming\Malwarebytes
2009-12-15 06:21:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-15 06:21:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-15 06:21:02 0 d-----w- c:\programdata\Malwarebytes
2009-12-15 06:21:02 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-15 06:12:52 65536 --sha-w- c:\users\matt\ntuser.dat{0b6a174c-e93d-11de-a37b-001a4d516664}.TM.blf
2009-12-15 06:12:52 524288 --sha-w- c:\users\matt\ntuser.dat{0b6a174c-e93d-11de-a37b-001a4d516664}.TMContainer00000000000000000002.regtrans-ms
2009-12-15 06:12:52 524288 --sha-w- c:\users\matt\ntuser.dat{0b6a174c-e93d-11de-a37b-001a4d516664}.TMContainer00000000000000000001.regtrans-ms
2009-12-11 09:37:56 536576 ----a-w- c:\windows\system32\crash_report.dll
2009-12-09 21:24:00 0 d-----w- c:\program files\Mozilla Firefox 3.6 Beta 4
2009-12-09 11:02:11 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 11:02:11 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 11:02:10 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-08 23:01:01 378368 ----a-w- c:\windows\system32\winhttp.dll
2009-12-08 23:00:24 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-08 23:00:24 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-07 22:16:33 0 d-----w- c:\programdata\Lavasoft
2009-12-07 22:16:33 0 d-----w- c:\program files\Lavasoft
2009-12-07 21:15:45 0 d-----w- c:\users\matt\appdata\roaming\QuickScan
2009-12-07 20:44:15 0 d-----w- c:\programdata\34d8166

==================== Find3M ====================

2009-12-21 00:03:22 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41:23 2048 ----a-w- c:\windows\system32\tzres.dll
2009-07-03 10:23:56 174 --sha-w- c:\program files\desktop.ini
2009-07-03 10:22:42 86016 ----a-w- c:\windows\inf\infstor.dat
2009-07-03 10:22:42 51200 ----a-w- c:\windows\inf\infpub.dat
2009-07-03 10:22:41 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-07-03 10:16:22 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 12:31:02.97 ===============

Attached is the Attach.txt file

thanks again

Attached Files



#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:43 AM

Posted 28 December 2009 - 10:42 PM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.Posted Image
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  • Push Posted Image
  • A report will open. Copy and Paste that report in your next reply.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
==========

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

==========

Download LockSearch by jpshortstuff to your desktop
  • A window will pop up, Press 2 and then Enter.
  • A scan will start, let it run uninterrupted.
  • It should only take a few minutes.
  • A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop.
  • Post the contents of the log in your reply
==========

With your next post please provide:

* OTL.txt
* Extra.txt
* Gmer log
* LockSearch log

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 caddie444

caddie444
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 29 December 2009 - 12:37 AM

Hi Thcbytes and thanks in advance for the assistance!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.


I just want to be clarify the above quote. Do you want me to completely disable all anti-malware, antivirus programs that I have on my computer? Even windows defender, windows firewall etc? Or do you just mean you want me to only use the programs that you specify to handle the situation?

Thank you for the clarification, hope the holidays are treating you well!

Caddie444

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:43 AM

Posted 29 December 2009 - 10:36 AM

Hello,
I do not want you doing things other than what I specifically recommend. In regards to disabling antivirus software I will specifically instruct you in that regard when the time comes. So for now just run the programs I have recommended and do not disable anything unless I specifically instruct you to do so.
Thanks,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 caddie444

caddie444
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 29 December 2009 - 05:52 PM

OTL.txt:

OTL logfile created on: 12/29/2009 12:59:10 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\matt\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 36.87 Gb Free Space | 12.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATT
Current User Name: matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/29 12:57:39 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
PRC - [2009/12/22 21:10:12 | 00,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/12/20 05:15:35 | 00,489,984 | ---- | M] () -- C:\Windows\System32\qtplugin.exe
PRC - [2009/12/19 09:15:52 | 00,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3.6 Beta 4\firefox.exe
PRC - [2009/12/16 20:01:43 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/12/25 10:58:02 | 00,107,832 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
PRC - [2008/12/25 10:57:54 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2008/10/28 22:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/19 06:30:34 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/09/19 02:03:58 | 00,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2008/01/18 23:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2007/07/03 11:32:16 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007/06/11 15:01:24 | 00,086,016 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
PRC - [2007/05/10 15:52:00 | 00,019,968 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTXFIHLP.EXE
PRC - [2007/05/10 15:51:56 | 00,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTHELPER.EXE
PRC - [2007/05/10 15:48:30 | 00,966,144 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTXFISPI.EXE
PRC - [2007/04/22 23:51:42 | 04,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/16 18:22:00 | 00,045,056 | ---- | M] () -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
PRC - [2007/02/05 15:52:10 | 00,849,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2007/01/15 15:18:46 | 00,036,864 | ---- | M] () -- C:\Program Files\MagicTune Premium\GammaTray.exe
PRC - [2007/01/03 19:38:44 | 00,207,680 | ---- | M] () -- C:\Program Files\Gigabyte\ET5\GUI.exe
PRC - [2006/11/21 17:08:52 | 00,813,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2006/04/10 13:24:20 | 00,049,220 | ---- | M] (Samsung) -- C:\Program Files\SEC\Natural Color Pro\NCProTray.exe


========== Modules (SafeList) ==========

MOD - [2009/12/29 12:57:39 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
MOD - [2008/01/18 23:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2007/05/10 15:51:56 | 00,008,704 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - [2009/12/22 21:10:12 | 00,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/04/14 02:58:40 | 00,488,768 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/04/14 02:58:04 | 00,703,008 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/03/25 15:24:59 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/01/31 16:03:08 | 00,648,456 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2008/12/25 10:58:02 | 00,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2008/12/25 10:57:54 | 00,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/09/19 02:03:58 | 00,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/02/15 22:39:30 | 00,333,064 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2008/01/18 23:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/15 13:10:54 | 00,504,104 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/07/03 11:32:16 | 00,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007/06/11 15:01:24 | 00,086,016 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
SRV - [2007/03/16 18:22:00 | 00,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)
SRV - [2006/11/02 04:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)


========== Driver Services (SafeList) ==========

DRV - [2009/04/02 15:00:12 | 00,052,752 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/04/02 15:00:08 | 00,052,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/04/02 15:00:00 | 00,142,864 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/08/16 03:00:52 | 00,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2008/08/16 03:00:46 | 00,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2008/08/16 02:53:50 | 01,195,448 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2008/02/15 22:39:32 | 00,234,512 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2008/02/15 22:39:32 | 00,141,840 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2008/02/15 22:39:32 | 00,065,936 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2007/10/14 15:52:24 | 00,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/10/03 20:21:07 | 00,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2007/09/27 09:20:00 | 00,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner v2.05\RivaTuner32.sys -- (RivaTuner32)
DRV - [2007/09/11 21:28:00 | 07,623,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/07/03 11:33:04 | 00,006,912 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev)
DRV - [2007/05/11 10:28:46 | 01,163,560 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2007/05/11 10:28:30 | 00,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/05/11 10:28:10 | 00,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/05/11 10:27:56 | 00,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/05/11 10:27:48 | 00,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/05/11 10:27:16 | 00,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/05/11 10:27:00 | 00,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/05/11 10:26:46 | 00,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2007/05/11 10:23:02 | 00,073,000 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/05/11 10:22:40 | 00,170,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/05/11 10:22:24 | 01,323,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTEXFIFX.dll -- (CTEXFIFX.DLL)
DRV - [2007/05/11 10:21:56 | 00,329,512 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/05/11 10:21:44 | 00,134,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/05/11 10:21:34 | 00,101,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/05/11 10:21:24 | 00,286,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/05/11 10:21:10 | 00,174,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\cteapsfx.dll -- (CTEAPSFX.DLL)
DRV - [2007/05/11 10:21:00 | 00,566,568 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\ctsblfx.dll -- (CTSBLFX.DLL)
DRV - [2007/05/11 10:20:48 | 00,552,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\ctaudfx.dll -- (CTAUDFX.DLL)
DRV - [2007/05/11 10:20:34 | 00,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\commonfx.dll -- (COMMONFX.DLL)
DRV - [2007/04/23 02:13:22 | 01,769,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/12 16:35:10 | 00,016,080 | ---- | M] (EnTech Taiwan) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\TVicPort64.sys -- (TVicPort64)
DRV - [2007/03/05 05:28:00 | 00,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/02/15 18:27:10 | 00,044,928 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/02/13 09:35:52 | 00,012,544 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2007/02/13 09:35:52 | 00,012,544 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2007/01/12 17:34:48 | 00,019,776 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Program Files\Gigabyte\ET5\MARKFUN.W32 -- (MarkFun_NT)
DRV - [2006/11/24 13:47:50 | 00,040,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ET5Drv.sys -- (ET5Drv)
DRV - [2006/11/07 23:02:40 | 00,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2006/11/02 01:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 01:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 01:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 01:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 01:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 01:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 01:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 01:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 01:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 01:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 01:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 01:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 01:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 01:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 01:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 01:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 01:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 01:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 01:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 01:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 01:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 01:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 00:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/01 23:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/01 22:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/09/19 13:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006/08/16 09:24:00 | 00,022,208 | ---- | M] (M-Audio) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBMN1X1.SYS -- (USBMN1X1)
DRV - [2006/08/16 09:24:00 | 00,013,504 | ---- | M] (MIDIMAN) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USB11LDR.SYS -- (USB11LDR)
DRV - [2006/02/07 03:52:58 | 00,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/11/03 06:40:07 | 00,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005/05/09 19:08:40 | 00,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/03/30 10:12:38 | 00,014,544 | ---- | M] (EnTech Taiwan) [Kernel | System | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (TVicPort)
DRV - [2004/10/25 19:02:58 | 00,021,664 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Entech.sys -- (ENTECH)
DRV - [2003/11/28 18:34:40 | 00,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2002/11/25 04:46:16 | 00,016,896 | ---- | M] (Syncrosoft GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\synasUSB.sys -- (SynasUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ncix.com


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2886563637-569150799-3104011590-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ncix.com
IE - HKU\S-1-5-21-2886563637-569150799-3104011590-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ncix.com
IE - HKU\S-1-5-21-2886563637-569150799-3104011590-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2886563637-569150799-3104011590-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2886563637-569150799-3104011590-1000\S-1-5-21-2886563637-569150799-3104011590-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/20 22:55:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/20 22:55:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b5\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 4\components [2009/12/19 09:15:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b5\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins [2009/12/19 09:15:52 | 00,000,000 | ---D | M]

[2008/09/29 20:17:16 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\mozilla\Extensions
[2009/12/28 12:32:21 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\mozilla\Firefox\Profiles\dsnhy55m.default\extensions
[2009/12/23 09:01:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/07 12:44:38 | 00,001,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\search.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe ()
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RegistryMonitor1] C:\Windows\System32\qtplugin.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [RegistryMonitor1] C:\Windows\TEMP\uqhe.tmp\svchost.exe File not found
O4 - HKU\S-1-5-18..\Run: [RegistryMonitor1] C:\Windows\TEMP\uqhe.tmp\svchost.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2886563637-569150799-3104011590-1000..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKU\S-1-5-21-2886563637-569150799-3104011590-1000..\Run: [RegistryMonitor1] C:\Windows\System32\qtplugin.exe ()
O4 - HKU\S-1-5-21-2886563637-569150799-3104011590-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2886563637-569150799-3104011590-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2886563637-569150799-3104011590-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: crash_report - {495FE683-6249-4A05-8D1A-8F7CD8DF5A6D} - C:\Windows\System32\crash_report.dll ()
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9b74e53b-7008-11dd-9a81-001a4d516664}\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/03 02:16:54 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: UfSeAgnt.exe - hkey= - key= - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: msdvdr - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: msdvdr - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: midi2 - C:\Windows\System32\USBMN1X1.DLL (M-Audio)
Drivers32: midi4 - C:\Windows\System32\USBMN1X1.DLL (M-Audio)
Drivers32: midi5 - C:\Windows\System32\USBMN1X1.DLL (M-Audio)
Drivers32: midi6 - C:\Windows\System32\USBMN1X1.DLL (M-Audio)
Drivers32: midi7 - C:\Windows\System32\USBMN1X1.DLL (M-Audio)
Drivers32: midi8 - C:\Windows\System32\USBMN1X1.DLL (M-Audio)
Drivers32: midi9 - C:\Windows\System32\USBMN1X1.DLL (M-Audio)
Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.mp42 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

