Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

spyware - a google selection goes to a different page


  • This topic is locked This topic is locked
20 replies to this topic

#1 harryspotter

harryspotter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 30 December 2009 - 07:54 AM

Hi. a couple of weeks ago I started to experience the problem where I would google something and when i click on my selected page it would take me off to some kind of esupermarket page or other. Now its started to open an additional page as well. I have avast installed, just installled and ran malwarebytes and super antispyware. They found numerous problems but there is still a problem.

I would like to try to get rid of it before I have to do a complete install so your help is appreciated. My DDS log is below. I have attached some others that may be of help.

I also keep getting the following messages

1. dell wireless wlan card wireless network controller stopped working - however I know it is working

2. A program can't display a message on your desktop

Thanks

Mark


DDS (Ver_09-12-01.01) - NTFSx86
Run by HarrySpotter at 12:31:44.07 on 30/12/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2037.894 [GMT 0:00]

AV: avast! antivirus 4.8.1296 [VPS 090128-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: avast! antivirus 4.8.1296 [VPS 090128-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k rpcss
C:WindowsSystem32svchost.exe -k secsvcs
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32SLsvc.exe
C:Windowssystem32svchost.exe -k LocalService
C:WindowsSystem32WLTRYSVC.EXE
C:Windowssystem32WLANExt.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WindowsSystem32spoolsv.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Windowssystem32aestsrv.exe
C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:Windowssystem32STacSV.exe
C:Windowssystem32svchost.exe -k imgsvc
C:WindowsSystem32svchost.exe -k WerSvcGroup
C:Windowssystem32DRIVERSxaudio.exe
C:Windowssystem32taskeng.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WindowsSystem32alg.exe
C:Program FilesWindows Media Playerwmpnetwk.exe
C:Windowssystem32vssvc.exe
C:WindowsSystem32svchost.exe -k swprv
C:WindowsTEMPapin.tmpsvchost.exe
C:Windowssystem32UI0Detect.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Windowssystem32wermgr.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesDellTPadApoint.exe
C:WindowsOEM02Mon.exe
C:WindowsSystem32igfxtray.exe
C:WindowsSystem32igfxpers.exe
C:Program FilesJavajre1.6.0binjusched.exe
C:Program FilesDellDell Webcam ManagerDellWMgr.exe
C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe
C:Windowssystem32igfxsrvc.exe
C:Program FilesDellMediaDirectPCMService.exe
C:Program FilesAlwil SoftwareAvast4ashDisp.exe
C:Program FilesSigmatelC-Major AudioWDMsttray.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesDellTPadApMsgFwd.exe
C:Program FilesSkypePhoneSkype.exe
C:UsersHarrySpotterAppDataLocalGoogleUpdateGoogleUpdate.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesDellQuickSetquickset.exe
C:Program FilesDellTPadHidFind.exe
C:Windowssystem32wbemwmiprvse.exe
C:Program FilesDellTPadApntex.exe
C:WindowsSystem32svchost.exe -k NetworkService
C:Program FilesSkypePlugin ManagerskypePM.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesSkypeToolbarsSharedSkypeNames.exe
C:Windowssystem32SearchIndexer.exe
C:Program FilesJavajre1.6.0binjucheck.exe
C:Windowssystem32wuauclt.exe
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32SearchFilterHost.exe
C:UsersHarrySpotterDesktopdds.scr
C:Windowssystem32DllHost.exe
C:WindowsSystem32bcmwltry.exe
C:Windowssystem32WerFault.exe
C:Windowssystem32wbemwmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uWindow Title = Internet Explorer provided by Dell
mWinlogon: Userinit=c:windowssystem32userinit.exe,c:windowssystem32sdra64.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:program filesskypetoolbarsinternet explorerSkypeIEPlugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre1.6.0binssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.4.4525.1752swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:program filesdellbaeBAE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
uRun: [swg] "c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:program fileswindows media playerWMPNSCFG.exe
uRun: [Skype] "c:program filesskypephoneSkype.exe" /nosplash /minimized
uRun: [Google Update] "c:usersharryspotterappdatalocalgoogleupdateGoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:program filessuperantispywareSUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
mRun: [Apoint] c:program filesdelltpadApoint.exe
mRun: [OEM02Mon.exe] c:windowsOEM02Mon.exe
mRun: [IgfxTray] c:windowssystem32igfxtray.exe
mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe
mRun: [Persistence] c:windowssystem32igfxpers.exe
mRun: [SunJavaUpdateSched] "c:program filesjavajre1.6.0binjusched.exe"
mRun: [DELL Webcam Manager] "c:program filesdelldell webcam managerDellWMgr.exe" /s
mRun: [IAAnotif] "c:program filesintelintel matrix storage managerIaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:windowssystem32WLTRAY.exe
mRun: [dscactivate] "c:program filesdell support centergs_agentcustomdsca.exe"
mRun: [PCMService] "c:program filesdellmediadirectPCMService.exe"
mRun: [avast!] c:progra~1alwils~1avast4ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 8.0readerReader_sl.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%SigmaTelC-Major AudioWDMsttray.exe
StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupdigita~1.lnk - c:program filesdigital line detectDLG.exe
StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupmicros~1.lnk - c:program filesmicrosoft officeofficeOSA9.EXE
StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupquickset.lnk - c:program filesdellquicksetquickset.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:program filesgooglegoogle toolbarcomponentGoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:program filesjavajre1.6.0binnpjpi160.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:program filesskypetoolbarsinternet explorerSkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:program filesskypetoolbarsinternet explorerSkypeIEPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:program filestiscalitiscali internetdllstiscalifilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1common~1skypeSKYPE4~1.DLL
Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.dll
Notify: GoToAssist - c:program filescitrixgotoassist514G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [2009-1-8 114768]
R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2009-12-16 74480]
R2 AESTFilters;Andrea ST Filters Service;c:windowssystem32AEstSrv.exe [2008-6-24 73728]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2009-1-8 20560]
R2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [2009-1-8 53328]
R2 avast! Antivirus;avast! Antivirus;c:program filesalwil softwareavast4ashServ.exe [2009-1-8 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:program filesalwil softwareavast4ashMaiSv.exe [2009-1-8 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:program filesalwil softwareavast4ashWebSv.exe [2009-1-8 352920]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:windowssystem32driversIntcHdmi.sys [2008-6-24 111616]
R3 SASENUM;SASENUM;c:program filessuperantispywareSASENUM.SYS [2009-12-16 7408]

=============== Created Last 30 ================

2009-12-30 10:14:12 37 ----a-w- C:Autorun.inf
2009-12-30 10:14:12 163840 ----a-w- C:svchost.exe
2009-12-25 01:30:50 0 d-----w- c:programdataWindowsSearch
2009-12-24 20:28:12 0 d-sh--w- c:windowssystem32lowsec
2009-12-23 20:29:36 0 d-----w- c:program filesTrendMicro
2009-12-23 19:45:22 0 d-----w- c:programdataCA
2009-12-23 16:58:25 0 d-----w- c:programdataSUPERAntiSpyware.com
2009-12-23 16:58:09 0 d-----w- c:usersharrys~1appdataroamingSUPERAntiSpyware.com
2009-12-23 16:58:09 0 d-----w- c:program filesSUPERAntiSpyware
2009-12-23 16:57:16 0 d-----w- c:program filescommon filesWise Installation Wizard
2009-12-23 16:57:15 0 d-----w- c:usersharrys~1appdataroamingMalwarebytes
2009-12-23 16:57:10 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2009-12-23 16:57:09 19160 ----a-w- c:windowssystem32driversmbam.sys
2009-12-23 16:57:09 0 d-----w- c:programdataMalwarebytes
2009-12-23 16:57:09 0 d-----w- c:program filesMalwarebytes' Anti-Malware
2009-12-23 16:43:12 287414590 ----a-w- c:windowsMEMORY.DMP
2009-12-22 11:52:31 65536 --sha-w- c:usersharryspotterntuser.dat{ea387c29-eee1-11de-88ec-00219bce9094}.TM.blf
2009-12-22 11:52:31 524288 --sha-w- c:usersharryspotterntuser.dat{ea387c29-eee1-11de-88ec-00219bce9094}.TMContainer00000000000000000002.regtrans-ms
2009-12-22 11:52:31 524288 --sha-w- c:usersharryspotterntuser.dat{ea387c29-eee1-11de-88ec-00219bce9094}.TMContainer00000000000000000001.regtrans-ms
2009-12-22 10:10:17 65536 --sha-w- c:usersharryspotterNTUSER.DAT{680412c9-ee5d-11de-89d2-00219bce9094}.TM.blf
2009-12-22 10:10:17 524288 --sha-w- c:usersharryspotterNTUSER.DAT{680412c9-ee5d-11de-89d2-00219bce9094}.TMContainer00000000000000000002.regtrans-ms
2009-12-22 10:10:17 524288 --sha-w- c:usersharryspotterNTUSER.DAT{680412c9-ee5d-11de-89d2-00219bce9094}.TMContainer00000000000000000001.regtrans-ms
2009-12-13 19:49:06 24064 ----a-w- c:windowssystem32nshhttp.dll
2009-12-13 19:49:01 411136 ----a-w- c:windowssystem32drivershttp.sys
2009-12-13 19:49:01 31232 ----a-w- c:windowssystem32httpapi.dll
2009-12-10 19:16:42 244224 ----a-w- c:windowssystem32rastls.dll
2009-12-10 19:16:41 281600 ----a-w- c:windowssystem32raschap.dll

==================== Find3M ====================

2009-12-22 12:11:59 304920 ----a-w- c:windowssystem32driversiaStor.sys
2009-11-24 23:49:48 53328 ----a-w- c:windowssystem32driversaswMonFlt.sys
2009-11-02 20:42:06 195456 ------w- c:windowssystem32MpSigStub.exe
2009-10-29 09:41:23 2048 ----a-w- c:windowssystem32tzres.dll
2009-10-27 13:20:19 833024 ----a-w- c:windowssystem32wininet.dll
2009-10-27 13:16:28 78336 ----a-w- c:windowssystem32ieencode.dll
2009-10-27 10:55:39 26624 ----a-w- c:windowssystem32ieUnatt.exe
2009-01-29 09:29:01 174 --sha-w- c:program filesdesktop.ini
2009-01-29 09:28:19 86016 ----a-w- c:windowsinfinfstor.dat
2009-01-29 09:28:19 51200 ----a-w- c:windowsinfinfpub.dat
2009-01-29 09:28:19 143360 ----a-w- c:windowsinfinfstrng.dat
2009-01-29 09:22:07 665600 ----a-w- c:windowsinfdrvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:windowsinfperflib0409perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:windowsinfperflib0409perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:windowsinfperflib0409perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:windowsinfperflib0409perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfc.dat
2008-06-24 01:48:24 76 --sh--r- c:windowsCT4CET.bin
2008-07-28 12:39:27 16384 --sha-w- c:windowstempcookiesindex.dat
2008-07-28 12:39:27 16384 --sha-w- c:windowstemphistoryhistory.ie5index.dat
2008-07-28 12:39:27 32768 --sha-w- c:windowstemptemporary internet filescontent.ie5index.dat
2008-06-24 09:26:22 8192 --sha-w- c:windowsusersdefaultNTUSER.DAT

============= FINISH: 12:34:36.76 ===============

Also I keep getting an avast warning of a rootkit spyware problem



While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large, as are other comparable sites that help others with malware issues. Athough our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, you wouldn't want someone to assist you who is not familiar with your issue and attempt to fix it, would you?

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Edited by garmanma, 04 January 2010 - 10:07 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:08 PM

Posted 09 January 2010 - 11:11 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:08 PM

Posted 14 January 2010 - 08:30 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:08 PM

Posted 15 January 2010 - 06:16 AM

Topic reopened.

Please post your logs.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 harryspotter

harryspotter
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 15 January 2010 - 10:51 AM

Hi, I have attached the logs below.

A couple of weeks ago I started to experience the problem where I would google something and when i click on my selected page it would take me off to some kind of esupermarket page or other. Now its started to open an additional page as well. I have avast installed, just installled and ran malwarebytes and super antispyware. They found numerous problems but there is still a problem.

I would like to try to get rid of it before I have to do a complete install so your help is appreciated. My DDS log is below. I have attached some others that may be of help.

I also keep getting the following messages

1. dell wireless wlan card wireless network controller stopped working - however I know it is working

2. A program can't display a message on your desktop



OTL Extras logfile created on: 15/01/2010 10:58:10 - Run 1
OTL by OldTimer - Version 3.1.24.1 Folder = C:\Users\HarrySpotter\Desktop
Windows Vista Unlicensed product Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.11 Gb Total Space | 41.18 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.54 Gb Free Space | 55.42% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PINKSTER
Current User Name: HarrySpotter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3739840476-1799838778-598606433-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B2660D8-0F57-4669-A5EF-D77C9EBE871A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{17225752-D9BA-4CC8-BB43-EB71F7D2B560}" = rport=2869 | protocol=6 | dir=out | app=system |
"{2555DBC0-13AB-4615-B159-61EA0A4F001F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4F65AF46-2095-4858-AB67-FA85E88F30B9}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6253386A-96FC-4AD4-A024-F23A4E71A12A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{633BAB80-CAA5-4570-B04C-8E9AEEFD8860}" = lport=2869 | protocol=6 | dir=in | app=system |
"{71217344-AE8F-4AE4-A2C9-D2CEF56A64CC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7641C009-20D3-4887-A9BB-E69CEA23FC40}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7CF8FE2A-A470-4AC0-8B11-8B256BD5E055}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{926FC141-4380-4A08-9374-B0925CE00655}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9C47D6C6-0ACB-49FE-8E2D-57054C606F4B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9E875844-A4DC-410E-853B-D510A7FC2674}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FCDB09D-87AA-405A-8850-BB500D1DE7B2}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AF83C2D6-BACC-45F6-BF8A-5666F8EA6099}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BB1FF0A4-A83E-4CA1-A53D-328DDD72447B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BFFBDD0D-A4CE-4CF1-9CE2-5EF612717C54}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F63CD6AA-0BA4-4E02-866A-198653A89767}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BA88150-C8E6-4B1F-BA44-4929046480A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0EF56FCE-3ED4-4317-84F9-5A13CF69B3AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1B0A2BB0-A25D-4883-A512-817462D4FD12}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{2E8F9C5B-1C6E-46CA-BEF1-C027ACA7E4F3}" = protocol=6 | dir=out | app=system |
"{311C8BA2-7568-4852-8816-CDE4155D7B78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{494FD5C5-C2EF-4394-B8CD-E324C06C13ED}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{5D48C7B2-2B2B-4093-8A3B-8E0516DDF925}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7DA442B3-1DD6-43DA-980B-36EC8160C5FC}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{86F0DD38-DD6A-47E0-AE6C-D6D6F75A26E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{874DB74F-0473-4469-A753-D9F2ACC841F9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9465A3DB-B2B3-429F-9FED-AFFFDB3C1706}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{9473D946-2160-4724-906C-EFFF7A70CCE0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97178620-E785-4D84-83C3-B28F0FF89209}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9DED17FF-58C2-485D-B503-F327E3D96B12}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{B994C60C-D3D2-4412-AA6B-05D4FF819001}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDE9DC65-8E2C-4882-BCFB-CDD29634A4DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD1F9B7C-7417-4D93-A72C-14A1D56142C8}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E0354FE0-4718-4454-8551-81BD889C904F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E1940216-4036-4AC7-BDC2-5A3038A61C50}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5F44220-CE03-4F37-AE88-2EC4469369F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1130CB55-7507-4BC5-BC27-1AAD33F34E2A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{38B3D6CC-49AE-410B-A367-CDAE8DF2FC34}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"TCP Query User{92AF424E-DB78-4F1C-9A77-24C0D2628D14}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A573B978-620C-433D-B848-BEA3BD13C560}C:\program files\sti\sterlingtraderpro\base.exe" = protocol=6 | dir=in | app=c:\program files\sti\sterlingtraderpro\base.exe |
"UDP Query User{46A80713-6F06-46B2-876C-31383E0ECA7D}C:\program files\sti\sterlingtraderpro\base.exe" = protocol=17 | dir=in | app=c:\program files\sti\sterlingtraderpro\base.exe |
"UDP Query User{733231D6-B9A6-4EBF-83F9-89D2CFB621FE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{933B63E5-20F4-4A14-A7DA-F2B2359C16A6}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"UDP Query User{99951CEE-ABD2-4C5A-9DA6-1D8BE74377BF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"avast!" = avast! Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"GoToAssist" = GoToAssist 8.0.0.514
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3739840476-1799838778-598606433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.0.0.320
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 29/01/2009 09:10:04 | Computer Name = Pinkster | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.gadgetech.info/treo/tips/java/R...11.1.7.1023.cab
failed, 00000026.

Error - 21/05/2009 08:09:32 | Computer Name = Pinkster | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\MKFP-PC4\Desktop\Lead tracker.xls failed, 00000040.

Error - 26/07/2009 06:10:28 | Computer Name = Pinkster | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\HarrySpotter\AppData\Local\Temp\Temp2_mk acer desk.zip\unused icons\trigold\Saved\000000090001.RTF
failed, 00000026.

Error - 23/11/2009 10:12:35 | Computer Name = Pinkster | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\MKFP-PC4\Desktop\Lead tracker.xls failed, 00000006.

[ Application Events ]
Error - 07/01/2010 11:37:01 | Computer Name = Pinkster | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000111ff, process id 0x634, application start time
0x01ca8faf410f1ced.

Error - 07/01/2010 11:37:07 | Computer Name = Pinkster | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000111ff, process id 0x1428, application start time
0x01ca8faf449f488d.

Error - 07/01/2010 11:37:12 | Computer Name = Pinkster | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000111ff, process id 0xf64, application start time
0x01ca8faf482784ed.

Error - 07/01/2010 11:37:18 | Computer Name = Pinkster | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000111ff, process id 0x11e8, application start time
0x01ca8faf4bc0b13d.

Error - 07/01/2010 11:37:25 | Computer Name = Pinkster | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000111ff, process id 0xa1c, application start time
0x01ca8faf4f5e4a5d.

Error - 07/01/2010 11:37:31 | Computer Name = Pinkster | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000111ff, process id 0x5ec, application start time
0x01ca8faf5303367d.

Error - 07/01/2010 11:37:37 | Computer Name = Pinkster | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000111ff, process id 0x1788, application start time
0x01ca8faf56a5ffbd.

Error - 07/01/2010 11:37:43 | Computer Name = Pinkster | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000111ff, process id 0x12b0, application start time
0x01ca8faf5a3a711d.

Error - 07/01/2010 11:37:49 | Computer Name = Pinkster | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000111ff, process id 0xea8, application start time
0x01ca8faf5dcac3cd.

Error - 07/01/2010 11:37:55 | Computer Name = Pinkster | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000111ff, process id 0x126c, application start time
0x01ca8faf615d877d.

[ Broadcom Wireless LAN Events ]
Error - 20/04/2009 07:33:05 | Computer Name = Pinkster | Source = WLAN-Tray | ID = 0
Description = 12:33:04, Mon, Apr 20, 09 Error - Unable to gain access to user store


Error - 20/04/2009 08:21:28 | Computer Name = Pinkster | Source = WLAN-Tray | ID = 0
Description = 13:21:28, Mon, Apr 20, 09 Error - Unable to gain access to user store


Error - 20/04/2009 08:26:43 | Computer Name = Pinkster | Source = WLAN-Tray | ID = 0
Description = 13:26:43, Mon, Apr 20, 09 Error - Unable to gain access to user store


Error - 23/04/2009 12:08:32 | Computer Name = Pinkster | Source = WLAN-Tray | ID = 0
Description = 17:08:32, Thu, Apr 23, 09 Error - Unable to gain access to user store


Error - 23/04/2009 12:13:46 | Computer Name = Pinkster | Source = WLAN-Tray | ID = 0
Description = 17:13:46, Thu, Apr 23, 09 Error - Unable to gain access to user store


Error - 10/06/2009 04:27:46 | Computer Name = Pinkster | Source = WLAN-Tray | ID = 0
Description = 09:27:46, Wed, Jun 10, 09 Error - Unable to gain access to user store


Error - 10/06/2009 04:33:01 | Computer Name = Pinkster | Source = WLAN-Tray | ID = 0
Description = 09:33:01, Wed, Jun 10, 09 Error - Unable to gain access to user store


Error - 11/06/2009 04:09:12 | Computer Name = Pinkster | Source = WLAN-Tray | ID = 0
Description = 09:09:11, Thu, Jun 11, 09 Error - Unable to gain access to user store


Error - 18/06/2009 11:18:18 | Computer Name = Pinkster | Source = WLAN-Tray | ID = 0
Description = 16:18:18, Thu, Jun 18, 09 Error - Unable to gain access to user store


Error - 18/06/2009 11:23:33 | Computer Name = Pinkster | Source = WLAN-Tray | ID = 0
Description = 16:23:33, Thu, Jun 18, 09 Error - Unable to gain access to user store


[ System Events ]
Error - 22/12/2009 06:09:30 | Computer Name = Pinkster | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.101 for the Network Card with network
address 001644C95CF2 has been denied by the DHCP server 10.0.0.138 (The DHCP Server
sent a DHCPNACK message).

Error - 22/12/2009 06:09:36 | Computer Name = Pinkster | Source = HTTP | ID = 15016
Description =

Error - 22/12/2009 06:10:12 | Computer Name = Pinkster | Source = Service Control Manager | ID = 7000
Description =

Error - 22/12/2009 06:10:24 | Computer Name = Pinkster | Source = Service Control Manager | ID = 7000
Description =

Error - 22/12/2009 06:10:24 | Computer Name = Pinkster | Source = Service Control Manager | ID = 7000
Description =

Error - 22/12/2009 06:10:25 | Computer Name = Pinkster | Source = Service Control Manager | ID = 7000
Description =

Error - 22/12/2009 06:10:26 | Computer Name = Pinkster | Source = Service Control Manager | ID = 7000
Description =

Error - 22/12/2009 06:10:36 | Computer Name = Pinkster | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 22/12/2009 06:12:01 | Computer Name = Pinkster | Source = Service Control Manager | ID = 7000
Description =

Error - 22/12/2009 06:12:02 | Computer Name = Pinkster | Source = Service Control Manager | ID = 7000
Description =


< End of report >


OTL logfile created on: 15/01/2010 10:58:10 - Run 1
OTL by OldTimer - Version 3.1.24.1 Folder = C:\Users\HarrySpotter\Desktop
Windows Vista Unlicensed product Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.11 Gb Total Space | 41.18 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.54 Gb Free Space | 55.42% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PINKSTER
Current User Name: HarrySpotter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/15 10:55:12 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Users\HarrySpotter\Desktop\OTL.exe
PRC - [2009/11/24 23:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 23:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 23:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 23:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 23:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/10/27 13:24:29 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/09/02 14:27:36 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/09/02 14:27:36 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/08/03 19:05:02 | 00,238,888 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
PRC - [2008/10/29 06:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/26 11:02:04 | 02,356,088 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
PRC - [2008/06/24 01:45:49 | 00,272,000 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
PRC - [2008/05/16 12:17:38 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2008/05/16 12:16:26 | 02,506,752 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE
PRC - [2008/05/04 09:25:32 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/05/04 09:25:26 | 00,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/05/04 09:25:26 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/04 09:25:26 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/03/06 07:58:24 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/03/06 07:58:24 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2008/03/06 07:58:14 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/03/06 07:58:10 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/03/04 05:05:24 | 00,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2008/02/22 16:01:38 | 01,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/01/19 07:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 07:38:14 | 00,163,840 | R--- | M] () -- C:\Windows\System32\sdra64.exe
PRC - [2008/01/19 07:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/12/21 09:58:06 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/11/12 11:07:24 | 00,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/11/12 11:07:20 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 11:07:16 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/07/27 15:43:34 | 00,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/03/21 12:00:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 12:00:00 | 00,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/11/03 17:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/08/05 00:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe


========== Modules (SafeList) ==========

MOD - [2010/01/15 10:55:12 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Users\HarrySpotter\Desktop\OTL.exe
MOD - [2008/01/19 07:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/24 23:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 23:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 23:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 23:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/06/24 02:05:36 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/05/16 12:17:38 | 00,024,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2008/01/19 07:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/02 17:34:30 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/11/12 11:07:20 | 00,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 11:07:16 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 12:00:04 | 00,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/11/02 12:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/08/05 00:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)