[2009/12/29 12:57:38 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
[2009/12/16 20:01:57 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/12/16 20:01:57 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/12/16 20:01:57 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/12/16 20:01:57 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/12/16 19:53:38 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/12/15 19:02:14 | 00,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\mIRC
[2009/12/15 13:09:32 | 00,472,064 | ---- | C] ( ) -- C:\Users\matt\Desktop\RootRepeal.exe
[2009/12/15 12:48:36 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2009/12/15 09:29:03 | 00,000,000 | -HSD | C] -- C:\found.002
[2009/12/14 22:21:07 | 00,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Malwarebytes
[2009/12/14 22:21:03 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/14 22:21:02 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/14 22:21:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/14 22:21:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/10 01:56:26 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/12/09 14:13:29 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/12/09 14:13:28 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/12/09 14:13:28 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/12/09 14:13:28 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/12/09 14:13:28 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/12/09 14:13:28 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/12/09 14:13:28 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/12/09 14:13:28 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/12/09 14:13:27 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/12/09 14:13:27 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/12/09 14:13:27 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/12/09 14:13:27 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/12/09 14:13:27 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/12/09 14:13:27 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/12/09 14:11:41 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/12/09 14:11:41 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/12/09 14:11:41 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/12/09 14:11:41 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/12/09 14:11:41 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/12/09 14:11:41 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/12/09 14:11:41 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/12/09 14:11:40 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/12/09 14:11:40 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/12/09 14:11:40 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/12/09 14:11:40 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/12/09 14:11:40 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/12/09 14:11:40 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/12/09 14:11:40 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/12/09 14:11:40 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/12/09 14:11:40 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/12/09 14:11:39 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/12/09 14:11:39 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/12/09 14:11:39 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/12/09 14:11:39 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/12/09 14:11:39 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/12/09 14:11:38 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/12/09 14:11:38 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/12/09 14:11:38 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/12/09 14:11:38 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/12/09 14:11:38 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/12/09 14:11:38 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/12/09 14:11:38 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/12/09 13:24:00 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 3.6 Beta 4
[2009/12/09 03:02:11 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/12/09 03:02:10 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009/12/08 15:00:24 | 00,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2009/12/08 15:00:24 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/12/08 14:47:38 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/12/07 14:16:33 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/12/07 14:16:33 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/12/07 13:15:45 | 00,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\QuickScan
[2009/12/07 12:44:15 | 00,000,000 | ---D | C] -- C:\ProgramData\34d8166
[2009/12/06 21:49:00 | 00,000,000 | ---D | C] -- C:\Users\matt\Desktop\PC 1 M2
[2009/11/29 17:23:38 | 00,000,000 | ---D | C] -- C:\Users\matt\Documents\cook
[2007/05/10 15:52:28 | 00,034,816 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[19 C:\Users\matt\Documents\*.tmp files -> C:\Users\matt\Documents\*.tmp -> ]
[14 C:\Users\matt\Desktop\*.tmp files -> C:\Users\matt\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/29 13:00:26 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{85503DF5-F2A0-45B8-BA2E-4AF874F482F5}.job
[2009/12/29 12:58:12 | 04,718,592 | -HS- | M] () -- C:\Users\matt\ntuser.dat
[2009/12/29 12:58:01 | 00,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/29 12:58:01 | 00,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/29 12:57:39 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
[2009/12/28 22:09:37 | 00,002,531 | ---- | M] () -- C:\Users\Public\Desktop\Shortcut to HoldemManager.exe.lnk
[2009/12/28 21:52:26 | 00,135,497 | ---- | M] () -- C:\Users\matt\Desktop\session1.JPG
[2009/12/28 11:04:34 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/28 11:04:34 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/28 11:04:34 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/28 11:00:40 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/12/28 11:00:32 | 00,524,288 | -HS- | M] () -- C:\Users\matt\ntuser.dat{0b6a174c-e93d-11de-a37b-001a4d516664}.TMContainer00000000000000000001.regtrans-ms
[2009/12/28 11:00:32 | 00,065,536 | -HS- | M] () -- C:\Users\matt\ntuser.dat{0b6a174c-e93d-11de-a37b-001a4d516664}.TM.blf
[2009/12/28 10:58:06 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/28 10:57:59 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/28 10:57:55 | 34,880,79872 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/28 10:57:03 | 00,064,756 | ---- | M] () -- C:\Windows\System32\DVCState-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
[2009/12/28 10:57:03 | 00,055,104 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
[2009/12/28 10:57:03 | 00,055,104 | ---- | M] () -- C:\Windows\System32\BMXState-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
[2009/12/28 10:57:03 | 00,001,072 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm
[2009/12/28 10:57:03 | 00,001,072 | ---- | M] () -- C:\Windows\System32\settings.sfm
[2009/12/28 10:56:30 | 03,143,823 | -H-- | M] () -- C:\Users\matt\AppData\Local\IconCache.db
[2009/12/25 14:17:20 | 00,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2009/12/25 14:17:20 | 00,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2009/12/23 17:25:32 | 00,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/12/23 01:07:43 | 02,854,693 | ---- | M] () -- C:\Users\matt\Desktop\ROSEFINAL02.mp3
[2009/12/23 01:05:57 | 31,399,244 | ---- | M] () -- C:\Users\matt\Desktop\ROSEFINAL02.wav
[2009/12/23 01:00:39 | 04,008,564 | ---- | M] () -- C:\Users\matt\Desktop\ROSEPIANOCHRISTMAS.wav
[2009/12/23 00:58:38 | 30,309,888 | ---- | M] () -- C:\Users\matt\Desktop\ROSECHRISTMASFINAL.wav
[2009/12/23 00:58:04 | 00,110,166 | ---- | M] () -- C:\Users\matt\rosechristmaspiano.cpr
[2009/12/23 00:26:10 | 00,207,725 | ---- | M] () -- C:\Users\matt\rosechristmaspart2.cpr
[2009/12/23 00:26:04 | 26,625,736 | ---- | M] () -- C:\Users\matt\Desktop\roasecwithoutpiano.wav
[2009/12/22 23:05:49 | 00,165,583 | ---- | M] () -- C:\Users\matt\rosechristmaspart2-01.cpr
[2009/12/22 22:07:10 | 00,102,233 | ---- | M] () -- C:\Users\matt\roshechristmasWpizz.cpr
[2009/12/22 22:07:03 | 17,992,844 | ---- | M] () -- C:\Users\matt\Desktop\rosechristmas2.wav
[2009/12/22 21:58:54 | 00,264,610 | ---- | M] () -- C:\Users\matt\rosechristmas.cpr
[2009/12/22 21:57:07 | 17,698,920 | ---- | M] () -- C:\Users\matt\Desktop\rosechristmas1.wav
[2009/12/22 21:10:23 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/20 05:15:35 | 00,489,984 | ---- | M] () -- C:\Windows\System32\qtplugin.exe
[2009/12/17 23:01:01 | 00,113,152 | ---- | M] () -- C:\Users\matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/16 20:01:43 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/12/16 20:01:43 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/12/16 20:01:43 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/12/16 20:01:43 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/12/15 23:48:26 | 00,122,051 | ---- | M] () -- C:\Users\matt\Desktop\25nl.JPG
[2009/12/15 23:46:30 | 00,111,807 | ---- | M] () -- C:\Users\matt\Desktop\NL10.JPG
[2009/12/15 23:45:49 | 00,089,145 | ---- | M] () -- C:\Users\matt\Desktop\SNG GARph.JPG
[2009/12/15 13:09:33 | 00,472,064 | ---- | M] ( ) -- C:\Users\matt\Desktop\RootRepeal.exe
[2009/12/15 13:06:12 | 00,524,288 | ---- | M] () -- C:\Users\matt\Desktop\dds.scr
[2009/12/15 12:48:36 | 00,001,944 | ---- | M] () -- C:\Users\matt\Desktop\HiJackThis.lnk
[2009/12/14 22:36:13 | 00,001,733 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/12/14 22:30:17 | 00,524,288 | -HS- | M] () -- C:\Users\matt\ntuser.dat{0b6a174c-e93d-11de-a37b-001a4d516664}.TMContainer00000000000000000002.regtrans-ms
[2009/12/14 22:21:05 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/14 22:10:41 | 04,718,592 | -HS- | M] () -- C:\Users\matt\ntuser.dat_previous
[2009/12/14 22:10:37 | 00,524,288 | -HS- | M] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/12/14 22:10:37 | 00,065,536 | -HS- | M] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/12/14 18:07:33 | 00,028,672 | ---- | M] () -- C:\Users\matt\Documents\MATTSFINALREFLECTIONAQ.doc
[2009/12/11 01:37:56 | 00,536,576 | ---- | M] () -- C:\Windows\System32\crash_report.dll
[2009/12/09 13:24:03 | 00,001,827 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 3.6 Beta 4.lnk
[2009/12/09 10:25:31 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/12/08 17:57:09 | 00,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/12/07 21:14:17 | 01,130,532 | ---- | M] () -- C:\Users\matt\Documents\clip0018.avi
[2009/12/07 21:12:44 | 00,452,220 | ---- | M] () -- C:\Users\matt\Documents\clip0017.avi
[2009/12/07 21:11:58 | 00,458,824 | ---- | M] () -- C:\Users\matt\Documents\clip0016.avi
[2009/12/07 21:11:02 | 00,484,832 | ---- | M] () -- C:\Users\matt\Documents\clip0015.avi
[2009/12/07 14:45:33 | 00,000,917 | ---- | M] () -- C:\Users\matt\Desktop\Syncro TruEmu Team H2O.lnk
[2009/12/07 13:09:41 | 00,000,036 | ---- | M] () -- C:\Users\matt\AppData\Local\housecall.guid.cache
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/29 18:18:49 | 45,698,0992 | ---- | M] () -- C:\Users\matt\Documents\mattcooking_0004.avi
[19 C:\Users\matt\Documents\*.tmp files -> C:\Users\matt\Documents\*.tmp -> ]
[14 C:\Users\matt\Desktop\*.tmp files -> C:\Users\matt\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/28 21:52:24 | 00,135,497 | ---- | C] () -- C:\Users\matt\Desktop\session1.JPG
[2009/12/25 14:17:20 | 00,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2009/12/25 14:17:20 | 00,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2009/12/23 17:25:32 | 00,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/12/23 01:07:32 | 02,854,693 | ---- | C] () -- C:\Users\matt\Desktop\ROSEFINAL02.mp3
[2009/12/23 01:05:52 | 31,399,244 | ---- | C] () -- C:\Users\matt\Desktop\ROSEFINAL02.wav
[2009/12/23 01:00:37 | 04,008,564 | ---- | C] () -- C:\Users\matt\Desktop\ROSEPIANOCHRISTMAS.wav
[2009/12/23 00:58:31 | 30,309,888 | ---- | C] () -- C:\Users\matt\Desktop\ROSECHRISTMASFINAL.wav
[2009/12/23 00:35:28 | 00,110,166 | ---- | C] () -- C:\Users\matt\rosechristmaspiano.cpr
[2009/12/23 00:25:47 | 26,625,736 | ---- | C] () -- C:\Users\matt\Desktop\roasecwithoutpiano.wav
[2009/12/22 23:05:49 | 00,165,583 | ---- | C] () -- C:\Users\matt\rosechristmaspart2-01.cpr
[2009/12/22 22:12:45 | 00,207,725 | ---- | C] () -- C:\Users\matt\rosechristmaspart2.cpr
[2009/12/22 22:07:10 | 00,102,233 | ---- | C] () -- C:\Users\matt\roshechristmasWpizz.cpr
[2009/12/22 22:06:56 | 17,992,844 | ---- | C] () -- C:\Users\matt\Desktop\rosechristmas2.wav
[2009/12/22 21:56:53 | 17,698,920 | ---- | C] () -- C:\Users\matt\Desktop\rosechristmas1.wav
[2009/12/22 21:10:23 | 00,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/22 16:49:20 | 00,264,610 | ---- | C] () -- C:\Users\matt\rosechristmas.cpr
[2009/12/20 05:15:42 | 00,489,984 | ---- | C] () -- C:\Windows\System32\qtplugin.exe
[2009/12/15 23:48:24 | 00,122,051 | ---- | C] () -- C:\Users\matt\Desktop\25nl.JPG
[2009/12/15 23:46:28 | 00,111,807 | ---- | C] () -- C:\Users\matt\Desktop\NL10.JPG
[2009/12/15 23:45:46 | 00,089,145 | ---- | C] () -- C:\Users\matt\Desktop\SNG GARph.JPG
[2009/12/15 13:06:11 | 00,524,288 | ---- | C] () -- C:\Users\matt\Desktop\dds.scr
[2009/12/15 12:48:36 | 00,001,944 | ---- | C] () -- C:\Users\matt\Desktop\HiJackThis.lnk
[2009/12/15 09:31:29 | 34,880,79872 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/14 22:21:05 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/14 22:12:52 | 00,524,288 | -HS- | C] () -- C:\Users\matt\ntuser.dat{0b6a174c-e93d-11de-a37b-001a4d516664}.TMContainer00000000000000000002.regtrans-ms
[2009/12/14 22:12:52 | 00,524,288 | -HS- | C] () -- C:\Users\matt\ntuser.dat{0b6a174c-e93d-11de-a37b-001a4d516664}.TMContainer00000000000000000001.regtrans-ms
[2009/12/14 22:12:52 | 00,065,536 | -HS- | C] () -- C:\Users\matt\ntuser.dat{0b6a174c-e93d-11de-a37b-001a4d516664}.TM.blf
[2009/12/14 14:16:28 | 00,028,672 | ---- | C] () -- C:\Users\matt\Documents\MATTSFINALREFLECTIONAQ.doc
[2009/12/11 01:37:56 | 00,536,576 | ---- | C] () -- C:\Windows\System32\crash_report.dll
[2009/12/09 14:13:27 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/12/09 13:24:03 | 00,001,827 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 3.6 Beta 4.lnk
[2009/12/09 03:23:11 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/12/07 21:13:05 | 01,130,532 | ---- | C] () -- C:\Users\matt\Documents\clip0018.avi
[2009/12/07 21:12:40 | 00,452,220 | ---- | C] () -- C:\Users\matt\Documents\clip0017.avi
[2009/12/07 21:11:55 | 00,458,824 | ---- | C] () -- C:\Users\matt\Documents\clip0016.avi
[2009/12/07 21:10:59 | 00,484,832 | ---- | C] () -- C:\Users\matt\Documents\clip0015.avi
[2009/12/07 14:45:33 | 00,000,917 | ---- | C] () -- C:\Users\matt\Desktop\Syncro TruEmu Team H2O.lnk
[2009/12/07 13:09:41 | 00,000,036 | ---- | C] () -- C:\Users\matt\AppData\Local\housecall.guid.cache
[2009/11/29 18:17:29 | 45,698,0992 | ---- | C] () -- C:\Users\matt\Documents\mattcooking_0004.avi
[2009/05/26 13:55:54 | 00,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2009/05/22 18:03:22 | 00,000,019 | ---- | C] () -- C:\Windows\wp.ini
[2009/05/22 10:59:44 | 00,002,303 | ---- | C] () -- C:\Windows\wp2.ini
[2009/04/13 19:10:52 | 00,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2009/01/04 12:32:37 | 00,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2008/12/25 10:58:27 | 00,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/12/25 10:58:27 | 00,022,328 | ---- | C] () -- C:\Users\matt\AppData\Roaming\PnkBstrK.sys
[2008/10/01 17:42:20 | 00,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/12/21 02:34:16 | 00,024,575 | ---- | C] () -- C:\Windows\System32\Bwinsysmwappio61.dll
[2007/12/12 20:45:04 | 00,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2007/12/12 20:45:04 | 00,059,392 | ---- | C] () -- C:\Windows\System32\espr3260.dll
[2007/12/12 20:45:03 | 01,036,800 | ---- | C] () -- C:\Windows\System32\libmpeg-1.0.0.dll
[2007/12/12 20:45:03 | 00,987,136 | ---- | C] () -- C:\Windows\System32\liboggvorbis-1.0.0.dll
[2007/12/12 20:45:03 | 00,225,792 | ---- | C] () -- C:\Windows\System32\libmpg-dec-1.0.7.dll
[2007/12/12 20:45:03 | 00,209,920 | ---- | C] () -- C:\Windows\System32\libmpg-dec-1.0.4.dll
[2007/12/12 20:45:03 | 00,128,512 | ---- | C] () -- C:\Windows\System32\libmpa-enc-1.0.3.dll
[2007/12/12 20:45:03 | 00,126,976 | ---- | C] () -- C:\Windows\System32\MPEGWriter.dll
[2007/12/12 20:45:03 | 00,069,120 | ---- | C] () -- C:\Windows\System32\libmpv-enc-1.2.5.dll
[2007/12/12 20:45:03 | 00,069,120 | ---- | C] () -- C:\Windows\System32\libmpeg2-enc-1.2.5.dll
[2007/12/12 20:45:03 | 00,058,880 | ---- | C] () -- C:\Windows\System32\libmpg-mux-2.0.2.dll
[2007/12/12 20:45:03 | 00,056,320 | ---- | C] () -- C:\Windows\System32\libmpv-enc-1.2.4.dll
[2007/12/12 20:45:03 | 00,050,176 | ---- | C] () -- C:\Windows\System32\libmpg-mux-2.0.1.dll
[2007/12/12 20:45:03 | 00,020,480 | ---- | C] () -- C:\Windows\System32\libavi-dd-1.1.1.dll
[2007/12/12 20:45:03 | 00,020,480 | ---- | C] () -- C:\Windows\System32\libavi-dd-1.1.0.dll
[2007/12/12 20:45:02 | 00,696,832 | ---- | C] () -- C:\Windows\System32\libmcl-2.8.0.dll
[2007/12/12 20:45:02 | 00,696,320 | ---- | C] () -- C:\Windows\System32\libmcl-2.7.2.dll
[2007/12/12 20:45:02 | 00,675,840 | ---- | C] () -- C:\Windows\System32\libmcl-2.7.1.dll
[2007/12/12 20:45:02 | 00,669,184 | ---- | C] () -- C:\Windows\System32\libmcl-2.7.0.dll
[2007/12/12 20:45:02 | 00,666,112 | ---- | C] () -- C:\Windows\System32\libmcl-2.6.1.dll
[2007/12/12 20:45:02 | 00,427,008 | ---- | C] () -- C:\Windows\System32\libimg-2.2.9.dll
[2007/12/12 20:45:02 | 00,400,384 | ---- | C] () -- C:\Windows\System32\libimg-2.2.8.dll
[2007/12/12 20:45:02 | 00,208,896 | ---- | C] () -- C:\Windows\System32\libmpg-dec-1.0.3.dll
[2007/12/12 20:45:02 | 00,116,224 | ---- | C] () -- C:\Windows\System32\libmpa-enc-1.0.2.dll
[2007/11/08 06:04:49 | 00,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/10/18 21:34:50 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/14 15:52:24 | 00,685,816 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2007/09/28 00:14:02 | 00,003,072 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2007/09/28 00:14:01 | 00,105,472 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2007/09/28 00:14:01 | 00,067,072 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2007/09/27 14:14:20 | 00,113,152 | ---- | C] () -- C:\Users\matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/21 12:23:12 | 00,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2007/09/21 11:28:00 | 00,000,680 | ---- | C] () -- C:\Users\matt\AppData\Local\d3d9caps.dat
[2007/07/23 08:03:32 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 08:03:32 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 08:03:32 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/05/10 16:15:00 | 00,098,170 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2007/05/10 16:15:00 | 00,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2007/05/10 15:53:22 | 00,043,520 | ---- | C] () -- C:\Windows\System32\CTBURST.DLL
[2007/03/12 11:01:30 | 00,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2006/11/02 04:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/01 23:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/02 16:25:18 | 00,000,307 | ---- | C] () -- C:\Windows\System32\KILL.INI
[2005/10/04 22:28:12 | 00,071,680 | ---- | C] () -- C:\Windows\System32\CTMMACTL.DLL