========== Driver Services (SafeList) ==========

DRV - [2009/12/22 12:11:59 | 00,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2009/11/24 23:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 23:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 23:49:48 | 00,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/11/24 23:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 23:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/06/24 09:19:14 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/06/24 09:19:14 | 00,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/06/24 09:19:14 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/05/16 12:17:02 | 01,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/05/04 09:25:24 | 00,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 07:58:44 | 00,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/03/06 07:58:12 | 02,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/03/04 05:05:34 | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2008/03/04 05:05:18 | 00,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/11/14 02:00:00 | 00,043,840 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/11/12 11:07:28 | 00,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/29 05:31:54 | 00,278,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/09/06 16:35:16 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 16:35:14 | 00,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 16:35:12 | 00,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/03 02:43:30 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/03 02:42:18 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/03 02:42:08 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 09:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 09:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 09:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 09:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 09:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 09:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 09:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 09:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 09:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 09:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 09:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 09:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 09:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 09:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 09:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 09:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 09:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 09:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 09:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 09:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 09:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 08:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 07:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 07:30:55 | 00,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 07:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 06:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/08/05 00:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/19 21:26:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3739840476-1799838778-598606433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3739840476-1799838778-598606433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3739840476-1799838778-598606433-1000\S-1-5-21-3739840476-1799838778-598606433-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3739840476-1799838778-598606433-1000..\Run: [Google Update] C:\Users\HarrySpotter\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-3739840476-1799838778-598606433-1000..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-3739840476-1799838778-598606433-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\sdra64.exe) - C:\Windows\System32\sdra64.exe ()
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/14 10:58:44 | 00,000,036 | ---- | M] () - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/01/14 10:58:44 | 00,000,036 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{638d07dd-031c-11de-8d63-00219bce9094}\Shell\AutoRun\command - "" = J:\mvoyager.exe -- File not found
O33 - MountPoints2\{638d07dd-031c-11de-8d63-00219bce9094}\Shell\start\command - "" = J:\mvoyager.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /p \??\G:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/15 10:55:06 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Users\HarrySpotter\Desktop\OTL.exe
[2010/01/15 10:53:27 | 00,000,000 | ---D | C] -- C:\Users\HarrySpotter\Desktop\rutter
[2009/12/30 12:36:04 | 00,000,000 | ---D | C] -- C:\Users\HarrySpotter\Desktop\spy
[2009/12/25 01:30:50 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/12/24 20:28:12 | 00,000,000 | -HSD | C] -- C:\Windows\System32\lowsec
[2009/12/23 20:29:36 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2009/12/23 19:45:22 | 00,000,000 | ---D | C] -- C:\ProgramData\CA
[2009/12/23 16:58:25 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/12/23 16:57:15 | 00,000,000 | ---D | C] -- C:\Users\HarrySpotter\AppData\Roaming\Malwarebytes
[2009/12/23 16:57:09 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/23 16:43:50 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/12/20 23:13:15 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/12/20 23:12:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/12/20 23:11:57 | 00,000,000 | ---D | C] -- C:\Users\HarrySpotter\AppData\Local\Apple
[2009/12/20 23:11:54 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/12/18 19:41:45 | 00,000,000 | ---D | C] -- C:\Users\HarrySpotter\Desktop\XMAS 09
[2009/12/17 15:14:25 | 00,000,000 | ---D | C] -- C:\Users\HarrySpotter\Desktop\holly
[2009/12/17 11:33:17 | 00,000,000 | ---D | C] -- C:\Users\HarrySpotter\Desktop\fitz
[2009/03/11 10:10:26 | 00,018,944 | ---- | C] ( ) -- C:\Windows\System32\Implode.dll
[2 C:\Users\HarrySpotter\Desktop\*.tmp files -> C:\Users\HarrySpotter\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/15 11:01:31 | 10,485,760 | -HS- | M] () -- C:\Users\HarrySpotter\ntuser.dat
[2010/01/15 10:55:12 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Users\HarrySpotter\Desktop\OTL.exe
[2010/01/15 10:51:09 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/15 10:51:09 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/15 10:51:00 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/14 10:58:44 | 00,000,036 | ---- | M] () -- C:\Autorun.inf
[2010/01/14 10:58:43 | 00,000,434 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/01/14 10:58:31 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/14 10:58:03 | 21,370,42944 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/07 16:07:43 | 00,524,288 | -HS- | M] () -- C:\Users\HarrySpotter\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/07 16:07:43 | 00,065,536 | -HS- | M] () -- C:\Users\HarrySpotter\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/07 15:18:01 | 00,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3739840476-1799838778-598606433-1000UA.job
[2010/01/07 09:57:36 | 00,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/01/07 09:57:36 | 00,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2010/01/06 16:23:11 | 01,582,995 | -H-- | M] () -- C:\Users\HarrySpotter\AppData\Local\IconCache.db
[2010/01/05 10:19:29 | 00,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/01/04 15:37:46 | 00,281,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/01/02 20:32:32 | 00,002,585 | ---- | M] () -- C:\Users\HarrySpotter\Desktop\Microsoft Word.lnk
[2009/12/30 15:54:06 | 00,022,016 | ---- | M] () -- C:\Users\HarrySpotter\Desktop\risk stats for same.doc
[2009/12/30 12:31:41 | 00,524,288 | ---- | M] () -- C:\Users\HarrySpotter\Desktop\dds.scr
[2009/12/23 16:43:50 | 28,741,4590 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/12/23 11:43:51 | 00,019,456 | ---- | M] () -- C:\Users\HarrySpotter\Desktop\2009 rev.doc
[2009/12/22 12:11:59 | 00,304,920 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys
[2009/12/22 12:04:48 | 00,524,288 | -HS- | M] () -- C:\Users\HarrySpotter\ntuser.dat{ea387c29-eee1-11de-88ec-00219bce9094}.TMContainer00000000000000000001.regtrans-ms
[2009/12/22 12:04:48 | 00,065,536 | -HS- | M] () -- C:\Users\HarrySpotter\ntuser.dat{ea387c29-eee1-11de-88ec-00219bce9094}.TM.blf
[2009/12/22 11:54:39 | 00,524,288 | -HS- | M] () -- C:\Users\HarrySpotter\ntuser.dat{ea387c29-eee1-11de-88ec-00219bce9094}.TMContainer00000000000000000002.regtrans-ms
[2009/12/22 11:20:20 | 00,524,288 | -HS- | M] () -- C:\Users\HarrySpotter\NTUSER.DAT{680412c9-ee5d-11de-89d2-00219bce9094}.TMContainer00000000000000000001.regtrans-ms
[2009/12/22 11:20:20 | 00,065,536 | -HS- | M] () -- C:\Users\HarrySpotter\NTUSER.DAT{680412c9-ee5d-11de-89d2-00219bce9094}.TM.blf
[2009/12/22 11:19:56 | 00,524,288 | -HS- | M] () -- C:\Users\HarrySpotter\NTUSER.DAT{680412c9-ee5d-11de-89d2-00219bce9094}.TMContainer00000000000000000002.regtrans-ms
[2009/12/22 10:08:00 | 10,485,760 | -HS- | M] () -- C:\Users\HarrySpotter\ntuser.dat_previous
[2009/12/21 13:56:33 | 00,027,136 | ---- | M] () -- C:\Users\HarrySpotter\Desktop\Helen Hutchison Review.doc
[2009/12/21 12:55:22 | 00,041,984 | ---- | M] () -- C:\Users\HarrySpotter\Desktop\Personal_Assets_&_Liabilities_Form.xls
[2009/12/21 11:35:00 | 00,178,176 | ---- | M] () -- C:\Users\HarrySpotter\Desktop\Dear Paul.doc
[2009/12/18 19:41:30 | 00,032,768 | ---- | M] () -- C:\Users\HarrySpotter\Desktop\XMAS 09.doc
[2 C:\Users\HarrySpotter\Desktop\*.tmp files -> C:\Users\HarrySpotter\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/30 15:54:05 | 00,022,016 | ---- | C] () -- C:\Users\HarrySpotter\Desktop\risk stats for same.doc
[2009/12/30 12:31:14 | 00,524,288 | ---- | C] () -- C:\Users\HarrySpotter\Desktop\dds.scr
[2009/12/30 10:14:12 | 00,000,036 | ---- | C] () -- C:\Autorun.inf
[2009/12/23 19:28:43 | 21,370,42944 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/23 16:43:12 | 28,741,4590 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/12/23 11:43:48 | 00,019,456 | ---- | C] () -- C:\Users\HarrySpotter\Desktop\2009 rev.doc
[2009/12/22 11:52:31 | 00,524,288 | -HS- | C] () -- C:\Users\HarrySpotter\ntuser.dat{ea387c29-eee1-11de-88ec-00219bce9094}.TMContainer00000000000000000002.regtrans-ms
[2009/12/22 11:52:31 | 00,524,288 | -HS- | C] () -- C:\Users\HarrySpotter\ntuser.dat{ea387c29-eee1-11de-88ec-00219bce9094}.TMContainer00000000000000000001.regtrans-ms
[2009/12/22 11:52:31 | 00,065,536 | -HS- | C] () -- C:\Users\HarrySpotter\ntuser.dat{ea387c29-eee1-11de-88ec-00219bce9094}.TM.blf
[2009/12/22 10:10:17 | 00,524,288 | -HS- | C] () -- C:\Users\HarrySpotter\NTUSER.DAT{680412c9-ee5d-11de-89d2-00219bce9094}.TMContainer00000000000000000002.regtrans-ms
[2009/12/22 10:10:17 | 00,524,288 | -HS- | C] () -- C:\Users\HarrySpotter\NTUSER.DAT{680412c9-ee5d-11de-89d2-00219bce9094}.TMContainer00000000000000000001.regtrans-ms
[2009/12/22 10:10:17 | 00,065,536 | -HS- | C] () -- C:\Users\HarrySpotter\NTUSER.DAT{680412c9-ee5d-11de-89d2-00219bce9094}.TM.blf
[2009/12/21 13:56:31 | 00,027,136 | ---- | C] () -- C:\Users\HarrySpotter\Desktop\Helen Hutchison Review.doc
[2009/12/21 12:55:19 | 00,041,984 | ---- | C] () -- C:\Users\HarrySpotter\Desktop\Personal_Assets_&_Liabilities_Form.xls
[2009/12/21 11:34:58 | 00,178,176 | ---- | C] () -- C:\Users\HarrySpotter\Desktop\Dear Paul.doc
[2009/12/18 19:41:28 | 00,032,768 | ---- | C] () -- C:\Users\HarrySpotter\Desktop\XMAS 09.doc
[2009/03/11 10:10:26 | 00,748,160 | ---- | C] () -- C:\Windows\System32\Co2c40en.dll
[2009/03/11 10:10:26 | 00,054,272 | ---- | C] () -- C:\Windows\System32\P2irdao.dll
[2009/03/11 10:10:26 | 00,050,176 | ---- | C] () -- C:\Windows\System32\P2ctdao.dll
[2008/10/27 11:15:29 | 00,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/10/27 11:15:29 | 00,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/07/28 14:03:12 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/07/28 13:23:22 | 00,000,096 | ---- | C] () -- C:\Users\HarrySpotter\AppData\Roaming\wklnhst.dat
[2008/07/28 12:29:08 | 00,033,792 | ---- | C] () -- C:\Users\HarrySpotter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/24 09:27:26 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/06/24 09:27:26 | 00,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/06/24 09:27:25 | 01,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/06/24 09:27:25 | 01,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/06/24 09:27:25 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/06/24 09:27:22 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/06/24 01:54:04 | 00,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/02 12:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 785 bytes -> C:\Users\HarrySpotter\Desktop\Pension Transfers.eml:OECustomProperty
@Alternate Data Stream - 737 bytes -> C:\Users\HarrySpotter\Desktop\webb sight.eml:OECustomProperty
< End of report >

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:08 PM

Posted 15 January 2010 - 04:44 PM

Hi,

please also run a scan with gmer:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 harryspotter

harryspotter
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 18 January 2010 - 05:23 AM

Hi. Sorry I ran the GMER and it ran but when I turned avast off, the computer components seemed to shut down. When I shutdown and restarted then the screen was black except one document folder.

I even got this when I restarted again in safe mode. I managed to do a system restore and the laptop started working again. The virus does not seem to be affecting the pc at the moment but it may still be there.

Because of all this I ran the OTL again and this is below. Underneath that is the GMER scan that was run the first time, this was when the virus was shutting down all the laptops systems.

I will add another GMER report which I have just ran now.