========== LOP Check ==========

[2008/01/13 01:05:08 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Bioshock
[2007/09/28 11:40:35 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Cakewalk
[2009/05/08 09:19:28 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\LimeWire
[2008/05/24 12:42:17 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\My Battle for Middle-earth™ II Files
[2009/04/03 20:11:55 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\postgresql
[2009/12/07 13:17:16 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\QuickScan
[2009/07/06 22:54:57 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Red Alert 3 Demo
[2007/10/04 16:04:32 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Smart Recorder
[2007/09/30 00:44:07 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Steinberg
[2008/05/24 11:46:31 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\SystemRequirementsLab
[2009/12/03 17:57:00 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\uTorrent
[2009/12/09 10:25:31 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/12/28 10:56:49 | 00,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/12/29 13:00:26 | 00,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{85503DF5-F2A0-45B8-BA2E-4AF874F482F5}.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008/11/14 18:46:24 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Adobe
[2007/10/05 14:37:36 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Apple Computer
[2008/01/13 01:05:08 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Bioshock
[2007/09/28 11:40:35 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Cakewalk
[2007/10/04 01:51:38 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\DivX
[2009/12/28 23:12:17 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\dvdcss
[2008/08/12 15:23:37 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Google
[2007/09/28 10:47:12 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Help
[2007/09/28 11:40:36 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Identities
[2007/09/27 14:19:11 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\InstallShield
[2007/11/02 15:31:22 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\InstallShield Installation Information
[2009/05/08 09:19:28 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\LimeWire
[2007/09/27 18:59:38 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Macromedia
[2009/12/14 22:21:07 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Malwarebytes
[2006/11/02 04:37:34 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Media Center Programs
[2008/05/15 20:20:45 | 00,000,000 | --SD | M] -- C:\Users\matt\AppData\Roaming\Microsoft
[2009/12/15 19:08:40 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\mIRC
[2008/09/29 20:17:16 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Mozilla
[2008/05/24 12:42:17 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\My Battle for Middle-earth™ II Files
[2009/04/03 20:11:55 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\postgresql
[2009/12/07 13:17:16 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\QuickScan
[2008/03/20 11:56:59 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Real
[2009/07/06 22:54:57 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Red Alert 3 Demo
[2008/02/20 06:14:09 | 00,000,000 | RH-D | M] -- C:\Users\matt\AppData\Roaming\SecuROM
[2007/10/04 16:04:32 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Smart Recorder
[2007/09/30 00:44:07 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Steinberg
[2008/05/24 11:46:31 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\SystemRequirementsLab
[2007/09/27 18:21:07 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Talkback
[2009/12/03 17:57:00 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\uTorrent
[2007/10/30 23:27:12 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\vlc
[2007/10/02 22:58:15 | 00,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2007/11/02 15:26:24 | 00,331,776 | ---- | M] (Epic Games ) -- C:\Users\matt\AppData\Roaming\InstallShield Installation Information\{3266FEA9-98E9-448B-B235-DAC63D4CE781}\setup.exe
[2009/12/15 12:48:36 | 00,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\matt\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
[2007/09/30 01:14:55 | 00,139,102 | R--- | M] () -- C:\Users\matt\AppData\Roaming\Microsoft\Installer\{2D390654-EBA1-4EB4-A53D-B631CD44F4E0}\ARPPRODUCTICON.exe
[2007/09/30 01:14:55 | 00,139,102 | R--- | M] () -- C:\Users\matt\AppData\Roaming\Microsoft\Installer\{2D390654-EBA1-4EB4-A53D-B631CD44F4E0}\LostPlanetDX10.exe_2D390654EBA14EB4A53DB631CD44F4E0.exe
[2007/09/30 01:14:55 | 00,139,102 | R--- | M] () -- C:\Users\matt\AppData\Roaming\Microsoft\Installer\{2D390654-EBA1-4EB4-A53D-B631CD44F4E0}\LostPlanetDX10.exe_2D390654EBA14EB4A53DB631CD44F4E0_1.exe
[2008/05/15 19:45:50 | 00,010,134 | R--- | M] () -- C:\Users\matt\AppData\Roaming\Microsoft\Installer\{B42362C5-4EA8-4261-9B85-071AC05F12D4}\ARPPRODUCTICON.exe
[2008/05/15 19:45:50 | 00,001,078 | R--- | M] () -- C:\Users\matt\AppData\Roaming\Microsoft\Installer\{B42362C5-4EA8-4261-9B85-071AC05F12D4}\PokerClock.exe_9FEE77012307401093025D246B9B3C12.exe
[2008/05/15 19:45:50 | 00,008,854 | R--- | M] () -- C:\Users\matt\AppData\Roaming\Microsoft\Installer\{B42362C5-4EA8-4261-9B85-071AC05F12D4}\UNINST_Uninstall_P_B7D76AAD833F44668728A6C2C6A1C980.exe
[2009/04/02 12:38:21 | 00,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\matt\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
[2009/04/02 12:38:21 | 00,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\matt\AppData\Roaming\Real\Update\temp\~Upg0\RealPlayer11.exe

< %SYSTEMDRIVE%\*.exe >
[2001/11/05 09:30:50 | 00,165,376 | ---- | M] () -- C:\UNWISE.EXE


< MD5 for: AGP440.SYS >
[2008/01/18 23:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/18 23:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/18 23:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 01:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 01:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009/12/20 16:03:22 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/18 23:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/18 23:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 01:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/13 03:04:21 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 03:04:21 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 03:04:21 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/18 23:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/18 23:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 01:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/18 23:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/18 23:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/18 23:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/18 23:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/18 23:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/18 23:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 01:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\matt\Documents\clip0018.avi:TOC.WMV
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:1CFFB598
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:75F70307
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:8CEFE51A
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:B0A96209
< End of report >

Extras.txt:

OTL Extras logfile created on: 12/29/2009 12:59:10 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\matt\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 36.87 Gb Free Space | 12.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATT
Current User Name: matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2886563637-569150799-3104011590-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.6 Beta 4\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{75D19098-8E6A-4274-BD05-F5DFD8C05E8C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F8CA9A7F-6C2E-44B4-B53E-53E151689FEB}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0926425B-AAD0-4B82-9E0B-77CCF3E1D147}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
"{0A6F701C-6A2A-4DEB-9ED9-D704B57DDCD0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{1C1A58B2-4725-41FA-BECD-279D0843072F}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 demo\binaries\ut3demo.exe |
"{2DBCDA03-5967-435C-98C8-DFA98B7D87EB}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
"{3E815331-09C2-49CA-8B93-DD34E9C89297}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{40282BC8-3DCB-424E-A42A-D23FC072BC2C}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth ™ ii\game.dat |
"{4C28591A-878C-48D6-AC7F-748C8106D569}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{4CF0B23E-FF79-48B4-81E9-35687B7CA524}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{5F06561D-24F0-410B-98CE-0E5A7D0E8833}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 demo\binaries\ut3demo.exe |
"{688A781D-3468-4231-A3E1-8AB30E5D5A5A}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth ™ ii\game.dat |
"{798C080A-E967-4878-8CE6-148D6F9263B7}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{79DC0DA3-1B6B-4202-9B72-2FEB7DD6F26F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7CF0790D-D319-4F09-A50E-01929F2D631E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{7DBDF66E-F313-41E4-B1A5-4A06CA0F1310}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8ABAC59E-A45B-46C5-A446-0776A8A4DF92}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8D17A626-E319-4DFB-8E60-FA98A3920BB1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9099ADDB-F212-4D94-BADE-2C4109A76158}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{9BEF95E7-3FE1-4405-BFE0-5103712D6428}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A3274DA6-81E3-47EA-B3D7-C9608EA78FBF}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A9139ECA-69A8-43E5-A544-5E7DD962EDB5}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{B2E84BBF-EC1F-423B-A90D-95F39873D870}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{B32484EA-9234-4A7F-A693-95EE609254A5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C809F6E1-2182-41E4-A117-533CED1999AC}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{D539564F-ABA2-4C39-BA23-9A2DE7E60156}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F7E9BB90-3D55-434D-B4FC-48BDD48896D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F8215C9F-EDBA-4CCC-A17D-0AE64D0E9E8D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0450F0EC-A34E-4144-89DF-6CB76D6AC31B}C:\program files\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files\gigabyte\@bios\gwflash.exe |
"TCP Query User{084B27C5-E94C-41A2-AA3C-3B52C479A4EE}C:\program files\electronic arts\the battle for middle-earth ™ ii\patchget.dat" = protocol=6 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth ™ ii\patchget.dat |
"TCP Query User{0D9C62FC-C384-4AD3-B361-F03617DB4CA1}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{1BDFC731-3463-4016-8063-8FB0714FD824}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{4AD70E7C-4732-41EF-A2C4-B6D33C282E8A}C:\users\matt\appdata\local\temp\temp1_lostplanettrialdx10patch.zip\lost_planet_trial_dx10\lostplanetdx10.exe" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\temp\temp1_lostplanettrialdx10patch.zip\lost_planet_trial_dx10\lostplanetdx10.exe |
"TCP Query User{5BAEB368-CEE4-4F30-932F-E19A3F2F12BB}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{79996E0F-0CC4-414F-871E-800EFA47B1C8}C:\users\matt\desktop\installer-6037-19-wavelab-5-english.exe" = protocol=6 | dir=in | app=c:\users\matt\desktop\installer-6037-19-wavelab-5-english.exe |
"TCP Query User{7E27E450-C493-49B6-8008-E5B22F6F5520}C:\program files\gigabyte\@bios\update.exe" = protocol=6 | dir=in | app=c:\program files\gigabyte\@bios\update.exe |
"TCP Query User{7EAC4659-3C8B-4680-AA1E-A7A0EED8D16D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{98829FAB-C815-45F8-A510-3217532207B5}C:\program files\capcom\lost_planet_trial_dx10\lostplanetdx10.exe" = protocol=6 | dir=in | app=c:\program files\capcom\lost_planet_trial_dx10\lostplanetdx10.exe |
"TCP Query User{9AED4C23-E65D-4579-8EDF-9A308BB5CC64}C:\users\matt\desktop\starcraft2cinematictrailer_englishus-avi-downloader.exe" = protocol=6 | dir=in | app=c:\users\matt\desktop\starcraft2cinematictrailer_englishus-avi-downloader.exe |
"TCP Query User{DBCBA59A-587C-4A81-9CDF-BAD610E28765}C:\program files\mozilla firefox\firefox1.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox1.exe |
"TCP Query User{DD577E1C-6FED-4107-8572-929ED95D3041}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{E2F853E4-379C-49A4-8649-4E90E12C5AB3}C:\program files\gigabyte\et5\update.exe" = protocol=6 | dir=in | app=c:\program files\gigabyte\et5\update.exe |
"TCP Query User{E852FC95-B642-4A89-A931-19977C974FA2}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{0B052F4B-2B92-4B8C-94E2-54357500C53D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{2C9413F2-9C10-4BB6-9E2B-3D8654FA2BAC}C:\program files\gigabyte\@bios\update.exe" = protocol=17 | dir=in | app=c:\program files\gigabyte\@bios\update.exe |
"UDP Query User{5FD73E53-6251-4DE2-984B-501DC107FDF8}C:\program files\mozilla firefox\firefox1.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox1.exe |
"UDP Query User{6E6190BB-8B65-4357-BB9B-EECDD266EE18}C:\program files\gigabyte\et5\update.exe" = protocol=17 | dir=in | app=c:\program files\gigabyte\et5\update.exe |
"UDP Query User{809596C3-3765-460C-B022-D1A9B4FB47F6}C:\users\matt\desktop\installer-6037-19-wavelab-5-english.exe" = protocol=17 | dir=in | app=c:\users\matt\desktop\installer-6037-19-wavelab-5-english.exe |
"UDP Query User{8F19B31E-21C5-4409-9EAE-5425442BD77C}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{91780342-23F4-49F4-9DF7-FA99D61CA506}C:\program files\electronic arts\the battle for middle-earth ™ ii\patchget.dat" = protocol=17 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth ™ ii\patchget.dat |
"UDP Query User{BE725471-CDBC-4B1A-9235-BB35C73778DB}C:\users\matt\desktop\starcraft2cinematictrailer_englishus-avi-downloader.exe" = protocol=17 | dir=in | app=c:\users\matt\desktop\starcraft2cinematictrailer_englishus-avi-downloader.exe |
"UDP Query User{D3265367-3F92-491E-A81D-B4CEFF54338E}C:\users\matt\appdata\local\temp\temp1_lostplanettrialdx10patch.zip\lost_planet_trial_dx10\lostplanetdx10.exe" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\temp\temp1_lostplanettrialdx10patch.zip\lost_planet_trial_dx10\lostplanetdx10.exe |
"UDP Query User{D5F32DE4-452E-4BEB-9AA1-4D0F831EA010}C:\program files\capcom\lost_planet_trial_dx10\lostplanetdx10.exe" = protocol=17 | dir=in | app=c:\program files\capcom\lost_planet_trial_dx10\lostplanetdx10.exe |
"UDP Query User{D7DB9F01-FBDE-4B56-9552-2C76BC614628}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{E5406160-31A8-4822-BECC-F2FB8F29BD56}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{EA34BD94-3014-4E6B-BC68-E50C04A15437}C:\program files\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files\gigabyte\@bios\gwflash.exe |
"UDP Query User{EDADC4CB-0CA7-4A5F-BC19-CC8546DA10C2}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{F12B1B8F-3EFA-4350-B5F3-7BC969F9009E}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{28184E01-D57A-4933-A09B-F65403F16D82}" = i-Cool
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth ™ II
"{2D390654-EBA1-4EB4-A53D-B631CD44F4E0}" = LOST PLANET TRIAL DX10
"{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}" = 3DMark05
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2FEA102C-F535-4513-009B-57B165013C18}" = Tiger Woods PGA TOUR 08
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"{36BBA884-C697-48B6-B496-5F329215E249}" = BioShock Demo
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = M-Audio Series II MIDI
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2FE392-0C1F-49C7-9B9C-C198C3F6F495}" = PokerEV
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B06.1227.01
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4F5CE18C-D97D-48FF-A510-A0D90C918294}" = iTunes
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.21
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8A7E941F-2BB4-47D0-B732-8AE5F3513B68}" = ASAPI
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis® SP Demo
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9763E36A-08E9-4228-BBCE-12989A4EB1A8}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro Internet Security
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B42362C5-4EA8-4261-9B85-071AC05F12D4}" = Poker Clock
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{C93EA771-A601-4DC4-8042-F4C046A3EECB}" = Need for Speed™ ProStreet Demo
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{DBD1FF41-F438-4D0A-A3F1-999930B5BC52}" = Command & Conquer™ Red Alert™ 3 Demo
"{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B07.0509.01
"{F07DB5C1-34F6-48A7-B23E-682ACBF27338}" = OpenAL 1.1 Core PC SDK (ver 3.03)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Ambience Reverb, Personal Orchestra Edition_is1" = Ambience Personal Orchestra Edition
"ASIO4ALL" = ASIO4ALL
"AudioCS" = Creative Audio Console
"AVS DVDMenu Editor_is1" = AVS DVDMenu Editor 1.2.1.19
"AVS Video Tools 5_is1" = AVS Video Tools 5.6
"CCleaner" = CCleaner (remove only)
"Computer Alarm Clock" = Computer Alarm Clock
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"Cubasis VST 4" = Cubasis VST 4
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Doom 3 ™ Demo" = Doom 3 ™ Demo
"East West Boesendorfer 290" = East West Boesendorfer 290
"East West EWQLSO Gold Edition" = East West EWQLSO Gold Edition
"EasyTune5" = EasyTune5
"EAX™ Unified (SHELL)" = EAX™ Unified (SHELL)
"EphPod" = EphPod
"Final Fantasy VII_is1" = Final Fantasy VII - Ultima Edition
"FormatFactory" = FormatFactory 1.70
"Fx MPEG Writer" = Fx MPEG Writer
"Garritan Personal Orchestra" = Garritan Personal Orchestra
"Google Updater" = Google Updater
"Hollywood Poker Tournament Director's Poker Clock" = Hollywood Poker Tournament Director's Poker Clock
"HyperCam 2" = HyperCam 2
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{F07DB5C1-34F6-48A7-B23E-682ACBF27338}" = OpenAL 1.1 Core PC SDK (ver 3.03)
"InterActual Player" = InterActual Player
"LimeWire" = LimeWire 4.18.8
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MemSet_is1" = MemSet 3.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"Mozilla Firefox (3.6b5)" = Mozilla Firefox (3.6b5)
"MP3 WAV Studio v6.6x" = MP3 WAV Studio v6.6x
"MPEG Converter" = MPEG Converter
"Native Instruments Service Center" = Native Instruments Service Center
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Overture SE 3.5" = Overture SE 3.5
"Poker Tracker Version 2.17.03d_is1" = Poker Tracker Version 2.17.03d
"PokerRoom.com" = PokerRoom.com (remove only)
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"Recover Data for FAT & NTFS_is1" = Recover Data for FAT & NTFS
"RivaTuner" = RivaTuner v2.05
"Smart Recorder" = Creative Smart Recorder
"SnG Power Tools_is1" = SnG Power Tools v1.22
"Starcraft" = Starcraft
"Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"SystemRequirementsLab" = System Requirements Lab
"The Tournament Director 2.0" = The Tournament Director 2
"Victor Chandler" = Victor Chandler
"Vienna SoundFont Studio" = Creative Vienna SoundFont Studio
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WaveStudio 7" = Creative WaveStudio 7
"WinAVI Video Converter_is1" = WinAVI Video Converter
"WinCustomize Browser" = WinCustomize Browser
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2886563637-569150799-3104011590-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

GMER log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-29 13:49:17
Windows 6.0.6001 Service Pack 1
Running: qc24ctkr.exe; Driver: C:\Users\matt\AppData\Local\Temp\pxldypow.sys


---- System - GMER 1.0.15 ----

SSDT 88F2BFA0 ZwCreateKey
SSDT 88F2B1E0 ZwCreateProcess
SSDT 88F2B4A0 ZwCreateProcessEx
SSDT 88F2CE00 ZwCreateThread
SSDT 88F2C520 ZwDeleteKey
SSDT 88F2C7E0 ZwDeleteValueKey
SSDT 88F2D140 ZwLoadDriver
SSDT 88F2BA20 ZwOpenProcess
SSDT 88F2C260 ZwSetValueKey
SSDT 88F2BCE0 ZwTerminateProcess
SSDT 88F2CC60 ZwWriteVirtualMemory
SSDT 88F2CFA0 ZwCreateThreadEx
SSDT 88F2B760 ZwCreateUserProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 41C 820BC9E0 4 Bytes [A0, BF, F2, 88]
.text ntkrnlpa.exe!KeSetTimerEx + 43C 820BCA00 8 Bytes [E0, B1, F2, 88, A0, B4, F2, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 454 820BCA18 4 Bytes [00, CE, F2, 88]
.text ntkrnlpa.exe!KeSetTimerEx + 508 820BCACC 4 Bytes [20, C5, F2, 88]
.text ntkrnlpa.exe!KeSetTimerEx + 514 820BCAD8 4 Bytes [E0, C7, F2, 88]
.text ...
? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
.rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x82683024]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EA0F340, 0x35AB87, 0xE8000020]
.text USBPORT.SYS!DllUnload 82F5B46F 5 Bytes JMP 86BC91C8
.text alqdcc61.SYS 8F64E000 22 Bytes [26, 42, 3C, 82, 10, 41, 3C, ...]
.text alqdcc61.SYS 8F64E017 67 Bytes [00, 32, 57, 78, 80, 3D, 55, ...]
.text alqdcc61.SYS 8F64E05B 113 Bytes [82, A1, 66, 04, 82, 58, 6D, ...]
.text alqdcc61.SYS 8F64E0CE 73 Bytes [00, 00, 00, 00, 01, C2, 03, ...]
.text alqdcc61.SYS 8F64E118 185 Bytes [3F, 48, 3E, 8A, 3C, CC, 3D, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[904] ole32.dll!CoCreateInstance 76A2E188 5 Bytes JMP 001F000A
.text C:\Program Files\Mozilla Firefox 3.6 Beta 4\firefox.exe[4064] ntdll.dll!LdrLoadDll 76E17933 5 Bytes JMP 00BF13F0 C:\Program Files\Mozilla Firefox 3.6 Beta 4\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8069261E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80691AD4] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80692748] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [80691B9C] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [80691C1A] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A729A] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\System32\Drivers\alqdcc61.SYS[ataport.SYS!AtaPortNotification] 000000DC
IAT \SystemRoot\System32\Drivers\alqdcc61.SYS[ataport.SYS!AtaPortWritePortUchar] 000000A2
IAT \SystemRoot\System32\Drivers\alqdcc61.SYS[ataport.SYS!AtaPortWritePortUlong] 00000333
IAT \SystemRoot\System32\Drivers\alqdcc61.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 000003D8
IAT \SystemRoot\System32\Drivers\alqdcc61.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 0000024D
IAT \SystemRoot\System32\Drivers\alqdcc61.SYS[ataport.SYS!AtaPortGetScatterGatherList] 00000201
IAT \SystemRoot\System32\Drivers\alqdcc61.SYS[ataport.SYS!AtaPortReadPortUchar] 000001EF
IAT \SystemRoot\System32\Drivers\alqdcc61.SYS[ataport.SYS!AtaPortStallExecution] 0000031F
IAT \SystemRoot\System32\Drivers\alqdcc61.SYS[ataport.SYS!AtaPortGetParentBusType] 000000A1
IAT \SystemRoot\System32\Drivers\alqdcc61.SYS[ataport.SYS!AtaPortRequestCallback] 0000025C
IAT \SystemRoot\System32\Drivers\alqdcc61.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 000003BE
IAT \SystemRoot\System32\Drivers\alqdcc61.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 00000215
IAT \SystemRoot\System32\Drivers\alqdcc61.SYS[ataport.SYS!AtaPortCompleteRequest] 000000DD
IAT \SystemRoot\System32\Drivers\alqdcc61.SYS[ataport.SYS!AtaPortMoveMemory] 00000190
IAT \SystemRoot\System32\Drivers\alqdcc61.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 00000182
IAT \SystemRoot\System32\Drivers\alqdcc61.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 00000363
IAT \SystemRoot\System32\Drivers\alqdcc61.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 00000258
IAT \SystemRoot\System32\Drivers\alqdcc61.SYS[ataport.SYS!AtaPortReadPortUshort] 0000030E
IAT \SystemRoot\System32\Drivers\alqdcc61.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 0000017E
IAT \SystemRoot\System32\Drivers\alqdcc61.SYS[ataport.SYS!AtaPortInitialize] 00000254
IAT \SystemRoot\System32\Drivers\alqdcc61.SYS[ataport.SYS!AtaPortGetDeviceBase] 0000019E
IAT \SystemRoot\System32\Drivers\alqdcc61.SYS[ataport.SYS!AtaPortDeviceStateChange] 000000AB

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\explorer.exe[1988] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73E088B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [73E498A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73E0B9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73DFFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1988] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [73E07A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73DFEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73E3B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [73E0BC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [73E0074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [73E006B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [73DF71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [73E8D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [73E27379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73DFE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73DF697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [73DF69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73E02465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[21544] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73E088B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[21544] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [73E498A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[21544] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73E0B9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[21544] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73DFFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[21544] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [73E07A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[21544] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73DFEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[21544] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73E3B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[21544] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [73E0BC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[21544] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [73E0074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[21544] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [73E006B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[21544] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [73DF71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[21544] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [73E8D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[21544] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [73E27379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[21544] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73DFE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[21544] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73DF697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[21544] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [73DF69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[21544] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73E02465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85AF81E8
Device \Driver\volmgr \Device\VolMgrControl 85AF41E8
Device \Driver\usbuhci \Device\USBPDO-0 8698D1E8
Device \Driver\usbuhci \Device\USBPDO-1 8698D1E8
Device \Driver\usbuhci \Device\USBPDO-2 8698D1E8
Device \Driver\usbehci \Device\USBPDO-3 86BB4790
Device \Driver\usbuhci \Device\USBPDO-4 8698D1E8

AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \Driver\usbuhci \Device\USBPDO-5 8698D1E8
Device \Driver\usbuhci \Device\USBPDO-6 8698D1E8
Device \Driver\volmgr \Device\HarddiskVolume1 85AF41E8
Device \Driver\usbehci \Device\USBPDO-7 86BB4790
Device \Driver\cdrom \Device\CdRom0 86BB2530
Device \Driver\cdrom \Device\CdRom1 86BB2530
Device \Driver\atapi \Device\Ide\IdePort0 85AF61E8
Device \Driver\atapi \Device\Ide\IdePort1 85AF61E8
Device \Driver\atapi \Device\Ide\IdePort2 85AF61E8
Device \Driver\atapi \Device\Ide\IdePort3 85AF61E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 85AF61E8
Device \Driver\PCI_NTPNP0087 \Device\00000067 sptd.sys
Device \Driver\netbt \Device\NetBt_Wins_Export 88647790
Device \Driver\iScsiPrt \Device\RaidPort0 86D6F1E8

AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \Driver\usbuhci \Device\USBFDO-0 8698D1E8
Device \Driver\usbuhci \Device\USBFDO-1 8698D1E8
Device \Driver\usbuhci \Device\USBFDO-2 8698D1E8
Device \Driver\usbehci \Device\USBFDO-3 86BB4790
Device \Driver\usbuhci \Device\USBFDO-4 8698D1E8
Device \Driver\usbuhci \Device\USBFDO-5 8698D1E8
Device \Driver\usbuhci \Device\USBFDO-6 8698D1E8
Device \Driver\usbehci \Device\USBFDO-7 86BB4790
Device \Driver\alqdcc61 \Device\Scsi\alqdcc611Port6Path0Target0Lun0 86BCA1E8
Device \Driver\alqdcc61 \Device\Scsi\alqdcc611 86BCA1E8
Device \Driver\JRAID \Device\Scsi\JRAID1 85AF71E8
Device -> \Driver\atapi \Device\Harddisk0\DR0 85BB9618

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x35 0xF5 0x6E 0x2A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x98 0x0C 0x83 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x52 0x58 0x3B 0x94 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x35 0xF5 0x6E 0x2A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x98 0x0C 0x83 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x52 0x58 0x3B 0x94 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Oberon Media\Links Course Challenge \x2013 Chateau Whistler\Uninstall.exe 1

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Locksearch.txt:

LockSearch by jpshortstuff (05.11.09.1)
Log created at 14:22 on 29/12/2009 (matt)
Scanning C:\


C:\hiberfil.sys
-------------------------


C:\pagefile.sys
-------------------------


C:\Windows\System32\drivers\sptd.sys
-------------------------
C:\Windows\System32\drivers\sptd.sys [Unable to get md5 : 685816 bytes]

-=E.O.F=-



I also attached the files to this post

Caddie444

Attached Files



#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:43 AM

Posted 29 December 2009 - 10:35 PM

Well done. :(

Please note...

Many of the programs will require you to right click and run as Admin due to you Vista OS.

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Limewire
uTorrent


The possible portal to your infection!!

Additional instructions can be found here if needed.

==========

RKill by Grinler

Link #1
Link #2
Link #3
Link #4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.
==========

Download and Run ComboFix (by sUBs)

You must rename it before saving it.

Posted Image

Posted Image

Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

Re-run Gmer and post a log.

==========

With your next post please provide:

* Combofix.txt
* Gmer log
* How is your computer running now?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 caddie444

caddie444
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 30 December 2009 - 03:38 AM

Ran combfix unfortunately it did not solve the problem ads are still appearing when I use google and click on any of the search results

Attached Files



#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:43 AM

Posted 30 December 2009 - 11:53 AM

Yes. I see the specific infection in your logs and was hopeful that Combofix would fix it. It did not. We will need to fix it manually.

Do you have your Vista install disc?
Please copy and paste all logs into your replies.

Try this 1st....
  • Select Posted Image
  • Select All Programs
  • Select Accessories
  • Right click Command Prompt and choose Run as administrator
Posted Image
  • If you have the User Account Control (UAC) enabled you will be asked for authorization prior to the command prompt opening.
  • You may simply need to press the Continue button if you are the administrator or insert the administrator password.
  • Copy the entire blue text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-click and select Copy).
    copy C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys C:\ /y
  • In the Command Prompt window, paste the copied text by right-clicking and selecting Paste.
  • Press Enter.
    • When successfully, you should get this message within the Command Prompt: "1 file(s) copied"
      NOTE: If you didn't get this message, stop and tell me first. Executing The Avenger script (step #3) won't work if the file copy was not successful.
  • Exit the Command Prompt window.
==========


:( Warning to others reading this thread!: The Avenger is a VERY POWERFUL program, and can easily be misused.
Certain misuses of this program can prevent your system from ever starting again.
For this reason, it is strongly recommended to use The Avenger only as directed and under qualified supervision.
We can accept no responsibility for damage caused by misuse of the program.
:(
  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Right click and run as Admin on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.
    Files to move:C:\atapi.sys | C:\Windows\System32\drivers\atapi.sys
  • In the avenger window, click the Paste Script from Clipboard, Posted Image button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please post this log in your next reply.
==========

Re-run Gmer and post a log

==========

With your next post please provide:

* Answer to disc question
* Please copy and paste the logs
* Avenger log
* Gmer log
* How is it running now?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 caddie444

caddie444
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 30 December 2009 - 06:15 PM

Attach.txt:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not move file "C:\atapi.sys"
File move operation "C:\atapi.sys|C:\Windows\System32\drivers\atapi.sys" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Completed script processing.

*******************

Finished! Terminate.