OTL logfile created on: 18/01/2010 09:36:14 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\HarrySpotter\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.11 Gb Total Space | 40.86 Gb Free Space | 41.22% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.54 Gb Free Space | 55.42% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PINKSTER
Current User Name: HarrySpotter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/18 09:35:54 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\HarrySpotter\Desktop\OTL.exe
PRC - [2010/01/06 22:36:40 | 00,848,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\windows-kb890830-v3.3-delta.exe
PRC - [2010/01/04 16:17:46 | 00,057,800 | ---- | M] (Microsoft Corporation) -- c:\de639c6ae1552faaeb73c72d6430d8\mrtstub.exe
PRC - [2009/12/09 10:18:29 | 00,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/10/27 13:24:29 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/10/06 13:42:22 | 01,438,952 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2009/10/06 13:42:20 | 00,972,008 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2009/09/02 14:27:36 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/09/02 14:27:36 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/02/05 21:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/02/05 21:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/02/05 21:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 21:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/02/05 21:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/10/29 06:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/24 01:55:53 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/06/24 01:45:49 | 00,272,000 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
PRC - [2008/06/24 01:45:49 | 00,077,824 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0\bin\jusched.exe
PRC - [2008/05/16 12:17:38 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2008/05/16 12:17:36 | 03,444,736 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2008/05/16 12:16:26 | 02,506,752 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE
PRC - [2008/05/04 09:25:32 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/05/04 09:25:26 | 00,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/05/04 09:25:26 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/04 09:25:26 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/03/06 07:58:24 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/03/06 07:58:24 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2008/03/06 07:58:14 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/03/06 07:58:10 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/03/04 05:05:24 | 00,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2008/02/22 16:01:38 | 01,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/01/19 07:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 07:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/12/21 09:58:06 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/11/12 11:07:24 | 00,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/11/12 11:07:20 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 11:07:16 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/07/27 15:43:34 | 00,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/03/21 12:00:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 12:00:00 | 00,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/11/03 17:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/08/05 00:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe


========== Modules (SafeList) ==========

MOD - [2010/01/18 09:35:54 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\HarrySpotter\Desktop\OTL.exe
MOD - [2009/10/06 13:42:26 | 00,345,320 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2009/10/06 13:42:24 | 00,632,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Trusteer\Rapport\bin\msvcr80.dll
MOD - [2008/01/19 07:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/09 10:18:29 | 00,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/10/06 13:42:20 | 00,972,008 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2009/04/30 10:10:12 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/05 21:08:40 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/02/05 21:08:26 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/02/05 21:06:04 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/02/05 21:01:25 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/06/24 02:05:36 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/05/16 12:17:38 | 00,024,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2008/01/19 07:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/02 17:34:30 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/11/12 11:07:20 | 00,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 11:07:16 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 12:00:04 | 00,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/11/02 12:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/08/05 00:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)


========== Driver Services (SafeList) ==========

DRV - [2009/10/06 13:42:28 | 00,334,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2009/10/06 13:42:28 | 00,058,984 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - [2009/02/05 21:07:23 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/02/05 21:07:12 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/02/05 21:06:59 | 00,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/02/05 21:06:20 | 00,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/02/05 21:06:10 | 00,023,152 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/06/24 09:19:14 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/06/24 09:19:14 | 00,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/06/24 09:19:14 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/05/16 12:17:02 | 01,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/05/04 09:25:24 | 00,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 07:58:44 | 00,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/03/06 07:58:12 | 02,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/03/04 05:05:34 | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2008/03/04 05:05:18 | 00,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/11/14 02:00:00 | 00,043,840 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/11/12 11:07:28 | 00,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/29 05:31:54 | 00,278,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/09/06 16:43:26 | 00,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/06 16:35:16 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 16:35:14 | 00,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 16:35:12 | 00,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/03 02:43:30 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/03 02:42:18 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/03 02:42:08 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 09:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 09:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 09:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 09:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 09:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 09:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 09:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 09:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 09:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 09:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 09:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 09:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 09:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 09:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 09:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 09:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 09:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 09:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 09:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 09:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 09:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 08:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 07:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 07:30:55 | 00,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 07:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 06:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/08/05 00:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/19 21:26:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3739840476-1799838778-598606433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3739840476-1799838778-598606433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3739840476-1799838778-598606433-1000\S-1-5-21-3739840476-1799838778-598606433-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006/09/18 21:41:30 | 00,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3739840476-1799838778-598606433-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3739840476-1799838778-598606433-1000..\Run: [Google Update] C:\Users\HarrySpotter\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-3739840476-1799838778-598606433-1000..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-3739840476-1799838778-598606433-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-3739840476-1799838778-598606433-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3739840476-1799838778-598606433-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3739840476-1799838778-598606433-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/17 12:29:02 | 00,000,026 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{638d07dd-031c-11de-8d63-00219bce9094}\Shell\AutoRun\command - "" = J:\mvoyager.exe -- File not found
O33 - MountPoints2\{638d07dd-031c-11de-8d63-00219bce9094}\Shell\start\command - "" = J:\mvoyager.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /p \??\G:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/18 09:35:24 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Users\HarrySpotter\Desktop\OTL.exe
[2010/01/15 11:13:31 | 00,000,000 | ---D | C] -- C:\Users\HarrySpotter\Desktop\otl
[2010/01/15 10:53:27 | 00,000,000 | ---D | C] -- C:\Users\HarrySpotter\Desktop\rutter
[2009/12/30 12:36:04 | 00,000,000 | ---D | C] -- C:\Users\HarrySpotter\Desktop\spy
[2009/12/25 01:30:50 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/12/23 20:29:36 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2009/12/23 19:45:22 | 00,000,000 | ---D | C] -- C:\ProgramData\CA
[2009/12/23 16:58:25 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/12/23 16:57:15 | 00,000,000 | ---D | C] -- C:\Users\HarrySpotter\AppData\Roaming\Malwarebytes
[2009/12/23 16:57:09 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/20 23:13:15 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/12/20 23:12:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/12/20 23:11:57 | 00,000,000 | ---D | C] -- C:\Users\HarrySpotter\AppData\Local\Apple
[2009/12/20 23:11:54 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/03/11 10:10:26 | 00,018,944 | ---- | C] ( ) -- C:\Windows\System32\Implode.dll
[2 C:\Users\HarrySpotter\Desktop\*.tmp files -> C:\Users\HarrySpotter\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/18 09:41:05 | 10,485,760 | -HS- | M] () -- C:\Users\HarrySpotter\ntuser.dat
[2010/01/18 09:35:54 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\HarrySpotter\Desktop\OTL.exe
[2010/01/18 09:29:54 | 00,000,434 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/01/18 09:29:15 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/18 09:29:13 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/18 09:29:13 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/18 09:29:07 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/18 09:28:47 | 21,370,42944 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/17 21:12:31 | 00,524,288 | -HS- | M] () -- C:\Users\HarrySpotter\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/17 21:12:31 | 00,065,536 | -HS- | M] () -- C:\Users\HarrySpotter\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/17 21:12:02 | 01,588,277 | -H-- | M] () -- C:\Users\HarrySpotter\AppData\Local\IconCache.db
[2010/01/17 20:18:00 | 00,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3739840476-1799838778-598606433-1000UA.job
[2010/01/17 19:18:23 | 00,002,125 | ---- | M] () -- C:\Users\HarrySpotter\Desktop\Google Chrome.lnk
[2010/01/17 18:31:07 | 00,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/01/17 18:31:07 | 00,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2009/12/30 15:54:06 | 00,022,016 | ---- | M] () -- C:\Users\HarrySpotter\Desktop\risk stats for same.doc
[2009/12/23 11:43:51 | 00,019,456 | ---- | M] () -- C:\Users\HarrySpotter\Desktop\2009 rev.doc
[2009/12/22 12:04:48 | 00,524,288 | -HS- | M] () -- C:\Users\HarrySpotter\ntuser.dat{ea387c29-eee1-11de-88ec-00219bce9094}.TMContainer00000000000000000001.regtrans-ms
[2009/12/22 12:04:48 | 00,065,536 | -HS- | M] () -- C:\Users\HarrySpotter\ntuser.dat{ea387c29-eee1-11de-88ec-00219bce9094}.TM.blf
[2009/12/22 11:54:39 | 00,524,288 | -HS- | M] () -- C:\Users\HarrySpotter\ntuser.dat{ea387c29-eee1-11de-88ec-00219bce9094}.TMContainer00000000000000000002.regtrans-ms
[2009/12/22 11:20:20 | 00,524,288 | -HS- | M] () -- C:\Users\HarrySpotter\NTUSER.DAT{680412c9-ee5d-11de-89d2-00219bce9094}.TMContainer00000000000000000001.regtrans-ms
[2009/12/22 11:20:20 | 00,065,536 | -HS- | M] () -- C:\Users\HarrySpotter\NTUSER.DAT{680412c9-ee5d-11de-89d2-00219bce9094}.TM.blf
[2009/12/22 11:19:56 | 00,524,288 | -HS- | M] () -- C:\Users\HarrySpotter\NTUSER.DAT{680412c9-ee5d-11de-89d2-00219bce9094}.TMContainer00000000000000000002.regtrans-ms
[2009/12/22 10:08:00 | 10,485,760 | -HS- | M] () -- C:\Users\HarrySpotter\ntuser.dat_previous
[2009/12/21 13:56:33 | 00,027,136 | ---- | M] () -- C:\Users\HarrySpotter\Desktop\Helen Hutchison Review.doc
[2009/12/21 12:55:22 | 00,041,984 | ---- | M] () -- C:\Users\HarrySpotter\Desktop\Personal_Assets_&_Liabilities_Form.xls
[2 C:\Users\HarrySpotter\Desktop\*.tmp files -> C:\Users\HarrySpotter\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/17 09:45:47 | 21,370,42944 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/30 15:54:05 | 00,022,016 | ---- | C] () -- C:\Users\HarrySpotter\Desktop\risk stats for same.doc
[2009/12/23 11:43:48 | 00,019,456 | ---- | C] () -- C:\Users\HarrySpotter\Desktop\2009 rev.doc
[2009/12/22 11:52:31 | 00,524,288 | -HS- | C] () -- C:\Users\HarrySpotter\ntuser.dat{ea387c29-eee1-11de-88ec-00219bce9094}.TMContainer00000000000000000002.regtrans-ms
[2009/12/22 11:52:31 | 00,524,288 | -HS- | C] () -- C:\Users\HarrySpotter\ntuser.dat{ea387c29-eee1-11de-88ec-00219bce9094}.TMContainer00000000000000000001.regtrans-ms
[2009/12/22 11:52:31 | 00,065,536 | -HS- | C] () -- C:\Users\HarrySpotter\ntuser.dat{ea387c29-eee1-11de-88ec-00219bce9094}.TM.blf
[2009/12/22 10:10:17 | 00,524,288 | -HS- | C] () -- C:\Users\HarrySpotter\NTUSER.DAT{680412c9-ee5d-11de-89d2-00219bce9094}.TMContainer00000000000000000002.regtrans-ms
[2009/12/22 10:10:17 | 00,524,288 | -HS- | C] () -- C:\Users\HarrySpotter\NTUSER.DAT{680412c9-ee5d-11de-89d2-00219bce9094}.TMContainer00000000000000000001.regtrans-ms
[2009/12/22 10:10:17 | 00,065,536 | -HS- | C] () -- C:\Users\HarrySpotter\NTUSER.DAT{680412c9-ee5d-11de-89d2-00219bce9094}.TM.blf
[2009/12/21 13:56:31 | 00,027,136 | ---- | C] () -- C:\Users\HarrySpotter\Desktop\Helen Hutchison Review.doc
[2009/12/21 12:55:19 | 00,041,984 | ---- | C] () -- C:\Users\HarrySpotter\Desktop\Personal_Assets_&_Liabilities_Form.xls
[2009/03/11 10:10:26 | 00,748,160 | ---- | C] () -- C:\Windows\System32\Co2c40en.dll
[2009/03/11 10:10:26 | 00,054,272 | ---- | C] () -- C:\Windows\System32\P2irdao.dll
[2009/03/11 10:10:26 | 00,050,176 | ---- | C] () -- C:\Windows\System32\P2ctdao.dll
[2008/10/27 11:15:29 | 00,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/10/27 11:15:29 | 00,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/07/28 14:03:12 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/07/28 13:23:22 | 00,000,096 | ---- | C] () -- C:\Users\HarrySpotter\AppData\Roaming\wklnhst.dat
[2008/07/28 12:29:08 | 00,033,792 | ---- | C] () -- C:\Users\HarrySpotter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/24 09:27:26 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/06/24 09:27:26 | 00,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/06/24 09:27:25 | 01,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/06/24 09:27:25 | 01,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/06/24 09:27:25 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/06/24 09:27:22 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/06/24 01:54:04 | 00,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/02 12:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 785 bytes -> C:\Users\HarrySpotter\Desktop\Pension Transfers.eml:OECustomProperty
@Alternate Data Stream - 737 bytes -> C:\Users\HarrySpotter\Desktop\webb sight.eml:OECustomProperty
< End of report >




OTL Extras logfile created on: 18/01/2010 09:36:14 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\HarrySpotter\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.11 Gb Total Space | 40.86 Gb Free Space | 41.22% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.54 Gb Free Space | 55.42% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PINKSTER
Current User Name: HarrySpotter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3739840476-1799838778-598606433-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B2660D8-0F57-4669-A5EF-D77C9EBE871A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{17225752-D9BA-4CC8-BB43-EB71F7D2B560}" = rport=2869 | protocol=6 | dir=out | app=system |
"{2555DBC0-13AB-4615-B159-61EA0A4F001F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4F65AF46-2095-4858-AB67-FA85E88F30B9}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6253386A-96FC-4AD4-A024-F23A4E71A12A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{633BAB80-CAA5-4570-B04C-8E9AEEFD8860}" = lport=2869 | protocol=6 | dir=in | app=system |
"{71217344-AE8F-4AE4-A2C9-D2CEF56A64CC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7641C009-20D3-4887-A9BB-E69CEA23FC40}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7CF8FE2A-A470-4AC0-8B11-8B256BD5E055}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{926FC141-4380-4A08-9374-B0925CE00655}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9C47D6C6-0ACB-49FE-8E2D-57054C606F4B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9E875844-A4DC-410E-853B-D510A7FC2674}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FCDB09D-87AA-405A-8850-BB500D1DE7B2}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AF83C2D6-BACC-45F6-BF8A-5666F8EA6099}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BB1FF0A4-A83E-4CA1-A53D-328DDD72447B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BFFBDD0D-A4CE-4CF1-9CE2-5EF612717C54}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F63CD6AA-0BA4-4E02-866A-198653A89767}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BA88150-C8E6-4B1F-BA44-4929046480A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0EF56FCE-3ED4-4317-84F9-5A13CF69B3AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1B0A2BB0-A25D-4883-A512-817462D4FD12}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{2E8F9C5B-1C6E-46CA-BEF1-C027ACA7E4F3}" = protocol=6 | dir=out | app=system |
"{311C8BA2-7568-4852-8816-CDE4155D7B78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{494FD5C5-C2EF-4394-B8CD-E324C06C13ED}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{5D48C7B2-2B2B-4093-8A3B-8E0516DDF925}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7DA442B3-1DD6-43DA-980B-36EC8160C5FC}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{86F0DD38-DD6A-47E0-AE6C-D6D6F75A26E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{874DB74F-0473-4469-A753-D9F2ACC841F9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9465A3DB-B2B3-429F-9FED-AFFFDB3C1706}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{9473D946-2160-4724-906C-EFFF7A70CCE0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97178620-E785-4D84-83C3-B28F0FF89209}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9DED17FF-58C2-485D-B503-F327E3D96B12}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{B994C60C-D3D2-4412-AA6B-05D4FF819001}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDE9DC65-8E2C-4882-BCFB-CDD29634A4DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD1F9B7C-7417-4D93-A72C-14A1D56142C8}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E0354FE0-4718-4454-8551-81BD889C904F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E1940216-4036-4AC7-BDC2-5A3038A61C50}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5F44220-CE03-4F37-AE88-2EC4469369F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1130CB55-7507-4BC5-BC27-1AAD33F34E2A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{38B3D6CC-49AE-410B-A367-CDAE8DF2FC34}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"TCP Query User{92AF424E-DB78-4F1C-9A77-24C0D2628D14}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A573B978-620C-433D-B848-BEA3BD13C560}C:\program files\sti\sterlingtraderpro\base.exe" = protocol=6 | dir=in | app=c:\program files\sti\sterlingtraderpro\base.exe |
"UDP Query User{46A80713-6F06-46B2-876C-31383E0ECA7D}C:\program files\sti\sterlingtraderpro\base.exe" = protocol=17 | dir=in | app=c:\program files\sti\sterlingtraderpro\base.exe |
"UDP Query User{733231D6-B9A6-4EBF-83F9-89D2CFB621FE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{933B63E5-20F4-4A14-A7DA-F2B2359C16A6}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"UDP Query User{99951CEE-ABD2-4C5A-9DA6-1D8BE74377BF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"avast!" = avast! Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3739840476-1799838778-598606433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.0.0.320
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 26/07/2009 06:10:28 | Computer Name = Pinkster | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\HarrySpotter\AppData\Local\Temp\Temp2_mk acer desk.zip\unused icons\trigold\Saved\000000090001.RTF
failed, 00000026.

Error - 23/11/2009 10:12:35 | Computer Name = Pinkster | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\MKFP-PC4\Desktop\Lead tracker.xls failed, 00000006.

Error - 17/01/2010 07:49:02 | Computer Name = Pinkster | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 17/01/2010 07:49:02 | Computer Name = Pinkster | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 17/01/2010 08:01:09 | Computer Name = Pinkster | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 17/01/2010 08:01:09 | Computer Name = Pinkster | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 17/01/2010 08:01:09 | Computer Name = Pinkster | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 17/01/2010 08:01:09 | Computer Name = Pinkster | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 17/01/2010 08:01:09 | Computer Name = Pinkster | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 17/01/2010 08:01:09 | Computer Name = Pinkster | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

[ Application Events ]
Error - 07/01/2010 12:06:29 | Computer Name = Pinkster | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000111ff, process id 0xd0c, application start time
0x01ca8fb35f2b415d.

Error - 07/01/2010 12:06:35 | Computer Name = Pinkster | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000111ff, process id 0x1170, application start time
0x01ca8fb362c6dead.

Error - 07/01/2010 12:06:41 | Computer Name = Pinkster | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000111ff, process id 0x1690, application start time
0x01ca8fb3664c0dcd.

Error - 07/01/2010 12:06:47 | Computer Name = Pinkster | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000111ff, process id 0x11c8, application start time
0x01ca8fb369d1d92d.

Error - 07/01/2010 12:06:53 | Computer Name = Pinkster | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000111ff, process id 0x1688, application start time
0x01ca8fb36d6427ad.

Error - 07/01/2010 12:06:59 | Computer Name = Pinkster | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000111ff, process id 0xae8, application start time
0x01ca8fb370fb311d.

Error - 07/01/2010 12:07:05 | Computer Name = Pinkster | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000111ff, process id 0xe28, application start time
0x01ca8fb37483466d.

Error - 07/01/2010 12:07:11 | Computer Name = Pinkster | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000111ff, process id 0xe90, application start time
0x01ca8fb37810b2ed.

Error - 07/01/2010 12:07:17 | Computer Name = Pinkster | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000111ff, process id 0xd54, application start time
0x01ca8fb37bb26abd.

Error - 07/01/2010 12:07:23 | Computer Name = Pinkster | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000111ff, process id 0x924, application start time
0x01ca8fb37f5b005d.

[ Broadcom Wireless LAN Events ]
Error - 20/04/2009 07:33:05 | Computer Name = Pinkster | Source = WLAN-Tray | ID = 0
Description = 12:33:04, Mon, Apr 20, 09 Error - Unable to gain access to user store


Error - 20/04/2009 08:21:28 | Computer Name = Pinkster | Source = WLAN-Tray | ID = 0
Description = 13:21:28, Mon, Apr 20, 09 Error - Unable to gain access to user store


Error - 20/04/2009 08:26:43 | Computer Name = Pinkster | Source = WLAN-Tray | ID = 0
Description = 13:26:43, Mon, Apr 20, 09 Error - Unable to gain access to user store


Error - 23/04/2009 12:08:32 | Computer Name = Pinkster | Source = WLAN-Tray | ID = 0
Description = 17:08:32, Thu, Apr 23, 09 Error - Unable to gain access to user store


Error - 23/04/2009 12:13:46 | Computer Name = Pinkster | Source = WLAN-Tray | ID = 0
Description = 17:13:46, Thu, Apr 23, 09 Error - Unable to gain access to user store


Error - 10/06/2009 04:27:46 | Computer Name = Pinkster | Source = WLAN-Tray | ID = 0
Description = 09:27:46, Wed, Jun 10, 09 Error - Unable to gain access to user store


Error - 10/06/2009 04:33:01 | Computer Name = Pinkster | Source = WLAN-Tray | ID = 0
Description = 09:33:01, Wed, Jun 10, 09 Error - Unable to gain access to user store


Error - 11/06/2009 04:09:12 | Computer Name = Pinkster | Source = WLAN-Tray | ID = 0
Description = 09:09:11, Thu, Jun 11, 09 Error - Unable to gain access to user store


Error - 18/06/2009 11:18:18 | Computer Name = Pinkster | Source = WLAN-Tray | ID = 0
Description = 16:18:18, Thu, Jun 18, 09 Error - Unable to gain access to user store


Error - 18/06/2009 11:23:33 | Computer Name = Pinkster | Source = WLAN-Tray | ID = 0
Description = 16:23:33, Thu, Jun 18, 09 Error - Unable to gain access to user store


[ System Events ]
Error - 22/12/2009 06:09:30 | Computer Name = Pinkster | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.101 for the Network Card with network
address 001644C95CF2 has been denied by the DHCP server 10.0.0.138 (The DHCP Server
sent a DHCPNACK message).

Error - 22/12/2009 06:09:36 | Computer Name = Pinkster | Source = HTTP | ID = 15016
Description =

Error - 22/12/2009 06:10:12 | Computer Name = Pinkster | Source = Service Control Manager | ID = 7000
Description =

Error - 22/12/2009 06:10:24 | Computer Name = Pinkster | Source = Service Control Manager | ID = 7000
Description =

Error - 22/12/2009 06:10:24 | Computer Name = Pinkster | Source = Service Control Manager | ID = 7000
Description =

Error - 22/12/2009 06:10:25 | Computer Name = Pinkster | Source = Service Control Manager | ID = 7000
Description =

Error - 22/12/2009 06:10:26 | Computer Name = Pinkster | Source = Service Control Manager | ID = 7000
Description =

Error - 22/12/2009 06:10:36 | Computer Name = Pinkster | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 22/12/2009 06:12:01 | Computer Name = Pinkster | Source = Service Control Manager | ID = 7000
Description =

Error - 22/12/2009 06:12:02 | Computer Name = Pinkster | Source = Service Control Manager | ID = 7000
Description =