Gmerlog:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-30 15:12:00
Windows 6.0.6001 Service Pack 1
Running: qc24ctkr.exe; Driver: C:\Users\matt\AppData\Local\Temp\pxldypow.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
.rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x82678024]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F20F340, 0x35AB87, 0xE8000020]
.text USBPORT.SYS!DllUnload 82F5846F 5 Bytes JMP 86C8B478
.text a90pepaw.SYS 8FA03000 22 Bytes [26, E2, 01, 82, 10, E1, 01, ...]
.text a90pepaw.SYS 8FA03017 181 Bytes [00, 32, C7, 78, 80, 3D, C5, ...]
.text a90pepaw.SYS 8FA030CE 73 Bytes [00, 00, 00, 00, 01, C2, 03, ...]
.text a90pepaw.SYS 8FA03118 185 Bytes [3F, 48, 3E, 8A, 3C, CC, 3D, ...]
.text a90pepaw.SYS 8FA031D2 22 Bytes [E0, C2, E2, 84, E3, 46, E6, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[872] ole32.dll!CoCreateInstance 760BE188 5 Bytes JMP 0091000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8069961E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80698AD4] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80699748] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [80698B9C] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [80698C1A] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806AE29A] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\System32\Drivers\a90pepaw.SYS[ataport.SYS!AtaPortNotification] 000000DC
IAT \SystemRoot\System32\Drivers\a90pepaw.SYS[ataport.SYS!AtaPortWritePortUchar] 000000A2
IAT \SystemRoot\System32\Drivers\a90pepaw.SYS[ataport.SYS!AtaPortWritePortUlong] 00000333
IAT \SystemRoot\System32\Drivers\a90pepaw.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 000003D8
IAT \SystemRoot\System32\Drivers\a90pepaw.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 0000024D
IAT \SystemRoot\System32\Drivers\a90pepaw.SYS[ataport.SYS!AtaPortGetScatterGatherList] 00000201
IAT \SystemRoot\System32\Drivers\a90pepaw.SYS[ataport.SYS!AtaPortReadPortUchar] 000001EF
IAT \SystemRoot\System32\Drivers\a90pepaw.SYS[ataport.SYS!AtaPortStallExecution] 0000031F
IAT \SystemRoot\System32\Drivers\a90pepaw.SYS[ataport.SYS!AtaPortGetParentBusType] 000000A1
IAT \SystemRoot\System32\Drivers\a90pepaw.SYS[ataport.SYS!AtaPortRequestCallback] 0000025C
IAT \SystemRoot\System32\Drivers\a90pepaw.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 000003BE
IAT \SystemRoot\System32\Drivers\a90pepaw.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 00000215
IAT \SystemRoot\System32\Drivers\a90pepaw.SYS[ataport.SYS!AtaPortCompleteRequest] 000000DD
IAT \SystemRoot\System32\Drivers\a90pepaw.SYS[ataport.SYS!AtaPortMoveMemory] 00000190
IAT \SystemRoot\System32\Drivers\a90pepaw.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 00000182
IAT \SystemRoot\System32\Drivers\a90pepaw.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 00000363
IAT \SystemRoot\System32\Drivers\a90pepaw.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 00000258
IAT \SystemRoot\System32\Drivers\a90pepaw.SYS[ataport.SYS!AtaPortReadPortUshort] 0000030E
IAT \SystemRoot\System32\Drivers\a90pepaw.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 0000017E
IAT \SystemRoot\System32\Drivers\a90pepaw.SYS[ataport.SYS!AtaPortInitialize] 00000254
IAT \SystemRoot\System32\Drivers\a90pepaw.SYS[ataport.SYS!AtaPortGetDeviceBase] 0000019E
IAT \SystemRoot\System32\Drivers\a90pepaw.SYS[ataport.SYS!AtaPortDeviceStateChange] 000000AB

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[12] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001F59DA
IAT C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[12] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001F5860
IAT C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[12] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001F58C5
IAT C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[12] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 001F5C9F
IAT C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[12] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 001F5F49
IAT C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[12] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001F5F49
IAT C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[12] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 001F54E1
IAT C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[12] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001F5C9F
IAT C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[12] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001F5F49
IAT C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[12] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 001F54E1
IAT C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[12] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 001F59DA
IAT C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[12] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 001F54E1
IAT C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[12] @ C:\Windows\system32\ws2_32.dll [ntdll.dll!NtQueryDirectoryFile] 001F59DA
IAT C:\Program Files\MagicTune Premium\MagicTuneEngine.exe[380] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 007B59DA
IAT C:\Program Files\MagicTune Premium\MagicTuneEngine.exe[380] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 007B5860
IAT C:\Program Files\MagicTune Premium\MagicTuneEngine.exe[380] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 007B58C5
IAT C:\Program Files\MagicTune Premium\MagicTuneEngine.exe[380] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 007B54E1
IAT C:\Program Files\MagicTune Premium\MagicTuneEngine.exe[380] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 007B5F49
IAT C:\Program Files\MagicTune Premium\MagicTuneEngine.exe[380] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 007B54E1
IAT C:\Program Files\MagicTune Premium\MagicTuneEngine.exe[380] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 007B5C9F
IAT C:\Program Files\MagicTune Premium\MagicTuneEngine.exe[380] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 007B5F49
IAT C:\Program Files\MagicTune Premium\MagicTuneEngine.exe[380] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 007B59DA
IAT C:\Program Files\MagicTune Premium\MagicTuneEngine.exe[380] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 007B5C9F
IAT C:\Program Files\MagicTune Premium\MagicTuneEngine.exe[380] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 007B5F49
IAT C:\Program Files\MagicTune Premium\MagicTuneEngine.exe[380] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 007B54E1
IAT C:\Program Files\MagicTune Premium\MagicTuneEngine.exe[380] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 007B59DA
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[532] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00A659DA
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[532] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00A65860
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[532] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00A658C5
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[532] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00A65C9F
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[532] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00A65F49
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[532] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 00A654E1
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[532] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00A65F49
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[532] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 00A654E1
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[532] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00A65C9F
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[532] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00A65F49
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[532] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 00A654E1
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[532] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 00A659DA
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[532] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 00A659DA
IAT C:\Windows\system32\wininit.exe[616] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 003159DA
IAT C:\Windows\system32\wininit.exe[616] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00315860
IAT C:\Windows\system32\wininit.exe[616] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003158C5
IAT C:\Windows\system32\wininit.exe[616] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 003154E1
IAT C:\Windows\system32\wininit.exe[616] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00315F49
IAT C:\Windows\system32\wininit.exe[616] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 003154E1
IAT C:\Windows\system32\wininit.exe[616] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00315C9F
IAT C:\Windows\system32\wininit.exe[616] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00315F49
IAT C:\Windows\system32\wininit.exe[616] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 003159DA
IAT C:\Windows\system32\wininit.exe[616] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 00315C9F
IAT C:\Windows\system32\wininit.exe[616] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 00315F49
IAT C:\Windows\system32\wininit.exe[616] @ C:\Windows\system32\shell32.dll [USER32.dll!EndDialog] 003154E1
IAT C:\Windows\system32\wininit.exe[616] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 003159DA
IAT C:\Windows\system32\services.exe[660] @ C:\Windows\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 008D59DA
IAT C:\Windows\system32\services.exe[660] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 008D59DA
IAT C:\Windows\system32\services.exe[660] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 008D5860
IAT C:\Windows\system32\services.exe[660] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 008D58C5
IAT C:\Windows\system32\services.exe[660] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 008D54E1
IAT C:\Windows\system32\services.exe[660] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 008D5F49
IAT C:\Windows\system32\services.exe[660] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 008D54E1
IAT C:\Windows\system32\services.exe[660] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 008D5C9F
IAT C:\Windows\system32\services.exe[660] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 008D5F49
IAT C:\Windows\system32\services.exe[660] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 008D59DA
IAT C:\Windows\system32\services.exe[660] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 008D5C9F
IAT C:\Windows\system32\services.exe[660] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 008D5F49
IAT C:\Windows\system32\services.exe[660] @ C:\Windows\system32\shell32.dll [USER32.dll!EndDialog] 008D54E1
IAT C:\Windows\system32\services.exe[660] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 008D59DA
IAT C:\Windows\system32\lsass.exe[672] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 000D59DA
IAT C:\Windows\system32\lsass.exe[672] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 000D5860
IAT C:\Windows\system32\lsass.exe[672] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000D58C5
IAT C:\Windows\system32\lsass.exe[672] @ C:\Windows\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 000D58C5
IAT C:\Windows\system32\lsass.exe[672] @ C:\Windows\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 000D58C5
IAT C:\Windows\system32\lsass.exe[672] @ C:\Windows\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 000D5860
IAT C:\Windows\system32\lsass.exe[672] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 000D59DA
IAT C:\Windows\system32\lsass.exe[672] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 000D54E1
IAT C:\Windows\system32\lsass.exe[672] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 000D5F49
IAT C:\Windows\system32\lsass.exe[672] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 000D54E1
IAT C:\Windows\system32\lsass.exe[672] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 000D5C9F
IAT C:\Windows\system32\lsass.exe[672] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 000D5F49
IAT C:\Windows\system32\lsass.exe[672] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 000D5C9F
IAT C:\Windows\system32\lsass.exe[672] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 000D5F49
IAT C:\Windows\system32\lsass.exe[672] @ C:\Windows\system32\shell32.dll [USER32.dll!EndDialog] 000D54E1
IAT C:\Windows\system32\lsass.exe[672] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 000D59DA
IAT C:\Windows\system32\lsm.exe[680] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00BE59DA
IAT C:\Windows\system32\lsm.exe[680] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00BE5860
IAT C:\Windows\system32\lsm.exe[680] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00BE58C5
IAT C:\Windows\system32\lsm.exe[680] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 00BE54E1
IAT C:\Windows\system32\lsm.exe[680] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00BE5F49
IAT C:\Windows\system32\lsm.exe[680] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 00BE54E1
IAT C:\Windows\system32\lsm.exe[680] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00BE5C9F
IAT C:\Windows\system32\lsm.exe[680] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00BE5F49
IAT C:\Windows\system32\lsm.exe[680] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 00BE59DA
IAT C:\Windows\system32\lsm.exe[680] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 00BE5C9F
IAT C:\Windows\system32\lsm.exe[680] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 00BE5F49
IAT C:\Windows\system32\lsm.exe[680] @ C:\Windows\system32\shell32.dll [USER32.dll!EndDialog] 00BE54E1
IAT C:\Windows\system32\lsm.exe[680] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 00BE59DA
IAT C:\Windows\System32\svchost.exe[724] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 005D59DA
IAT C:\Windows\System32\svchost.exe[724] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 005D5860
IAT C:\Windows\System32\svchost.exe[724] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 005D58C5
IAT C:\Windows\System32\svchost.exe[724] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 005D54E1
IAT C:\Windows\System32\svchost.exe[724] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 005D5F49
IAT C:\Windows\System32\svchost.exe[724] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 005D54E1
IAT C:\Windows\System32\svchost.exe[724] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 005D5C9F
IAT C:\Windows\System32\svchost.exe[724] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 005D5F49
IAT C:\Windows\System32\svchost.exe[724] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 005D5C9F
IAT C:\Windows\System32\svchost.exe[724] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 005D5F49
IAT C:\Windows\System32\svchost.exe[724] @ C:\Windows\system32\shell32.dll [USER32.dll!EndDialog] 005D54E1
IAT C:\Windows\System32\svchost.exe[724] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 005D59DA
IAT C:\Windows\System32\svchost.exe[724] @ C:\Windows\system32\ws2_32.dll [ntdll.dll!NtQueryDirectoryFile] 005D59DA
IAT C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[796] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00EE59DA
IAT C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[796] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00EE5860
IAT C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[796] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00EE58C5
IAT C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[796] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00EE5C9F
IAT C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[796] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00EE5F49
IAT C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[796] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00EE5F49
IAT C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[796] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 00EE54E1
IAT C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[796] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00EE5C9F
IAT C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[796] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00EE5F49
IAT C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[796] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 00EE54E1
IAT C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[796] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 00EE59DA
IAT C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[796] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 00EE59DA
IAT C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[796] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 00EE54E1
IAT C:\Windows\system32\svchost.exe[940] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 008259DA
IAT C:\Windows\system32\svchost.exe[940] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00825860
IAT C:\Windows\system32\svchost.exe[940] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 008258C5
IAT C:\Windows\system32\svchost.exe[940] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 008254E1
IAT C:\Windows\system32\svchost.exe[940] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00825F49
IAT C:\Windows\system32\svchost.exe[940] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 008254E1
IAT C:\Windows\system32\svchost.exe[940] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00825C9F
IAT C:\Windows\system32\svchost.exe[940] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00825F49
IAT C:\Windows\system32\svchost.exe[940] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 008259DA
IAT C:\Windows\system32\svchost.exe[940] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 00825C9F
IAT C:\Windows\system32\svchost.exe[940] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 00825F49
IAT C:\Windows\system32\svchost.exe[940] @ C:\Windows\system32\shell32.dll [USER32.dll!EndDialog] 008254E1
IAT C:\Windows\system32\svchost.exe[940] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 008259DA
IAT C:\Windows\System32\svchost.exe[976] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 009159DA
IAT C:\Windows\System32\svchost.exe[976] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00915860
IAT C:\Windows\System32\svchost.exe[976] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 009158C5
IAT C:\Windows\System32\svchost.exe[976] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 009154E1
IAT C:\Windows\System32\svchost.exe[976] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00915F49
IAT C:\Windows\System32\svchost.exe[976] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 009154E1
IAT C:\Windows\System32\svchost.exe[976] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00915C9F
IAT C:\Windows\System32\svchost.exe[976] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00915F49
IAT C:\Windows\System32\svchost.exe[976] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00915C9F
IAT C:\Windows\System32\svchost.exe[976] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00915F49
IAT C:\Windows\System32\svchost.exe[976] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 009154E1
IAT C:\Windows\System32\svchost.exe[976] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 009159DA
IAT C:\Windows\System32\svchost.exe[976] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 009159DA
IAT C:\Windows\System32\svchost.exe[1084] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 008859DA
IAT C:\Windows\System32\svchost.exe[1084] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00885860
IAT C:\Windows\System32\svchost.exe[1084] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 008858C5
IAT C:\Windows\System32\svchost.exe[1084] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 008854E1
IAT C:\Windows\System32\svchost.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00885F49
IAT C:\Windows\System32\svchost.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 008854E1
IAT C:\Windows\System32\svchost.exe[1084] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00885C9F
IAT C:\Windows\System32\svchost.exe[1084] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00885F49
IAT C:\Windows\System32\svchost.exe[1084] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 008859DA
IAT C:\Windows\System32\svchost.exe[1084] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 00885C9F
IAT C:\Windows\System32\svchost.exe[1084] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 00885F49
IAT C:\Windows\System32\svchost.exe[1084] @ C:\Windows\system32\shell32.dll [USER32.dll!EndDialog] 008854E1
IAT C:\Windows\System32\svchost.exe[1084] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 008859DA
IAT C:\Windows\System32\svchost.exe[1164] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00A859DA
IAT C:\Windows\System32\svchost.exe[1164] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00A85860
IAT C:\Windows\System32\svchost.exe[1164] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00A858C5
IAT C:\Windows\System32\svchost.exe[1164] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 00A854E1
IAT C:\Windows\System32\svchost.exe[1164] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00A85F49
IAT C:\Windows\System32\svchost.exe[1164] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 00A854E1
IAT C:\Windows\System32\svchost.exe[1164] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00A85C9F
IAT C:\Windows\System32\svchost.exe[1164] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00A85F49
IAT C:\Windows\System32\svchost.exe[1164] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 00A859DA
IAT C:\Windows\System32\svchost.exe[1164] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00A85C9F
IAT C:\Windows\System32\svchost.exe[1164] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00A85F49
IAT C:\Windows\System32\svchost.exe[1164] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 00A854E1
IAT C:\Windows\System32\svchost.exe[1164] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 00A859DA
IAT C:\Windows\system32\svchost.exe[1196] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 015C59DA
IAT C:\Windows\system32\svchost.exe[1196] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 015C5860
IAT C:\Windows\system32\svchost.exe[1196] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 015C58C5
IAT C:\Windows\system32\svchost.exe[1196] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 015C54E1
IAT C:\Windows\system32\svchost.exe[1196] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 015C5F49
IAT C:\Windows\system32\svchost.exe[1196] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 015C54E1
IAT C:\Windows\system32\svchost.exe[1196] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 015C5C9F
IAT C:\Windows\system32\svchost.exe[1196] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 015C5F49
IAT C:\Windows\system32\svchost.exe[1196] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 015C59DA
IAT C:\Windows\system32\svchost.exe[1196] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 015C5C9F
IAT C:\Windows\system32\svchost.exe[1196] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 015C5F49
IAT C:\Windows\system32\svchost.exe[1196] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 015C54E1
IAT C:\Windows\system32\svchost.exe[1196] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 015C59DA
IAT C:\Windows\System32\rundll32.exe[1208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 009759DA
IAT C:\Windows\System32\rundll32.exe[1208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00975860
IAT C:\Windows\System32\rundll32.exe[1208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 009758C5
IAT C:\Windows\System32\rundll32.exe[1208] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00975C9F
IAT C:\Windows\System32\rundll32.exe[1208] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00975F49
IAT C:\Windows\System32\rundll32.exe[1208] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 009754E1
IAT C:\Windows\System32\rundll32.exe[1208] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 009759DA
IAT C:\Windows\System32\rundll32.exe[1208] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00975F49
IAT C:\Windows\System32\rundll32.exe[1208] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 009754E1
IAT C:\Windows\System32\rundll32.exe[1208] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00975C9F
IAT C:\Windows\System32\rundll32.exe[1208] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00975F49
IAT C:\Windows\System32\rundll32.exe[1208] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 009754E1
IAT C:\Windows\System32\rundll32.exe[1208] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 009759DA
IAT C:\Windows\system32\svchost.exe[1264] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 008359DA
IAT C:\Windows\system32\svchost.exe[1264] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00835860
IAT C:\Windows\system32\svchost.exe[1264] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 008358C5
IAT C:\Windows\system32\svchost.exe[1264] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 008354E1
IAT C:\Windows\system32\svchost.exe[1264] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00835F49
IAT C:\Windows\system32\svchost.exe[1264] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 008354E1
IAT C:\Windows\system32\svchost.exe[1264] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00835C9F
IAT C:\Windows\system32\svchost.exe[1264] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00835F49
IAT C:\Windows\system32\svchost.exe[1264] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 008359DA
IAT C:\Windows\system32\svchost.exe[1264] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 00835C9F
IAT C:\Windows\system32\svchost.exe[1264] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 00835F49
IAT C:\Windows\system32\svchost.exe[1264] @ C:\Windows\system32\shell32.dll [USER32.dll!EndDialog] 008354E1
IAT C:\Windows\system32\svchost.exe[1264] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 008359DA
IAT C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe[1296] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 011F59DA
IAT C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe[1296] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 011F5860
IAT C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe[1296] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 011F58C5
IAT C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe[1296] @ C:\Windows\system32\OLE32.dll [USER32.dll!GetClipboardData] 011F5C9F
IAT C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe[1296] @ C:\Windows\system32\OLE32.dll [USER32.dll!TranslateMessage] 011F5F49
IAT C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe[1296] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 011F59DA
IAT C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe[1296] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 011F5C9F
IAT C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe[1296] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 011F5F49
IAT C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe[1296] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 011F54E1
IAT C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe[1296] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 011F59DA
IAT C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe[1296] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 011F5F49
IAT C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe[1296] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 011F54E1
IAT C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe[1296] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 011F54E1
IAT C:\Windows\system32\taskeng.exe[1320] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 008B59DA
IAT C:\Windows\system32\taskeng.exe[1320] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 008B5860
IAT C:\Windows\system32\taskeng.exe[1320] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 008B58C5
IAT C:\Windows\system32\taskeng.exe[1320] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 008B5C9F
IAT C:\Windows\system32\taskeng.exe[1320] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 008B5F49
IAT C:\Windows\system32\taskeng.exe[1320] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 008B54E1
IAT C:\Windows\system32\taskeng.exe[1320] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 008B59DA
IAT C:\Windows\system32\taskeng.exe[1320] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 008B5F49
IAT C:\Windows\system32\taskeng.exe[1320] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 008B54E1
IAT C:\Windows\system32\taskeng.exe[1320] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 008B5C9F
IAT C:\Windows\system32\taskeng.exe[1320] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 008B5F49
IAT C:\Windows\system32\taskeng.exe[1320] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 008B54E1
IAT C:\Windows\system32\taskeng.exe[1320] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 008B59DA
IAT C:\Windows\system32\svchost.exe[1324] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 007E59DA
IAT C:\Windows\system32\svchost.exe[1324] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 007E5860
IAT C:\Windows\system32\svchost.exe[1324] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 007E58C5
IAT C:\Windows\system32\svchost.exe[1324] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 007E54E1
IAT C:\Windows\system32\svchost.exe[1324] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 007E5F49
IAT C:\Windows\system32\svchost.exe[1324] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 007E54E1
IAT C:\Windows\system32\svchost.exe[1324] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 007E5C9F
IAT C:\Windows\system32\svchost.exe[1324] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 007E5F49
IAT C:\Windows\system32\svchost.exe[1324] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 007E59DA
IAT C:\Windows\system32\svchost.exe[1324] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 007E5C9F
IAT C:\Windows\system32\svchost.exe[1324] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 007E5F49
IAT C:\Windows\system32\svchost.exe[1324] @ C:\Windows\system32\shell32.dll [USER32.dll!EndDialog] 007E54E1
IAT C:\Windows\system32\svchost.exe[1324] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 007E59DA
IAT C:\Windows\system32\SLsvc.exe[1348] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 002859DA
IAT C:\Windows\system32\SLsvc.exe[1348] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00285860
IAT C:\Windows\system32\SLsvc.exe[1348] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 002858C5
IAT C:\Windows\system32\SLsvc.exe[1348] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 002859DA
IAT C:\Windows\system32\SLsvc.exe[1348] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 002854E1
IAT C:\Windows\system32\SLsvc.exe[1348] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00285F49
IAT C:\Windows\system32\SLsvc.exe[1348] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 002854E1
IAT C:\Windows\system32\SLsvc.exe[1348] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00285C9F
IAT C:\Windows\system32\SLsvc.exe[1348] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00285F49
IAT C:\Windows\system32\SLsvc.exe[1348] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 00285C9F
IAT C:\Windows\system32\SLsvc.exe[1348] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 00285F49
IAT C:\Windows\system32\SLsvc.exe[1348] @ C:\Windows\system32\shell32.dll [USER32.dll!EndDialog] 002854E1
IAT C:\Windows\system32\SLsvc.exe[1348] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 002859DA
IAT C:\Windows\system32\svchost.exe[1436] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00AF59DA
IAT C:\Windows\system32\svchost.exe[1436] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00AF5860
IAT C:\Windows\system32\svchost.exe[1436] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00AF58C5
IAT C:\Windows\system32\svchost.exe[1436] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 00AF54E1
IAT C:\Windows\system32\svchost.exe[1436] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00AF5F49
IAT C:\Windows\system32\svchost.exe[1436] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 00AF54E1
IAT C:\Windows\system32\svchost.exe[1436] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00AF5C9F
IAT C:\Windows\system32\svchost.exe[1436] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00AF5F49
IAT C:\Windows\system32\svchost.exe[1436] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 00AF59DA
IAT C:\Windows\system32\svchost.exe[1436] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 00AF5C9F
IAT C:\Windows\system32\svchost.exe[1436] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 00AF5F49
IAT C:\Windows\system32\svchost.exe[1436] @ C:\Windows\system32\shell32.dll [USER32.dll!EndDialog] 00AF54E1
IAT C:\Windows\system32\svchost.exe[1436] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 00AF59DA
IAT C:\Windows\system32\svchost.exe[1564] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 009F59DA
IAT C:\Windows\system32\svchost.exe[1564] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 009F5860
IAT C:\Windows\system32\svchost.exe[1564] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 009F58C5
IAT C:\Windows\system32\svchost.exe[1564] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 009F54E1
IAT C:\Windows\system32\svchost.exe[1564] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 009F5F49
IAT C:\Windows\system32\svchost.exe[1564] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 009F54E1
IAT C:\Windows\system32\svchost.exe[1564] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 009F5C9F
IAT C:\Windows\system32\svchost.exe[1564] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 009F5F49
IAT C:\Windows\system32\svchost.exe[1564] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 009F59DA
IAT C:\Windows\system32\svchost.exe[1564] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 009F5C9F
IAT C:\Windows\system32\svchost.exe[1564] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 009F5F49
IAT C:\Windows\system32\svchost.exe[1564] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 009F54E1
IAT C:\Windows\system32\svchost.exe[1564] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 009F59DA
IAT C:\Windows\system32\Taskmgr.exe[1688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 021259DA
IAT C:\Windows\system32\Taskmgr.exe[1688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 02125860
IAT C:\Windows\system32\Taskmgr.exe[1688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 021258C5
IAT C:\Windows\system32\Taskmgr.exe[1688] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 021259DA
IAT C:\Windows\system32\Taskmgr.exe[1688] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 02125F49
IAT C:\Windows\system32\Taskmgr.exe[1688] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 021254E1
IAT C:\Windows\system32\Taskmgr.exe[1688] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 02125C9F
IAT C:\Windows\system32\Taskmgr.exe[1688] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 02125F49
IAT C:\Windows\system32\Taskmgr.exe[1688] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 021254E1
IAT C:\Windows\system32\Taskmgr.exe[1688] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 021259DA
IAT C:\Windows\system32\Taskmgr.exe[1688] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 021254E1
IAT C:\Windows\system32\Taskmgr.exe[1688] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 02125C9F
IAT C:\Windows\system32\Taskmgr.exe[1688] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 02125F49
IAT C:\Windows\System32\spoolsv.exe[1744] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004159DA
IAT C:\Windows\System32\spoolsv.exe[1744] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00415860
IAT C:\Windows\System32\spoolsv.exe[1744] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004158C5
IAT C:\Windows\System32\spoolsv.exe[1744] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 004154E1
IAT C:\Windows\System32\spoolsv.exe[1744] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00415F49
IAT C:\Windows\System32\spoolsv.exe[1744] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 004154E1
IAT C:\Windows\System32\spoolsv.exe[1744] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00415C9F
IAT C:\Windows\System32\spoolsv.exe[1744] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00415F49
IAT C:\Windows\System32\spoolsv.exe[1744] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 004159DA
IAT C:\Windows\System32\spoolsv.exe[1744] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00415C9F
IAT C:\Windows\System32\spoolsv.exe[1744] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00415F49
IAT C:\Windows\System32\spoolsv.exe[1744] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 004154E1
IAT C:\Windows\System32\spoolsv.exe[1744] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 004159DA
IAT C:\Windows\system32\svchost.exe[1772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 009059DA
IAT C:\Windows\system32\svchost.exe[1772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00905860
IAT C:\Windows\system32\svchost.exe[1772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 009058C5
IAT C:\Windows\system32\svchost.exe[1772] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 009054E1
IAT C:\Windows\system32\svchost.exe[1772] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00905F49
IAT C:\Windows\system32\svchost.exe[1772] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 009054E1
IAT C:\Windows\system32\svchost.exe[1772] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00905C9F
IAT C:\Windows\system32\svchost.exe[1772] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00905F49
IAT C:\Windows\system32\svchost.exe[1772] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 009059DA
IAT C:\Windows\system32\svchost.exe[1772] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00905C9F
IAT C:\Windows\system32\svchost.exe[1772] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00905F49
IAT C:\Windows\system32\svchost.exe[1772] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 009054E1
IAT C:\Windows\system32\svchost.exe[1772] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 009059DA
IAT C:\Windows\system32\svchost.exe[1864] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 009259DA
IAT C:\Windows\system32\svchost.exe[1864] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00925860
IAT C:\Windows\system32\svchost.exe[1864] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 009258C5
IAT C:\Windows\system32\svchost.exe[1864] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 009254E1
IAT C:\Windows\system32\svchost.exe[1864] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00925F49
IAT C:\Windows\system32\svchost.exe[1864] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 009254E1
IAT C:\Windows\system32\svchost.exe[1864] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00925C9F
IAT C:\Windows\system32\svchost.exe[1864] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00925F49
IAT C:\Windows\system32\svchost.exe[1864] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00925C9F
IAT C:\Windows\system32\svchost.exe[1864] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00925F49
IAT C:\Windows\system32\svchost.exe[1864] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 009254E1
IAT C:\Windows\system32\svchost.exe[1864] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 009259DA
IAT C:\Windows\system32\svchost.exe[1864] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 009259DA
IAT C:\Windows\system32\PnkBstrA.exe[1928] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00DB59DA
IAT C:\Windows\system32\PnkBstrA.exe[1928] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00DB5860
IAT C:\Windows\system32\PnkBstrA.exe[1928] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00DB58C5
IAT C:\Windows\system32\PnkBstrA.exe[1928] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 00DB59DA
IAT C:\Windows\system32\PnkBstrA.exe[1928] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00DB5C9F
IAT C:\Windows\system32\PnkBstrA.exe[1928] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00DB5F49
IAT C:\Windows\system32\PnkBstrA.exe[1928] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 00DB54E1
IAT C:\Windows\system32\PnkBstrA.exe[1928] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 00DB59DA
IAT C:\Windows\system32\PnkBstrA.exe[1928] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00DB5F49
IAT C:\Windows\system32\PnkBstrA.exe[1928] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 00DB54E1
IAT C:\Windows\system32\PnkBstrA.exe[1928] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 00DB54E1
IAT C:\Windows\system32\PnkBstrA.exe[1928] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00DB5C9F
IAT C:\Windows\system32\PnkBstrA.exe[1928] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00DB5F49
IAT C:\Windows\system32\PnkBstrB.exe[1944] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00B659DA
IAT C:\Windows\system32\PnkBstrB.exe[1944] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00B65860
IAT C:\Windows\system32\PnkBstrB.exe[1944] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00B658C5
IAT C:\Windows\system32\PnkBstrB.exe[1944] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 00B659DA
IAT C:\Windows\system32\PnkBstrB.exe[1944] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00B65C9F
IAT C:\Windows\system32\PnkBstrB.exe[1944] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00B65F49
IAT C:\Windows\system32\PnkBstrB.exe[1944] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 00B654E1
IAT C:\Windows\system32\PnkBstrB.exe[1944] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 00B659DA
IAT C:\Windows\system32\PnkBstrB.exe[1944] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00B65F49
IAT C:\Windows\system32\PnkBstrB.exe[1944] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 00B654E1
IAT C:\Windows\system32\PnkBstrB.exe[1944] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 00B654E1
IAT C:\Windows\system32\PnkBstrB.exe[1944] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00B65C9F
IAT C:\Windows\system32\PnkBstrB.exe[1944] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00B65F49
IAT C:\Users\matt\Desktop\qc24ctkr.exe[2000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 022C59DA
IAT C:\Users\matt\Desktop\qc24ctkr.exe[2000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 022C5860
IAT C:\Users\matt\Desktop\qc24ctkr.exe[2000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 022C58C5
IAT C:\Users\matt\Desktop\qc24ctkr.exe[2000] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 022C54E1
IAT C:\Users\matt\Desktop\qc24ctkr.exe[2000] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 022C5F49
IAT C:\Users\matt\Desktop\qc24ctkr.exe[2000] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 022C54E1
IAT C:\Users\matt\Desktop\qc24ctkr.exe[2000] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 022C5C9F
IAT C:\Users\matt\Desktop\qc24ctkr.exe[2000] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 022C5F49
IAT C:\Users\matt\Desktop\qc24ctkr.exe[2000] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 022C59DA
IAT C:\Users\matt\Desktop\qc24ctkr.exe[2000] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 022C5C9F
IAT C:\Users\matt\Desktop\qc24ctkr.exe[2000] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 022C5F49
IAT C:\Users\matt\Desktop\qc24ctkr.exe[2000] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 022C54E1
IAT C:\Users\matt\Desktop\qc24ctkr.exe[2000] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 022C59DA
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2036] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 014359DA
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2036] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01435860
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2036] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 014358C5
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2036] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 014359DA
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2036] @ C:\Windows\system32\OLE32.dll [USER32.dll!GetClipboardData] 01435C9F
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2036] @ C:\Windows\system32\OLE32.dll [USER32.dll!TranslateMessage] 01435F49
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2036] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 014354E1
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2036] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01435F49
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2036] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 014354E1
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2036] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 01435C9F
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2036] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 01435F49
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2036] @ C:\Windows\system32\shell32.dll [USER32.dll!EndDialog] 014354E1
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2036] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 014359DA
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 018B59DA
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 018B5860
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 018B58C5
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2064] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 018B59DA
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2064] @ C:\Windows\system32\OLE32.dll [USER32.dll!GetClipboardData] 018B5C9F
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2064] @ C:\Windows\system32\OLE32.dll [USER32.dll!TranslateMessage] 018B5F49
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2064] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 018B54E1
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2064] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 018B5F49
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2064] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 018B54E1
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2064] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 018B5C9F
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2064] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 018B5F49
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2064] @ C:\Windows\system32\shell32.dll [USER32.dll!EndDialog] 018B54E1
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2064] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 018B59DA
IAT C:\Windows\system32\SearchIndexer.exe[2164] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 05AB59DA
IAT C:\Windows\system32\SearchIndexer.exe[2164] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 05AB5860
IAT C:\Windows\system32\SearchIndexer.exe[2164] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 05AB58C5
IAT C:\Windows\system32\SearchIndexer.exe[2164] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 05AB5C9F
IAT C:\Windows\system32\SearchIndexer.exe[2164] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 05AB5F49
IAT C:\Windows\system32\SearchIndexer.exe[2164] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 05AB5F49
IAT C:\Windows\system32\SearchIndexer.exe[2164] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 05AB54E1
IAT C:\Windows\system32\SearchIndexer.exe[2164] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 05AB5C9F
IAT C:\Windows\system32\SearchIndexer.exe[2164] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 05AB5F49
IAT C:\Windows\system32\SearchIndexer.exe[2164] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 05AB54E1
IAT C:\Windows\system32\SearchIndexer.exe[2164] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 05AB59DA
IAT C:\Windows\system32\SearchIndexer.exe[2164] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 05AB59DA
IAT C:\Windows\system32\SearchIndexer.exe[2164] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 05AB54E1
IAT C:\Program Files\Gigabyte\ET5\GUI.exe[2232] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 046659DA
IAT C:\Program Files\Gigabyte\ET5\GUI.exe[2232] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 04665860
IAT C:\Program Files\Gigabyte\ET5\GUI.exe[2232] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 046658C5
IAT C:\Program Files\Gigabyte\ET5\GUI.exe[2232] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 04665C9F
IAT C:\Program Files\Gigabyte\ET5\GUI.exe[2232] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 04665F49
IAT C:\Program Files\Gigabyte\ET5\GUI.exe[2232] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 04665F49
IAT C:\Program Files\Gigabyte\ET5\GUI.exe[2232] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 046654E1
IAT C:\Program Files\Gigabyte\ET5\GUI.exe[2232] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 04665C9F
IAT C:\Program Files\Gigabyte\ET5\GUI.exe[2232] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 04665F49
IAT C:\Program Files\Gigabyte\ET5\GUI.exe[2232] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 046654E1
IAT C:\Program Files\Gigabyte\ET5\GUI.exe[2232] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 046659DA
IAT C:\Program Files\Gigabyte\ET5\GUI.exe[2232] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 046659DA
IAT C:\Program Files\Gigabyte\ET5\GUI.exe[2232] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 046654E1
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2376] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 018959DA
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2376] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01895860
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2376] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 018958C5
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2376] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 018959DA
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2376] @ C:\Windows\system32\OLE32.dll [USER32.dll!GetClipboardData] 01895C9F
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2376] @ C:\Windows\system32\OLE32.dll [USER32.dll!TranslateMessage] 01895F49
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2376] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 018954E1
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2376] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01895F49
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2376] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 018954E1
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2376] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 01895C9F
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2376] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 01895F49
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2376] @ C:\Windows\system32\shell32.dll [USER32.dll!EndDialog] 018954E1
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2376] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 018959DA
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2384] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 019A59DA
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2384] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 019A5860
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2384] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 019A58C5
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2384] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 019A59DA
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2384] @ C:\Windows\system32\OLE32.dll [USER32.dll!GetClipboardData] 019A5C9F
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2384] @ C:\Windows\system32\OLE32.dll [USER32.dll!TranslateMessage] 019A5F49
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2384] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 019A54E1
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2384] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 019A5F49
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2384] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 019A54E1
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2384] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 019A5C9F
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2384] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 019A5F49
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2384] @ C:\Windows\system32\shell32.dll [USER32.dll!EndDialog] 019A54E1
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2384] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 019A59DA
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 015059DA
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01505860
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 015058C5
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2392] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 015059DA
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2392] @ C:\Windows\system32\OLE32.dll [USER32.dll!GetClipboardData] 01505C9F
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2392] @ C:\Windows\system32\OLE32.dll [USER32.dll!TranslateMessage] 01505F49
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2392] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 015054E1
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2392] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01505F49
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2392] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 015054E1
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2392] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 01505C9F
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2392] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 01505F49
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2392] @ C:\Windows\system32\shell32.dll [USER32.dll!EndDialog] 015054E1
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2392] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 015059DA
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2400] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 018859DA
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2400] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01885860
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2400] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 018858C5
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2400] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 018859DA
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2400] @ C:\Windows\system32\OLE32.dll [USER32.dll!GetClipboardData] 01885C9F
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2400] @ C:\Windows\system32\OLE32.dll [USER32.dll!TranslateMessage] 01885F49
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2400] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 018854E1
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2400] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01885F49
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2400] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 018854E1
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2400] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 01885C9F
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2400] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 01885F49
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2400] @ C:\Windows\system32\shell32.dll [USER32.dll!EndDialog] 018854E1
IAT C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2400] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 018859DA
IAT C:\Windows\System32\CTXFISPI.EXE[2616] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 008459DA
IAT C:\Windows\System32\CTXFISPI.EXE[2616] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00845860
IAT C:\Windows\System32\CTXFISPI.EXE[2616] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 008458C5
IAT C:\Windows\System32\CTXFISPI.EXE[2616] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00845C9F
IAT C:\Windows\System32\CTXFISPI.EXE[2616] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00845F49
IAT C:\Windows\System32\CTXFISPI.EXE[2616] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00845C9F
IAT C:\Windows\System32\CTXFISPI.EXE[2616] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00845F49
IAT C:\Windows\System32\CTXFISPI.EXE[2616] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 008454E1
IAT C:\Windows\System32\CTXFISPI.EXE[2616] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 008459DA
IAT C:\Windows\System32\CTXFISPI.EXE[2616] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00845F49
IAT C:\Windows\System32\CTXFISPI.EXE[2616] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 008454E1
IAT C:\Windows\System32\CTXFISPI.EXE[2616] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 008454E1
IAT C:\Windows\System32\CTXFISPI.EXE[2616] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 008459DA
IAT C:\Windows\system32\wbem\wmiprvse.exe[3000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00B859DA
IAT C:\Windows\system32\wbem\wmiprvse.exe[3000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00B85860
IAT C:\Windows\system32\wbem\wmiprvse.exe[3000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00B858C5
IAT C:\Windows\system32\wbem\wmiprvse.exe[3000] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00B85C9F
IAT C:\Windows\system32\wbem\wmiprvse.exe[3000] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00B85F49
IAT C:\Windows\system32\wbem\wmiprvse.exe[3000] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 00B859DA
IAT C:\Windows\system32\wbem\wmiprvse.exe[3000] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 00B854E1
IAT C:\Windows\system32\wbem\wmiprvse.exe[3000] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00B85F49
IAT C:\Windows\system32\wbem\wmiprvse.exe[3000] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 00B854E1
IAT C:\Windows\system32\wbem\wmiprvse.exe[3000] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 00B85C9F
IAT C:\Windows\system32\wbem\wmiprvse.exe[3000] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 00B85F49
IAT C:\Windows\system32\wbem\wmiprvse.exe[3000] @ C:\Windows\system32\shell32.dll [USER32.dll!EndDialog] 00B854E1
IAT C:\Windows\system32\wbem\wmiprvse.exe[3000] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 00B859DA
IAT C:\Windows\system32\taskeng.exe[3036] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00A459DA
IAT C:\Windows\system32\taskeng.exe[3036] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00A45860
IAT C:\Windows\system32\taskeng.exe[3036] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00A458C5
IAT C:\Windows\system32\taskeng.exe[3036] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00A45C9F
IAT C:\Windows\system32\taskeng.exe[3036] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00A45F49
IAT C:\Windows\system32\taskeng.exe[3036] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 00A454E1
IAT C:\Windows\system32\taskeng.exe[3036] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 00A459DA
IAT C:\Windows\system32\taskeng.exe[3036] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00A45F49
IAT C:\Windows\system32\taskeng.exe[3036] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 00A454E1
IAT C:\Windows\system32\taskeng.exe[3036] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00A45C9F
IAT C:\Windows\system32\taskeng.exe[3036] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00A45F49
IAT C:\Windows\system32\taskeng.exe[3036] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 00A454E1
IAT C:\Windows\system32\taskeng.exe[3036] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 00A459DA
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\Explorer.EXE [USER32.dll!TranslateMessage] 027B5F49
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\Explorer.EXE [USER32.dll!EndDialog] 027B54E1
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747C88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [748098A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [747CB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [747BFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747C7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [747BEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [747FB17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [747CBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [747C074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747C06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747B71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7484D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [747E7379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [747BE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [747B697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [747B69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747C2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 027B59DA
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 027B5860
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 027B58C5
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 027B5F49
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 027B54E1
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 027B5C9F
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 027B5F49
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 027B54E1
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 027B59DA
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 027B5C9F
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 027B5F49
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 027B54E1
IAT C:\Windows\Explorer.EXE[3044] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 027B59DA
IAT C:\Program Files\Windows Defender\MSASCui.exe[3240] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00AA59DA
IAT C:\Program Files\Windows Defender\MSASCui.exe[3240] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00AA5860
IAT C:\Program Files\Windows Defender\MSASCui.exe[3240] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00AA58C5
IAT C:\Program Files\Windows Defender\MSASCui.exe[3240] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00AA5C9F
IAT C:\Program Files\Windows Defender\MSASCui.exe[3240] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00AA5F49
IAT C:\Program Files\Windows Defender\MSASCui.exe[3240] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 00AA54E1
IAT C:\Program Files\Windows Defender\MSASCui.exe[3240] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 00AA59DA
IAT C:\Program Files\Windows Defender\MSASCui.exe[3240] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00AA5F49
IAT C:\Program Files\Windows Defender\MSASCui.exe[3240] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 00AA54E1
IAT C:\Program Files\Windows Defender\MSASCui.exe[3240] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00AA5C9F
IAT C:\Program Files\Windows Defender\MSASCui.exe[3240] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00AA5F49
IAT C:\Program Files\Windows Defender\MSASCui.exe[3240] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 00AA54E1
IAT C:\Program Files\Windows Defender\MSASCui.exe[3240] @ C:\Windows\system32\ws2_32.dll [ntdll.dll!NtQueryDirectoryFile] 00AA59DA
IAT C:\Windows\RtHDVCpl.exe[3252] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 01DA59DA
IAT C:\Windows\RtHDVCpl.exe[3252] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01DA5860
IAT C:\Windows\RtHDVCpl.exe[3252] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01DA58C5
IAT C:\Windows\RtHDVCpl.exe[3252] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 01DA5C9F
IAT C:\Windows\RtHDVCpl.exe[3252] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 01DA5F49
IAT C:\Windows\RtHDVCpl.exe[3252] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01DA5F49
IAT C:\Windows\RtHDVCpl.exe[3252] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 01DA54E1
IAT C:\Windows\RtHDVCpl.exe[3252] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 01DA5C9F
IAT C:\Windows\RtHDVCpl.exe[3252] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 01DA5F49
IAT C:\Windows\RtHDVCpl.exe[3252] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 01DA54E1
IAT C:\Windows\RtHDVCpl.exe[3252] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 01DA59DA
IAT C:\Windows\RtHDVCpl.exe[3252] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 01DA54E1
IAT C:\Windows\RtHDVCpl.exe[3252] @ C:\Windows\system32\ws2_32.dll [ntdll.dll!NtQueryDirectoryFile] 01DA59DA
IAT C:\Windows\system32\sdra64.exe[3288] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 014D59DA
IAT C:\Windows\system32\sdra64.exe[3288] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 014D5860
IAT C:\Windows\system32\sdra64.exe[3288] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 014D58C5
IAT C:\Windows\system32\sdra64.exe[3288] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 014D5F49
IAT C:\Windows\system32\sdra64.exe[3288] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 014D54E1
IAT C:\Windows\system32\sdra64.exe[3288] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 014D5C9F
IAT C:\Windows\system32\sdra64.exe[3288] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 014D5F49
IAT C:\Windows\system32\sdra64.exe[3288] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 014D54E1
IAT C:\Windows\system32\sdra64.exe[3288] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 014D5C9F
IAT C:\Windows\system32\sdra64.exe[3288] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 014D5F49
IAT C:\Windows\system32\sdra64.exe[3288] @ C:\Windows\system32\shell32.dll [USER32.dll!EndDialog] 014D54E1
IAT C:\Windows\system32\sdra64.exe[3288] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 014D59DA
IAT C:\Windows\system32\sdra64.exe[3288] @ C:\Windows\system32\ws2_32.dll [ntdll.dll!NtQueryDirectoryFile] 014D59DA
IAT C:\Windows\System32\CTHELPER.EXE[3456] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00D659DA
IAT C:\Windows\System32\CTHELPER.EXE[3456] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00D65860
IAT C:\Windows\System32\CTHELPER.EXE[3456] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00D658C5
IAT C:\Windows\System32\CTHELPER.EXE[3456] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00D65C9F
IAT C:\Windows\System32\CTHELPER.EXE[3456] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00D65F49
IAT C:\Windows\System32\CTHELPER.EXE[3456] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 00D654E1
IAT C:\Windows\System32\CTHELPER.EXE[3456] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00D65F49
IAT C:\Windows\System32\CTHELPER.EXE[3456] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 00D654E1
IAT C:\Windows\System32\CTHELPER.EXE[3456] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 00D659DA
IAT C:\Windows\System32\CTHELPER.EXE[3456] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00D65C9F
IAT C:\Windows\System32\CTHELPER.EXE[3456] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00D65F49
IAT C:\Windows\System32\CTHELPER.EXE[3456] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 00D654E1
IAT C:\Windows\System32\CTHELPER.EXE[3456] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 00D659DA
IAT C:\Windows\System32\CTXFIHLP.EXE[3464] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 008059DA
IAT C:\Windows\System32\CTXFIHLP.EXE[3464] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00805860
IAT C:\Windows\System32\CTXFIHLP.EXE[3464] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 008058C5
IAT C:\Windows\System32\CTXFIHLP.EXE[3464] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00805C9F
IAT C:\Windows\System32\CTXFIHLP.EXE[3464] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00805F49
IAT C:\Windows\System32\CTXFIHLP.EXE[3464] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 008054E1
IAT C:\Windows\System32\CTXFIHLP.EXE[3464] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00805F49
IAT C:\Windows\System32\CTXFIHLP.EXE[3464] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 008054E1
IAT C:\Windows\System32\CTXFIHLP.EXE[3464] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 008059DA
IAT C:\Windows\System32\CTXFIHLP.EXE[3464] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00805C9F
IAT C:\Windows\System32\CTXFIHLP.EXE[3464] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00805F49
IAT C:\Windows\System32\CTXFIHLP.EXE[3464] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 008054E1
IAT C:\Windows\System32\CTXFIHLP.EXE[3464] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 008059DA
IAT C:\Program Files\Syncrosoft\POS\H2O\cledx.exe[3472] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 01AD59DA
IAT C:\Program Files\Syncrosoft\POS\H2O\cledx.exe[3472] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01AD5860
IAT C:\Program Files\Syncrosoft\POS\H2O\cledx.exe[3472] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01AD58C5
IAT C:\Program Files\Syncrosoft\POS\H2O\cledx.exe[3472] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 01AD54E1
IAT C:\Program Files\Syncrosoft\POS\H2O\cledx.exe[3472] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01AD5F49
IAT C:\Program Files\Syncrosoft\POS\H2O\cledx.exe[3472] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 01AD54E1
IAT C:\Program Files\Syncrosoft\POS\H2O\cledx.exe[3472] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 01AD5C9F
IAT C:\Program Files\Syncrosoft\POS\H2O\cledx.exe[3472] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 01AD5F49
IAT C:\Program Files\Syncrosoft\POS\H2O\cledx.exe[3472] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 01AD5C9F
IAT C:\Program Files\Syncrosoft\POS\H2O\cledx.exe[3472] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 01AD5F49
IAT C:\Program Files\Syncrosoft\POS\H2O\cledx.exe[3472] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 01AD54E1
IAT C:\Program Files\Syncrosoft\POS\H2O\cledx.exe[3472] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 01AD59DA
IAT C:\Program Files\Syncrosoft\POS\H2O\cledx.exe[3472] @ C:\Windows\system32\ws2_32.dll [ntdll.dll!NtQueryDirectoryFile] 01AD59DA
IAT C:\Program Files\Microsoft IntelliType Pro\itype.exe[3480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 01AD59DA
IAT C:\Program Files\Microsoft IntelliType Pro\itype.exe[3480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01AD5860
IAT C:\Program Files\Microsoft IntelliType Pro\itype.exe[3480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01AD58C5
IAT C:\Program Files\Microsoft IntelliType Pro\itype.exe[3480] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01AD5F49
IAT C:\Program Files\Microsoft IntelliType Pro\itype.exe[3480] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 01AD54E1
IAT C:\Program Files\Microsoft IntelliType Pro\itype.exe[3480] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 01AD5C9F
IAT C:\Program Files\Microsoft IntelliType Pro\itype.exe[3480] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 01AD5F49
IAT C:\Program Files\Microsoft IntelliType Pro\itype.exe[3480] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 01AD54E1
IAT C:\Program Files\Microsoft IntelliType Pro\itype.exe[3480] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 01AD59DA
IAT C:\Program Files\Microsoft IntelliType Pro\itype.exe[3480] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 01AD5C9F
IAT C:\Program Files\Microsoft IntelliType Pro\itype.exe[3480] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 01AD5F49
IAT C:\Program Files\Microsoft IntelliType Pro\itype.exe[3480] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 01AD59DA
IAT C:\Program Files\Microsoft IntelliType Pro\itype.exe[3480] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 01AD54E1
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3532] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 029D59DA
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3532] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 029D5860
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3532] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 029D58C5
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3532] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 029D5C9F
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3532] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 029D5F49
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3532] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 029D54E1
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3532] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 029D59DA
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3532] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 029D5F49
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3532] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 029D54E1
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3532] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 029D5C9F
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3532] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 029D5F49
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3532] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 029D59DA
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3532] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 029D54E1
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3568] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 003E59DA
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3568] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 003E5860
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3568] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003E58C5
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3568] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 003E54E1
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3568] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 003E5F49
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3568] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 003E54E1
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3568] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 003E5C9F
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3568] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 003E5F49
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3568] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 003E5C9F
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3568] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 003E5F49
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3568] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 003E54E1
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3568] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 003E59DA
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3568] @ C:\Windows\system32\ws2_32.dll [ntdll.dll!NtQueryDirectoryFile] 003E59DA
IAT C:\Windows\ehome\ehmsas.exe[3688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 008A59DA
IAT C:\Windows\ehome\ehmsas.exe[3688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 008A5860
IAT C:\Windows\ehome\ehmsas.exe[3688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 008A58C5
IAT C:\Windows\ehome\ehmsas.exe[3688] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 008A5C9F
IAT C:\Windows\ehome\ehmsas.exe[3688] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 008A5F49
IAT C:\Windows\ehome\ehmsas.exe[3688] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 008A54E1
IAT C:\Windows\ehome\ehmsas.exe[3688] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 008A5F49
IAT C:\Windows\ehome\ehmsas.exe[3688] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 008A54E1
IAT C:\Windows\ehome\ehmsas.exe[3688] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 008A5C9F
IAT C:\Windows\ehome\ehmsas.exe[3688] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 008A5F49
IAT C:\Windows\ehome\ehmsas.exe[3688] @ C:\Windows\system32\shell32.dll [USER32.dll!EndDialog] 008A54E1
IAT C:\Windows\ehome\ehmsas.exe[3688] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 008A59DA
IAT C:\Windows\ehome\ehmsas.exe[3688] @ C:\Windows\system32\ws2_32.dll [ntdll.dll!NtQueryDirectoryFile] 008A59DA
IAT C:\Windows\System32\rundll32.exe[3896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 003459DA
IAT C:\Windows\System32\rundll32.exe[3896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00345860
IAT C:\Windows\System32\rundll32.exe[3896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003458C5
IAT C:\Windows\System32\rundll32.exe[3896] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00345C9F
IAT C:\Windows\System32\rundll32.exe[3896] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00345F49
IAT C:\Windows\System32\rundll32.exe[3896] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 003454E1
IAT C:\Windows\System32\rundll32.exe[3896] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 003459DA
IAT C:\Windows\System32\rundll32.exe[3896] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00345F49
IAT C:\Windows\System32\rundll32.exe[3896] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 003454E1
IAT C:\Windows\System32\rundll32.exe[3896] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00345C9F
IAT C:\Windows\System32\rundll32.exe[3896] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00345F49
IAT C:\Windows\System32\rundll32.exe[3896] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 003454E1
IAT C:\Windows\System32\rundll32.exe[3896] @ C:\Windows\system32\ws2_32.dll [ntdll.dll!NtQueryDirectoryFile] 003459DA
IAT C:\Windows\system32\wbem\unsecapp.exe[3964] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004259DA
IAT C:\Windows\system32\wbem\unsecapp.exe[3964] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00425860
IAT C:\Windows\system32\wbem\unsecapp.exe[3964] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004258C5
IAT C:\Windows\system32\wbem\unsecapp.exe[3964] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00425C9F
IAT C:\Windows\system32\wbem\unsecapp.exe[3964] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00425F49
IAT C:\Windows\system32\wbem\unsecapp.exe[3964] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 004254E1
IAT C:\Windows\system32\wbem\unsecapp.exe[3964] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00425F49
IAT C:\Windows\system32\wbem\unsecapp.exe[3964] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 004254E1
IAT C:\Windows\system32\wbem\unsecapp.exe[3964] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 004259DA
IAT C:\Windows\system32\wbem\unsecapp.exe[3964] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 00425C9F
IAT C:\Windows\system32\wbem\unsecapp.exe[3964] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 00425F49
IAT C:\Windows\system32\wbem\unsecapp.exe[3964] @ C:\Windows\system32\shell32.dll [USER32.dll!EndDialog] 004254E1
IAT C:\Windows\system32\wbem\unsecapp.exe[3964] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 004259DA
IAT C:\Windows\ehome\ehtray.exe[4076] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00C559DA
IAT C:\Windows\ehome\ehtray.exe[4076] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00C55860
IAT C:\Windows\ehome\ehtray.exe[4076] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00C558C5
IAT C:\Windows\ehome\ehtray.exe[4076] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00C55C9F
IAT C:\Windows\ehome\ehtray.exe[4076] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00C55F49
IAT C:\Windows\ehome\ehtray.exe[4076] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndDialog] 00C554E1
IAT C:\Windows\ehome\ehtray.exe[4076] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 00C559DA
IAT C:\Windows\ehome\ehtray.exe[4076] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00C55F49
IAT C:\Windows\ehome\ehtray.exe[4076] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!EndDialog] 00C554E1
IAT C:\Windows\ehome\ehtray.exe[4076] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00C55C9F
IAT C:\Windows\ehome\ehtray.exe[4076] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00C55F49
IAT C:\Windows\ehome\ehtray.exe[4076] @ C:\Windows\system32\WININET.dll [USER32.dll!EndDialog] 00C554E1
IAT C:\Windows\ehome\ehtray.exe[4076] @ C:\Windows\system32\ws2_32.dll [ntdll.dll!NtQueryDirectoryFile] 00C559DA