< End of report >



OLD GMER SCAN


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-16 13:45:49
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\HARRYS~1\AppData\Local\Temp\fgriapoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\Windows\system32\drivers\iastor.sys entry point in ".rsrc" section [0x830D3024]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\Dwm.exe[364] ntdll.dll!NtQueryDirectoryFile 77CE89E8 5 Bytes JMP 02483C4D
.text C:\Windows\system32\Dwm.exe[364] ntdll.dll!NtCreateUserProcess 77CE9438 5 Bytes JMP 02483B80
.text C:\Windows\system32\Dwm.exe[364] USER32.dll!DefWindowProcA 765EF9E1 5 Bytes JMP 0248FD69
.text C:\Windows\system32\Dwm.exe[364] USER32.dll!BeginPaint 765FA0C9 5 Bytes JMP 0248FC9C
.text C:\Windows\system32\Dwm.exe[364] USER32.dll!EndPaint 765FA0DD 5 Bytes JMP 0248FCFE
.text C:\Windows\system32\Dwm.exe[364] USER32.dll!TranslateMessage 76600069 5 Bytes JMP 02494E8B
.text C:\Windows\system32\Dwm.exe[364] USER32.dll!DefWindowProcW 766004BD 5 Bytes JMP 0248FD2D
.text C:\Windows\system32\Dwm.exe[364] USER32.dll!GetClipboardData 766270B2 5 Bytes JMP 02494FC0
.text C:\Windows\system32\Dwm.exe[364] WININET.dll!HttpSendRequestA 76510F35 5 Bytes JMP 02497351
.text C:\Windows\system32\Dwm.exe[364] WININET.dll!HttpQueryInfoA 765193B9 5 Bytes JMP 02497462
.text C:\Windows\system32\Dwm.exe[364] WININET.dll!InternetCloseHandle 7651AE0B 5 Bytes JMP 02497423
.text C:\Windows\system32\Dwm.exe[364] WININET.dll!InternetReadFile 7651EE5F 5 Bytes JMP 024973BB
.text C:\Windows\system32\Dwm.exe[364] WININET.dll!InternetQueryDataAvailable 76524773 5 Bytes JMP 02497400
.text C:\Windows\system32\Dwm.exe[364] WININET.dll!HttpSendRequestExW 765262C4 5 Bytes JMP 02497373
.text C:\Windows\system32\Dwm.exe[364] WININET.dll!HttpSendRequestW 7652BBCC 5 Bytes JMP 0249732F
.text C:\Windows\system32\Dwm.exe[364] WININET.dll!InternetReadFileExA 76530E8C 5 Bytes JMP 024973DD
.text C:\Windows\system32\Dwm.exe[364] WININET.dll!HttpSendRequestExA 7657B1BE 5 Bytes JMP 02497397
.text C:\Windows\system32\Dwm.exe[364] WS2_32.dll!closesocket 7697330C 5 Bytes JMP 0249106E
.text C:\Windows\system32\Dwm.exe[364] WS2_32.dll!WSASend 76974496 5 Bytes JMP 024910BF
.text C:\Windows\system32\Dwm.exe[364] WS2_32.dll!send 7697659B 5 Bytes JMP 024910A2
.text C:\Windows\system32\Dwm.exe[364] CRYPT32.dll!PFXImportCertStore 75D9914C 5 Bytes JMP 0248363A
.text C:\Windows\system32\svchost.exe[876] ntdll.dll!NtCreateUserProcess 77CE9438 5 Bytes JMP 015E3B80
.text C:\Windows\system32\svchost.exe[876] ole32.dll!CoCreateInstance 76DAE188 5 Bytes JMP 0093000A
.text C:\Windows\system32\vssvc.exe[1400] ntdll.dll!NtQueryDirectoryFile 77CE89E8 5 Bytes JMP 00B8313E
.text C:\Windows\system32\vssvc.exe[1400] ntdll.dll!NtCreateUserProcess 77CE9438 5 Bytes JMP 00B83071
.text C:\Windows\system32\vssvc.exe[1400] USER32.dll!TranslateMessage 76600069 5 Bytes JMP 00B8DF23
.text C:\Windows\system32\vssvc.exe[1400] USER32.dll!GetClipboardData 766270B2 5 Bytes JMP 00B8E058
.text C:\Windows\system32\vssvc.exe[1400] WS2_32.dll!closesocket 7697330C 5 Bytes JMP 00B8C1A7
.text C:\Windows\system32\vssvc.exe[1400] WS2_32.dll!WSASend 76974496 5 Bytes JMP 00B8C1F8
.text C:\Windows\system32\vssvc.exe[1400] WS2_32.dll!send 7697659B 5 Bytes JMP 00B8C1DB
.text C:\Windows\system32\vssvc.exe[1400] WININET.dll!HttpSendRequestA 76510F35 5 Bytes JMP 00B903E2
.text C:\Windows\system32\vssvc.exe[1400] WININET.dll!HttpQueryInfoA 765193B9 5 Bytes JMP 00B904F3
.text C:\Windows\system32\vssvc.exe[1400] WININET.dll!InternetCloseHandle 7651AE0B 5 Bytes JMP 00B904B4
.text C:\Windows\system32\vssvc.exe[1400] WININET.dll!InternetReadFile 7651EE5F 5 Bytes JMP 00B9044C
.text C:\Windows\system32\vssvc.exe[1400] WININET.dll!InternetQueryDataAvailable 76524773 5 Bytes JMP 00B90491
.text C:\Windows\system32\vssvc.exe[1400] WININET.dll!HttpSendRequestExW 765262C4 5 Bytes JMP 00B90404
.text C:\Windows\system32\vssvc.exe[1400] WININET.dll!HttpSendRequestW 7652BBCC 5 Bytes JMP 00B903C0
.text C:\Windows\system32\vssvc.exe[1400] WININET.dll!InternetReadFileExA 76530E8C 5 Bytes JMP 00B9046E
.text C:\Windows\system32\vssvc.exe[1400] WININET.dll!HttpSendRequestExA 7657B1BE 5 Bytes JMP 00B90428
.text C:\Windows\system32\vssvc.exe[1400] CRYPT32.dll!PFXImportCertStore 75D9914C 5 Bytes JMP 00B82B30
.text C:\Program Files\DellTPad\Apntex.exe[2268] ntdll.dll!NtCreateUserProcess 77CE9438 5 Bytes JMP 01F73B80
.text C:\Program Files\DellTPad\Apntex.exe[2268] USER32.dll!DefWindowProcA 765EF9E1 5 Bytes JMP 01F7FD69
.text C:\Program Files\DellTPad\Apntex.exe[2268] USER32.dll!BeginPaint 765FA0C9 5 Bytes JMP 01F7FC9C
.text C:\Program Files\DellTPad\Apntex.exe[2268] USER32.dll!EndPaint 765FA0DD 5 Bytes JMP 01F7FCFE
.text C:\Program Files\DellTPad\Apntex.exe[2268] USER32.dll!DefWindowProcW 766004BD 5 Bytes JMP 01F7FD2D
.text C:\Program Files\DellTPad\Apntex.exe[2268] CRYPT32.dll!PFXImportCertStore 75D9914C 5 Bytes JMP 01F7363A
.text C:\Windows\system32\wuauclt.exe[2948] ntdll.dll!NtCreateUserProcess 77CE9438 5 Bytes JMP 01023B80
.text C:\Windows\system32\wuauclt.exe[2948] USER32.dll!DefWindowProcA 765EF9E1 5 Bytes JMP 0102FD69
.text C:\Windows\system32\wuauclt.exe[2948] USER32.dll!BeginPaint 765FA0C9 5 Bytes JMP 0102FC9C
.text C:\Windows\system32\wuauclt.exe[2948] USER32.dll!EndPaint 765FA0DD 5 Bytes JMP 0102FCFE
.text C:\Windows\system32\wuauclt.exe[2948] USER32.dll!DefWindowProcW 766004BD 5 Bytes JMP 0102FD2D
.text C:\Windows\system32\wuauclt.exe[2948] CRYPT32.dll!PFXImportCertStore 75D9914C 5 Bytes JMP 0102363A
.text C:\Windows\system32\rundll32.exe[3068] ntdll.dll!NtQueryDirectoryFile 77CE89E8 5 Bytes JMP 00B43C4D
.text C:\Windows\system32\rundll32.exe[3068] ntdll.dll!NtCreateUserProcess 77CE9438 5 Bytes JMP 00B43B80
.text C:\Windows\system32\rundll32.exe[3068] USER32.dll!DefWindowProcA 765EF9E1 5 Bytes JMP 00B4FD69
.text C:\Windows\system32\rundll32.exe[3068] USER32.dll!BeginPaint 765FA0C9 5 Bytes JMP 00B4FC9C
.text C:\Windows\system32\rundll32.exe[3068] USER32.dll!EndPaint 765FA0DD 5 Bytes JMP 00B4FCFE
.text C:\Windows\system32\rundll32.exe[3068] USER32.dll!TranslateMessage 76600069 5 Bytes JMP 00B54E8B
.text C:\Windows\system32\rundll32.exe[3068] USER32.dll!DefWindowProcW 766004BD 5 Bytes JMP 00B4FD2D
.text C:\Windows\system32\rundll32.exe[3068] USER32.dll!GetClipboardData 766270B2 5 Bytes JMP 00B54FC0
.text C:\Windows\system32\rundll32.exe[3068] WININET.dll!HttpSendRequestA 76510F35 5 Bytes JMP 00B57351
.text C:\Windows\system32\rundll32.exe[3068] WININET.dll!HttpQueryInfoA 765193B9 5 Bytes JMP 00B57462
.text C:\Windows\system32\rundll32.exe[3068] WININET.dll!InternetCloseHandle 7651AE0B 5 Bytes JMP 00B57423
.text C:\Windows\system32\rundll32.exe[3068] WININET.dll!InternetReadFile 7651EE5F 5 Bytes JMP 00B573BB
.text C:\Windows\system32\rundll32.exe[3068] WININET.dll!InternetQueryDataAvailable 76524773 5 Bytes JMP 00B57400
.text C:\Windows\system32\rundll32.exe[3068] WININET.dll!HttpSendRequestExW 765262C4 5 Bytes JMP 00B57373
.text C:\Windows\system32\rundll32.exe[3068] WININET.dll!HttpSendRequestW 7652BBCC 5 Bytes JMP 00B5732F
.text C:\Windows\system32\rundll32.exe[3068] WININET.dll!InternetReadFileExA 76530E8C 5 Bytes JMP 00B573DD
.text C:\Windows\system32\rundll32.exe[3068] WININET.dll!HttpSendRequestExA 7657B1BE 5 Bytes JMP 00B57397
.text C:\Windows\system32\rundll32.exe[3068] WS2_32.dll!closesocket 7697330C 5 Bytes JMP 00B5106E
.text C:\Windows\system32\rundll32.exe[3068] WS2_32.dll!WSASend 76974496 5 Bytes JMP 00B510BF
.text C:\Windows\system32\rundll32.exe[3068] WS2_32.dll!send 7697659B 5 Bytes JMP 00B510A2
.text C:\Windows\system32\rundll32.exe[3068] CRYPT32.dll!PFXImportCertStore 75D9914C 5 Bytes JMP 00B4363A
.text C:\Windows\System32\igfxtray.exe[3112] ntdll.dll!NtCreateUserProcess 77CE9438 5 Bytes JMP 01D93B80
.text C:\Windows\System32\igfxtray.exe[3112] USER32.dll!DefWindowProcA 765EF9E1 5 Bytes JMP 01D9FD69
.text C:\Windows\System32\igfxtray.exe[3112] USER32.dll!BeginPaint 765FA0C9 5 Bytes JMP 01D9FC9C
.text C:\Windows\System32\igfxtray.exe[3112] USER32.dll!EndPaint 765FA0DD 5 Bytes JMP 01D9FCFE
.text C:\Windows\System32\igfxtray.exe[3112] USER32.dll!DefWindowProcW 766004BD 5 Bytes JMP 01D9FD2D
.text C:\Windows\System32\igfxtray.exe[3112] CRYPT32.dll!PFXImportCertStore 75D9914C 5 Bytes JMP 01D9363A
.text C:\Windows\System32\hkcmd.exe[3120] ntdll.dll!NtCreateUserProcess 77CE9438 5 Bytes JMP 01A03B80
.text C:\Windows\System32\hkcmd.exe[3120] USER32.dll!DefWindowProcA 765EF9E1 5 Bytes JMP 01A0FD69
.text C:\Windows\System32\hkcmd.exe[3120] USER32.dll!BeginPaint 765FA0C9 5 Bytes JMP 01A0FC9C
.text C:\Windows\System32\hkcmd.exe[3120] USER32.dll!EndPaint 765FA0DD 5 Bytes JMP 01A0FCFE
.text C:\Windows\System32\hkcmd.exe[3120] USER32.dll!DefWindowProcW 766004BD 5 Bytes JMP 01A0FD2D
.text C:\Windows\System32\hkcmd.exe[3120] CRYPT32.dll!PFXImportCertStore 75D9914C 5 Bytes JMP 01A0363A
.text C:\Windows\System32\igfxpers.exe[3128] ntdll.dll!NtCreateUserProcess 77CE9438 5 Bytes JMP 01E33B80
.text C:\Windows\System32\igfxpers.exe[3128] USER32.dll!DefWindowProcA 765EF9E1 5 Bytes JMP 01E3FD69
.text C:\Windows\System32\igfxpers.exe[3128] USER32.dll!BeginPaint 765FA0C9 5 Bytes JMP 01E3FC9C
.text C:\Windows\System32\igfxpers.exe[3128] USER32.dll!EndPaint 765FA0DD 5 Bytes JMP 01E3FCFE
.text C:\Windows\System32\igfxpers.exe[3128] USER32.dll!DefWindowProcW 766004BD 5 Bytes JMP 01E3FD2D
.text C:\Windows\System32\igfxpers.exe[3128] CRYPT32.dll!PFXImportCertStore 75D9914C 5 Bytes JMP 01E3363A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3152] ntdll.dll!NtCreateUserProcess 77CE9438 5 Bytes JMP 01CC3B80
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3152] USER32.dll!DefWindowProcA 765EF9E1 5 Bytes JMP 01CCFD69
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3152] USER32.dll!BeginPaint 765FA0C9 5 Bytes JMP 01CCFC9C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3152] USER32.dll!EndPaint 765FA0DD 5 Bytes JMP 01CCFCFE
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3152] USER32.dll!DefWindowProcW 766004BD 5 Bytes JMP 01CCFD2D
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3152] CRYPT32.dll!PFXImportCertStore 75D9914C 5 Bytes JMP 01CC363A
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3420] ntdll.dll!NtCreateUserProcess 77CE9438 5 Bytes JMP 01DF3B80
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3420] USER32.dll!DefWindowProcA 765EF9E1 5 Bytes JMP 01DFFD69
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3420] USER32.dll!BeginPaint 765FA0C9 5 Bytes JMP 01DFFC9C
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3420] USER32.dll!EndPaint 765FA0DD 5 Bytes JMP 01DFFCFE
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3420] USER32.dll!DefWindowProcW 766004BD 5 Bytes JMP 01DFFD2D
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3420] CRYPT32.dll!PFXImportCertStore 75D9914C 5 Bytes JMP 01DF363A
.text C:\Program Files\DellTPad\HidFind.exe[3452] ntdll.dll!NtCreateUserProcess 77CE9438 5 Bytes JMP 01BB3B80
.text C:\Program Files\DellTPad\HidFind.exe[3452] USER32.dll!DefWindowProcA 765EF9E1 5 Bytes JMP 01BBFD69