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85AF61E8
Device \Driver\volmgr \Device\VolMgrControl 85AF21E8
Device \Driver\usbuhci \Device\USBPDO-0 86D02790
Device \Driver\usbuhci \Device\USBPDO-1 86D02790
Device \Driver\usbuhci \Device\USBPDO-2 86D02790
Device \Driver\usbehci \Device\USBPDO-3 86BD0790
Device \Driver\usbuhci \Device\USBPDO-4 86D02790
Device \Driver\usbuhci \Device\USBPDO-5 86D02790
Device \Driver\usbuhci \Device\USBPDO-6 86D02790
Device \Driver\volmgr \Device\HarddiskVolume1 85AF21E8
Device \Driver\usbehci \Device\USBPDO-7 86BD0790
Device \Driver\cdrom \Device\CdRom0 86BC7790
Device \Driver\cdrom \Device\CdRom1 86BC7790
Device \Driver\atapi \Device\Ide\IdePort0 85AF41E8
Device \Driver\atapi \Device\Ide\IdePort1 85AF41E8
Device \Driver\atapi \Device\Ide\IdePort2 85AF41E8
Device \Driver\atapi \Device\Ide\IdePort3 85AF41E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 85AF41E8
Device \Driver\netbt \Device\NetBt_Wins_Export 885E2790
Device \Driver\netbt \Device\NetBT_Tcpip_{76EE9F6A-920E-42D4-BC6E-68D16C2DFC3D} 885E2790
Device \Driver\iScsiPrt \Device\RaidPort0 86BCC1E8
Device \Driver\PCI_NTPNP5511 \Device\0000005f sptd.sys
Device \Driver\usbuhci \Device\USBFDO-0 86D02790
Device \Driver\usbuhci \Device\USBFDO-1 86D02790
Device \Driver\usbuhci \Device\USBFDO-2 86D02790
Device \Driver\usbehci \Device\USBFDO-3 86BD0790
Device \Driver\usbuhci \Device\USBFDO-4 86D02790
Device \Driver\usbuhci \Device\USBFDO-5 86D02790
Device \Driver\usbuhci \Device\USBFDO-6 86D02790
Device \Driver\usbehci \Device\USBFDO-7 86BD0790
Device \Driver\JRAID \Device\Scsi\JRAID1 85AF51E8
Device \Driver\a90pepaw \Device\Scsi\a90pepaw1Port6Path0Target0Lun0 869661E8
Device \Driver\a90pepaw \Device\Scsi\a90pepaw1 869661E8
Device -> \Driver\atapi \Device\Harddisk0\DR0 85B9F618
---- Processes - GMER 1.0.15 ----