.text C:\Program Files\DellTPad\HidFind.exe[3452] USER32.dll!BeginPaint 765FA0C9 5 Bytes JMP 01BBFC9C
.text C:\Program Files\DellTPad\HidFind.exe[3452] USER32.dll!EndPaint 765FA0DD 5 Bytes JMP 01BBFCFE
.text C:\Program Files\DellTPad\HidFind.exe[3452] USER32.dll!DefWindowProcW 766004BD 5 Bytes JMP 01BBFD2D
.text C:\Program Files\DellTPad\HidFind.exe[3452] CRYPT32.dll!PFXImportCertStore 75D9914C 5 Bytes JMP 01BB363A
.text C:\Program Files\Digital Line Detect\DLG.exe[3492] ntdll.dll!NtCreateUserProcess 77CE9438 5 Bytes JMP 02013B80
.text C:\Program Files\Digital Line Detect\DLG.exe[3492] USER32.dll!DefWindowProcA 765EF9E1 5 Bytes JMP 0201FD69
.text C:\Program Files\Digital Line Detect\DLG.exe[3492] USER32.dll!BeginPaint 765FA0C9 5 Bytes JMP 0201FC9C
.text C:\Program Files\Digital Line Detect\DLG.exe[3492] USER32.dll!EndPaint 765FA0DD 5 Bytes JMP 0201FCFE
.text C:\Program Files\Digital Line Detect\DLG.exe[3492] USER32.dll!DefWindowProcW 766004BD 5 Bytes JMP 0201FD2D
.text C:\Program Files\Digital Line Detect\DLG.exe[3492] CRYPT32.dll!PFXImportCertStore 75D9914C 5 Bytes JMP 0201363A
.text C:\Windows\system32\igfxsrvc.exe[3512] ntdll.dll!NtCreateUserProcess 77CE9438 5 Bytes JMP 02813B80
.text C:\Windows\system32\igfxsrvc.exe[3512] USER32.dll!DefWindowProcA 765EF9E1 5 Bytes JMP 0281FD69
.text C:\Windows\system32\igfxsrvc.exe[3512] USER32.dll!BeginPaint 765FA0C9 5 Bytes JMP 0281FC9C
.text C:\Windows\system32\igfxsrvc.exe[3512] USER32.dll!EndPaint 765FA0DD 5 Bytes JMP 0281FCFE
.text C:\Windows\system32\igfxsrvc.exe[3512] USER32.dll!DefWindowProcW 766004BD 5 Bytes JMP 0281FD2D
.text C:\Windows\system32\igfxsrvc.exe[3512] CRYPT32.dll!PFXImportCertStore 75D9914C 5 Bytes JMP 0281363A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4252] ntdll.dll!NtQueryDirectoryFile 77CE89E8 5 Bytes JMP 01AE3C4D
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4252] ntdll.dll!NtCreateUserProcess 77CE9438 5 Bytes JMP 01AE3B80
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4252] USER32.dll!DefWindowProcA 765EF9E1 3 Bytes JMP 01AEFD69
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4252] USER32.dll!DefWindowProcA + 4 765EF9E5 1 Byte [8B]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4252] USER32.dll!BeginPaint 765FA0C9 5 Bytes JMP 01AEFC9C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4252] USER32.dll!EndPaint 765FA0DD 5 Bytes JMP 01AEFCFE
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4252] USER32.dll!TranslateMessage 76600069 5 Bytes JMP 01AF4E8B
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4252] USER32.dll!DefWindowProcW 766004BD 5 Bytes JMP 01AEFD2D
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4252] USER32.dll!GetClipboardData 766270B2 5 Bytes JMP 01AF4FC0
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4252] WININET.dll!HttpSendRequestA 76510F35 5 Bytes JMP 01AF7351
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4252] WININET.dll!HttpQueryInfoA 765193B9 5 Bytes JMP 01AF7462
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4252] WININET.dll!InternetCloseHandle 7651AE0B 5 Bytes JMP 01AF7423
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4252] WININET.dll!InternetReadFile 7651EE5F 5 Bytes JMP 01AF73BB
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4252] WININET.dll!InternetQueryDataAvailable 76524773 5 Bytes JMP 01AF7400
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4252] WININET.dll!HttpSendRequestExW 765262C4 5 Bytes JMP 01AF7373
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4252] WININET.dll!HttpSendRequestW 7652BBCC 5 Bytes JMP 01AF732F
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4252] WININET.dll!InternetReadFileExA 76530E8C 5 Bytes JMP 01AF73DD
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4252] WININET.dll!HttpSendRequestExA 7657B1BE 5 Bytes JMP 01AF7397
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4252] WS2_32.dll!closesocket 7697330C 5 Bytes JMP 01AF106E
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4252] WS2_32.dll!WSASend 76974496 5 Bytes JMP 01AF10BF
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4252] WS2_32.dll!send 7697659B 5 Bytes JMP 01AF10A2
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4252] CRYPT32.dll!PFXImportCertStore 75D9914C 5 Bytes JMP 01AE363A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4256] ntdll.dll!NtCreateUserProcess 77CE9438 5 Bytes JMP 03E83B80
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4256] user32.dll!DefWindowProcA 765EF9E1 5 Bytes JMP 03E8FD69
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4256] user32.dll!BeginPaint 765FA0C9 5 Bytes JMP 03E8FC9C
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4256] user32.dll!EndPaint 765FA0DD 5 Bytes JMP 03E8FCFE
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4256] user32.dll!DefWindowProcW 766004BD 5 Bytes JMP 03E8FD2D
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4256] crypt32.dll!PFXImportCertStore 75D9914C 5 Bytes JMP 03E8363A
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] ntdll.dll!NtQueryDirectoryFile 77CE89E8 5 Bytes JMP 026A3C4D
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] ntdll.dll!NtCreateUserProcess 77CE9438 5 Bytes JMP 026A3B80
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!DialogBoxIndirectParamW 765EBD25 5 Bytes JMP 6D7B067D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!DefWindowProcA 765EF9E1 5 Bytes JMP 026AFD69
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!BeginPaint 765FA0C9 5 Bytes JMP 026AFC9C
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!EndPaint 765FA0DD 5 Bytes JMP 026AFCFE
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!TranslateMessage 76600069 5 Bytes JMP 026B4E8B
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!DefWindowProcW 766004BD 5 Bytes JMP 026AFD2D
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!DialogBoxParamW 76601FD5 5 Bytes JMP 6D7B0607 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!GetClipboardData 766270B2 5 Bytes JMP 026B4FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!DialogBoxParamA 766280B2 5 Bytes JMP 6D7B0642 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!DialogBoxIndirectParamA 766283DD 5 Bytes JMP 6D7B06B8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!MessageBoxIndirectA 7663D471 5 Bytes JMP 6D7B05C3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!MessageBoxIndirectW 7663D56B 5 Bytes JMP 6D7B057F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!MessageBoxExA 7663D5D1 5 Bytes JMP 6D7B0545 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!MessageBoxExW 7663D5F5 5 Bytes JMP 6D7B050B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] ole32.dll!OleLoadFromStream 76D79726 5 Bytes JMP 6D7B087A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] WININET.dll!HttpSendRequestA 76510F35 5 Bytes JMP 026B7351
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] WININET.dll!HttpQueryInfoA 765193B9 5 Bytes JMP 026B7462
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] WININET.dll!InternetCloseHandle 7651AE0B 5 Bytes JMP 026B7423
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] WININET.dll!InternetReadFile 7651EE5F 5 Bytes JMP 026B73BB
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] WININET.dll!InternetQueryDataAvailable 76524773 5 Bytes JMP 026B7400
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] WININET.dll!HttpSendRequestExW 765262C4 5 Bytes JMP 026B7373
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] WININET.dll!HttpSendRequestW 7652BBCC 5 Bytes JMP 026B732F
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] WININET.dll!InternetReadFileExA 76530E8C 5 Bytes JMP 026B73DD
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] WININET.dll!HttpSendRequestExA 7657B1BE 5 Bytes JMP 026B7397
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] WS2_32.dll!closesocket 7697330C 5 Bytes JMP 026B106E
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] WS2_32.dll!WSASend 76974496 5 Bytes JMP 026B10BF
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] WS2_32.dll!send 7697659B 5 Bytes JMP 026B10A2
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] CRYPT32.dll!PFXImportCertStore 75D9914C 5 Bytes JMP 026A363A
.text C:\Windows\System32\svchost.exe[4844] ntdll.dll!NtQueryDirectoryFile 77CE89E8 5 Bytes JMP 00A0313E
.text C:\Windows\System32\svchost.exe[4844] ntdll.dll!NtCreateUserProcess 77CE9438 5 Bytes JMP 00A03071
.text C:\Windows\System32\svchost.exe[4844] user32.dll!TranslateMessage 76600069 5 Bytes JMP 00A0DF23
.text C:\Windows\System32\svchost.exe[4844] user32.dll!GetClipboardData 766270B2 5 Bytes JMP 00A0E058
.text C:\Windows\System32\svchost.exe[4844] WININET.dll!HttpSendRequestA 76510F35 5 Bytes JMP 00A103E2
.text C:\Windows\System32\svchost.exe[4844] WININET.dll!HttpQueryInfoA 765193B9 5 Bytes JMP 00A104F3
.text C:\Windows\System32\svchost.exe[4844] WININET.dll!InternetCloseHandle 7651AE0B 5 Bytes JMP 00A104B4
.text C:\Windows\System32\svchost.exe[4844] WININET.dll!InternetReadFile 7651EE5F 5 Bytes JMP 00A1044C
.text C:\Windows\System32\svchost.exe[4844] WININET.dll!InternetQueryDataAvailable 76524773 5 Bytes JMP 00A10491
.text C:\Windows\System32\svchost.exe[4844] WININET.dll!HttpSendRequestExW 765262C4 5 Bytes JMP 00A10404
.text C:\Windows\System32\svchost.exe[4844] WININET.dll!HttpSendRequestW 7652BBCC 5 Bytes JMP 00A103C0
.text C:\Windows\System32\svchost.exe[4844] WININET.dll!InternetReadFileExA 76530E8C 5 Bytes JMP 00A1046E
.text C:\Windows\System32\svchost.exe[4844] WININET.dll!HttpSendRequestExA 7657B1BE 5 Bytes JMP 00A10428
.text C:\Windows\System32\svchost.exe[4844] WS2_32.dll!closesocket 7697330C 5 Bytes JMP 00A0C1A7
.text C:\Windows\System32\svchost.exe[4844] WS2_32.dll!WSASend 76974496 5 Bytes JMP 00A0C1F8
.text C:\Windows\System32\svchost.exe[4844] WS2_32.dll!send 7697659B 5 Bytes JMP 00A0C1DB
.text C:\Windows\System32\svchost.exe[4844] CRYPT32.dll!PFXImportCertStore 75D9914C 5 Bytes JMP 00A02B30
.text C:\Users\HarrySpotter\Desktop\gmer.exe[5508] ntdll.dll!NtQueryDirectoryFile 77CE89E8 5 Bytes JMP 00203C4D
.text C:\Users\HarrySpotter\Desktop\gmer.exe[5508] ntdll.dll!NtCreateUserProcess 77CE9438 5 Bytes JMP 00203B80
.text C:\Users\HarrySpotter\Desktop\gmer.exe[5508] user32.dll!DefWindowProcA 765EF9E1 5 Bytes JMP 0020FD69
.text C:\Users\HarrySpotter\Desktop\gmer.exe[5508] user32.dll!BeginPaint 765FA0C9 5 Bytes JMP 0020FC9C
.text C:\Users\HarrySpotter\Desktop\gmer.exe[5508] user32.dll!EndPaint 765FA0DD 5 Bytes JMP 0020FCFE
.text C:\Users\HarrySpotter\Desktop\gmer.exe[5508] user32.dll!TranslateMessage 76600069 5 Bytes JMP 00214E8B
.text C:\Users\HarrySpotter\Desktop\gmer.exe[5508] user32.dll!DefWindowProcW 766004BD 5 Bytes JMP 0020FD2D
.text C:\Users\HarrySpotter\Desktop\gmer.exe[5508] user32.dll!GetClipboardData 766270B2 5 Bytes JMP 00214FC0
.text C:\Users\HarrySpotter\Desktop\gmer.exe[5508] WININET.dll!HttpSendRequestA 76510F35 5 Bytes JMP 00217351
.text C:\Users\HarrySpotter\Desktop\gmer.exe[5508] WININET.dll!HttpQueryInfoA 765193B9 5 Bytes JMP 00217462
.text C:\Users\HarrySpotter\Desktop\gmer.exe[5508] WININET.dll!InternetCloseHandle 7651AE0B 5 Bytes JMP 00217423