Library C:\Windows\system32\sdra64.exe (*** hidden *** ) @ C:\Windows\system32\sdra64.exe [3288] 0x00400000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x35 0xF5 0x6E 0x2A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x98 0x0C 0x83 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x52 0x58 0x3B 0x94 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x35 0xF5 0x6E 0x2A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x98 0x0C 0x83 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x52 0x58 0x3B 0x94 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Oberon Media\Links Course Challenge \x2013 Chateau Whistler\Uninstall.exe 1

---- Files - GMER 1.0.15 ----

File C:\Users\matt\Desktop\coldplay-viva_la_vida.mid 23356 bytes
File C:\Windows\System32\sdra64.exe 126976 bytes executable
File C:\Windows\System32\lowsec 0 bytes
File C:\Windows\System32\lowsec\local.ds 125448 bytes
File C:\Windows\System32\lowsec\user.ds 0 bytes
File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


A few things, Once I ran the gmer log I received a warning msg that I accidently closed. It read something like "Gmer saw rootkit changed a file" Or something along those lines. Also, I have been receiving a msg upon startup from windows reading:

Posted Image

and yes I do have the vista disc

pop ups are still occurring

Caddie444

Edited by caddie444, 30 December 2009 - 06:19 PM.


#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:43 AM

Posted 30 December 2009 - 07:00 PM

Ok.
Let's proceed...

==========

Please do not forget to right click and run as Admin when your running my programs in Windows!!

==========

Print these instructions please
  • Insert the Windows Vista CD-ROM into the CD-ROM drive, and click on My Computer. Take note of the drive letter assignment for the CD-ROM. It is probably "D". Remove the disc.
  • Restart your computer
  • Before Windows loads, you will be prompted to choose which Operating System to start
  • Use the up and down arrow key to select Microsoft Windows Recovery Console
  • You must enter which Windows installation to log onto. Type the number that corresponds to your c drive and press enter.

  • Please replace the Vista install disc now

  • At the C:\Windows prompt, type the following bolded text, and press Enter:

  • A command prompt will open
  • Type the green bolded one line at a time and press Enter after entering each line.

    Please note: 'D' signifies the drive letter of your CD-ROM drive!! Please adjust accordingly. <--- Important!!

    ren C:\Windows\System32\drivers\atapi.sys atapi.old
    copy D:\i386\atapi.sys c:\windows\system32\drivers


  • Type "Exit" and restart the computer.
==========

Re-run RKill

==========

Right click and delete your current copy of Combofix.

Download and Run ComboFix (by sUBs)

You must rename it before saving it.

Posted Image

Posted Image

Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.
Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

==========

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *atapi.sy*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

==========

Re-run Gmer and post a log.

==========

With your next post please provide:

* Combofix.txt
* Gmer log
* How is it running?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:43 AM

Posted 31 December 2009 - 10:35 AM

In addition to my prior post please print this command. The atapi file that we need to copy from your Vista disc might be in a compressed form. When you enter the command from my prior post if it notifies you that the file does not exist then run this command please.

expand D:\i386\atapi.sy_ c:\windows\system32\drivers

Please note the underscore after .sy
Please also note the single empty space between the underscore and c:\

Thanks,
~ t

Edited by thcbytes, 31 December 2009 - 10:39 AM.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 caddie444

caddie444
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 31 December 2009 - 01:50 PM

I will be away from my computer until Jan 2nd, so will not have a chance to implement these procedures until then. Please do not lock/delete this thread.

A happy new year to you and yours Thcbytes! :(

Caddie444

#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:43 AM

Posted 31 December 2009 - 03:22 PM

Happy New Years to you and yours also. :(

Thanks for the notification. I will be here when you return.

Till next year.......
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users