.text C:\Users\HarrySpotter\Desktop\gmer.exe[5508] WININET.dll!InternetReadFile 7651EE5F 5 Bytes JMP 002173BB
.text C:\Users\HarrySpotter\Desktop\gmer.exe[5508] WININET.dll!InternetQueryDataAvailable 76524773 5 Bytes JMP 00217400
.text C:\Users\HarrySpotter\Desktop\gmer.exe[5508] WININET.dll!HttpSendRequestExW 765262C4 5 Bytes JMP 00217373
.text C:\Users\HarrySpotter\Desktop\gmer.exe[5508] WININET.dll!HttpSendRequestW 7652BBCC 5 Bytes JMP 0021732F
.text C:\Users\HarrySpotter\Desktop\gmer.exe[5508] WININET.dll!InternetReadFileExA 76530E8C 5 Bytes JMP 002173DD
.text C:\Users\HarrySpotter\Desktop\gmer.exe[5508] WININET.dll!HttpSendRequestExA 7657B1BE 5 Bytes JMP 00217397
.text C:\Users\HarrySpotter\Desktop\gmer.exe[5508] WS2_32.dll!closesocket 7697330C 5 Bytes JMP 0021106E
.text C:\Users\HarrySpotter\Desktop\gmer.exe[5508] WS2_32.dll!WSASend 76974496 5 Bytes JMP 002110BF
.text C:\Users\HarrySpotter\Desktop\gmer.exe[5508] WS2_32.dll!send 7697659B 5 Bytes JMP 002110A2
.text C:\Users\HarrySpotter\Desktop\gmer.exe[5508] CRYPT32.dll!PFXImportCertStore 75D9914C 5 Bytes JMP 0020363A
.text C:\Windows\system32\SearchIndexer.exe[5636] ntdll.dll!NtQueryDirectoryFile 77CE89E8 5 Bytes JMP 01653C4D
.text C:\Windows\system32\SearchIndexer.exe[5636] ntdll.dll!NtCreateUserProcess 77CE9438 5 Bytes JMP 01653B80
.text C:\Windows\system32\SearchIndexer.exe[5636] USER32.dll!DefWindowProcA 765EF9E1 5 Bytes JMP 0165FD72
.text C:\Windows\system32\SearchIndexer.exe[5636] USER32.dll!BeginPaint 765FA0C9 5 Bytes JMP 0165FCA5
.text C:\Windows\system32\SearchIndexer.exe[5636] USER32.dll!EndPaint 765FA0DD 5 Bytes JMP 0165FD07
.text C:\Windows\system32\SearchIndexer.exe[5636] USER32.dll!TranslateMessage 76600069 5 Bytes JMP 01664E94
.text C:\Windows\system32\SearchIndexer.exe[5636] USER32.dll!DefWindowProcW 766004BD 5 Bytes JMP 0165FD36
.text C:\Windows\system32\SearchIndexer.exe[5636] USER32.dll!GetClipboardData 766270B2 5 Bytes JMP 01664FC9
.text C:\Windows\system32\SearchIndexer.exe[5636] CRYPT32.dll!PFXImportCertStore 75D9914C 3 Bytes JMP 0165363A
.text C:\Windows\system32\SearchIndexer.exe[5636] CRYPT32.dll!PFXImportCertStore + 4 75D99150 1 Byte [8B]
.text C:\Windows\system32\SearchIndexer.exe[5636] WS2_32.dll!closesocket 7697330C 5 Bytes JMP 01661077
.text C:\Windows\system32\SearchIndexer.exe[5636] WS2_32.dll!WSASend 76974496 5 Bytes JMP 016610C8
.text C:\Windows\system32\SearchIndexer.exe[5636] WS2_32.dll!send 7697659B 5 Bytes JMP 016610AB
.text C:\Windows\system32\SearchIndexer.exe[5636] WININET.dll!HttpSendRequestA 76510F35 5 Bytes JMP 0166735A
.text C:\Windows\system32\SearchIndexer.exe[5636] WININET.dll!HttpQueryInfoA 765193B9 5 Bytes JMP 0166746B
.text C:\Windows\system32\SearchIndexer.exe[5636] WININET.dll!InternetCloseHandle 7651AE0B 5 Bytes JMP 0166742C
.text C:\Windows\system32\SearchIndexer.exe[5636] WININET.dll!InternetReadFile 7651EE5F 5 Bytes JMP 016673C4
.text C:\Windows\system32\SearchIndexer.exe[5636] WININET.dll!InternetQueryDataAvailable 76524773 5 Bytes JMP 01667409
.text C:\Windows\system32\SearchIndexer.exe[5636] WININET.dll!HttpSendRequestExW 765262C4 5 Bytes JMP 0166737C
.text C:\Windows\system32\SearchIndexer.exe[5636] WININET.dll!HttpSendRequestW 7652BBCC 5 Bytes JMP 01667338
.text C:\Windows\system32\SearchIndexer.exe[5636] WININET.dll!InternetReadFileExA 76530E8C 5 Bytes JMP 016673E6
.text C:\Windows\system32\SearchIndexer.exe[5636] WININET.dll!HttpSendRequestExA 7657B1BE 5 Bytes JMP 016673A0
.text C:\Windows\system32\svchost.exe[5948] ntdll.dll!NtQueryDirectoryFile 77CE89E8 5 Bytes JMP 008D313E
.text C:\Windows\system32\svchost.exe[5948] ntdll.dll!NtCreateUserProcess 77CE9438 5 Bytes JMP 008D3071
.text C:\Windows\system32\svchost.exe[5948] USER32.dll!TranslateMessage 76600069 5 Bytes JMP 008DDF23
.text C:\Windows\system32\svchost.exe[5948] USER32.dll!GetClipboardData 766270B2 5 Bytes JMP 008DE058
.text C:\Windows\system32\svchost.exe[5948] ws2_32.dll!closesocket 7697330C 5 Bytes JMP 008DC1A7
.text C:\Windows\system32\svchost.exe[5948] ws2_32.dll!WSASend 76974496 5 Bytes JMP 008DC1F8
.text C:\Windows\system32\svchost.exe[5948] ws2_32.dll!send 7697659B 5 Bytes JMP 008DC1DB
.text C:\Windows\system32\svchost.exe[5948] WININET.dll!HttpSendRequestA 76510F35 5 Bytes JMP 008E03E2
.text C:\Windows\system32\svchost.exe[5948] WININET.dll!HttpQueryInfoA 765193B9 5 Bytes JMP 008E04F3
.text C:\Windows\system32\svchost.exe[5948] WININET.dll!InternetCloseHandle 7651AE0B 5 Bytes JMP 008E04B4
.text C:\Windows\system32\svchost.exe[5948] WININET.dll!InternetReadFile 7651EE5F 5 Bytes JMP 008E044C
.text C:\Windows\system32\svchost.exe[5948] WININET.dll!InternetQueryDataAvailable 76524773 5 Bytes JMP 008E0491
.text C:\Windows\system32\svchost.exe[5948] WININET.dll!HttpSendRequestExW 765262C4 5 Bytes JMP 008E0404
.text C:\Windows\system32\svchost.exe[5948] WININET.dll!HttpSendRequestW 7652BBCC 5 Bytes JMP 008E03C0
.text C:\Windows\system32\svchost.exe[5948] WININET.dll!InternetReadFileExA 76530E8C 5 Bytes JMP 008E046E
.text C:\Windows\system32\svchost.exe[5948] WININET.dll!HttpSendRequestExA 7657B1BE 5 Bytes JMP 008E0428
.text C:\Windows\system32\svchost.exe[5948] CRYPT32.dll!PFXImportCertStore 75D9914C 5 Bytes JMP 008D2B30
.text C:\Windows\Explorer.EXE[6040] ntdll.dll!NtQueryDirectoryFile 77CE89E8 5 Bytes JMP 02F83C4D
.text C:\Windows\Explorer.EXE[6040] ntdll.dll!NtCreateUserProcess 77CE9438 5 Bytes JMP 02F83B80
.text C:\Windows\Explorer.EXE[6040] USER32.dll!DefWindowProcA 765EF9E1 5 Bytes JMP 02F8FD69
.text C:\Windows\Explorer.EXE[6040] USER32.dll!BeginPaint 765FA0C9 5 Bytes JMP 02F8FC9C
.text C:\Windows\Explorer.EXE[6040] USER32.dll!EndPaint 765FA0DD 5 Bytes JMP 02F8FCFE
.text C:\Windows\Explorer.EXE[6040] USER32.dll!TranslateMessage 76600069 5 Bytes JMP 02F94E8B
.text C:\Windows\Explorer.EXE[6040] USER32.dll!DefWindowProcW 766004BD 5 Bytes JMP 02F8FD2D
.text C:\Windows\Explorer.EXE[6040] USER32.dll!GetClipboardData 766270B2 5 Bytes JMP 02F94FC0
.text C:\Windows\Explorer.EXE[6040] WININET.dll!HttpSendRequestA 76510F35 5 Bytes JMP 02F97351
.text C:\Windows\Explorer.EXE[6040] WININET.dll!HttpQueryInfoA 765193B9 5 Bytes JMP 02F97462
.text C:\Windows\Explorer.EXE[6040] WININET.dll!InternetCloseHandle 7651AE0B 5 Bytes JMP 02F97423
.text C:\Windows\Explorer.EXE[6040] WININET.dll!InternetReadFile 7651EE5F 5 Bytes JMP 02F973BB
.text C:\Windows\Explorer.EXE[6040] WININET.dll!InternetQueryDataAvailable 76524773 5 Bytes JMP 02F97400
.text C:\Windows\Explorer.EXE[6040] WININET.dll!HttpSendRequestExW 765262C4 5 Bytes JMP 02F97373
.text C:\Windows\Explorer.EXE[6040] WININET.dll!HttpSendRequestW 7652BBCC 5 Bytes JMP 02F9732F
.text C:\Windows\Explorer.EXE[6040] WININET.dll!InternetReadFileExA 76530E8C 5 Bytes JMP 02F973DD
.text C:\Windows\Explorer.EXE[6040] WININET.dll!HttpSendRequestExA 7657B1BE 5 Bytes JMP 02F97397
.text C:\Windows\Explorer.EXE[6040] WS2_32.dll!closesocket 7697330C 5 Bytes JMP 02F9106E
.text C:\Windows\Explorer.EXE[6040] WS2_32.dll!WSASend 76974496 5 Bytes JMP 02F910BF
.text C:\Windows\Explorer.EXE[6040] WS2_32.dll!send 7697659B 5 Bytes JMP 02F910A2
.text C:\Windows\Explorer.EXE[6040] CRYPT32.dll!PFXImportCertStore 75D9914C 5 Bytes JMP 02F8363A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\wininit.exe[624] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00C729B1
IAT C:\Windows\system32\wininit.exe[624] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00C728DF
IAT C:\Windows\system32\wininit.exe[624] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00C72947
IAT C:\Windows\system32\wininit.exe[624] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00C72F24
IAT C:\Windows\system32\wininit.exe[624] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00C72C6A
IAT C:\Windows\system32\wininit.exe[624] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00C72F24
IAT C:\Windows\system32\wininit.exe[624] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 00C729B1
IAT C:\Windows\system32\wininit.exe[624] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 00C72C6A
IAT C:\Windows\system32\wininit.exe[624] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 00C72F24
IAT C:\Windows\system32\wininit.exe[624] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 00C729B1
IAT C:\Windows\system32\services.exe[668] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00020002
IAT C:\Windows\system32\services.exe[668] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00020000
IAT C:\Windows\system32\services.exe[668] @ C:\Windows\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 000929B1
IAT C:\Windows\system32\services.exe[668] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 000929B1
IAT C:\Windows\system32\services.exe[668] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 000928DF
IAT C:\Windows\system32\services.exe[668] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00092947
IAT C:\Windows\system32\services.exe[668] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00092F24
IAT C:\Windows\system32\services.exe[668] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00092C6A
IAT C:\Windows\system32\services.exe[668] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00092F24
IAT C:\Windows\system32\services.exe[668] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 000929B1
IAT C:\Windows\system32\services.exe[668] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 00092C6A
IAT C:\Windows\system32\services.exe[668] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 00092F24
IAT C:\Windows\system32\services.exe[668] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 000929B1
IAT C:\Windows\system32\lsass.exe[684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 000C29B1
IAT C:\Windows\system32\lsass.exe[684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 000C28DF
IAT C:\Windows\system32\lsass.exe[684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000C2947
IAT C:\Windows\system32\lsass.exe[684] @ C:\Windows\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 000C2947
IAT C:\Windows\system32\lsass.exe[684] @ C:\Windows\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 000C2947
IAT C:\Windows\system32\lsass.exe[684] @ C:\Windows\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 000C28DF
IAT C:\Windows\system32\lsass.exe[684] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 000C29B1
IAT C:\Windows\system32\lsass.exe[684] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 000C2F24
IAT C:\Windows\system32\lsass.exe[684] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 000C2C6A
IAT C:\Windows\system32\lsass.exe[684] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 000C2F24
IAT C:\Windows\system32\lsass.exe[684] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 000C2C6A
IAT C:\Windows\system32\lsass.exe[684] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 000C2F24
IAT C:\Windows\system32\lsass.exe[684] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 000C29B1
IAT C:\Windows\system32\lsm.exe[692] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001529B1
IAT C:\Windows\system32\lsm.exe[692] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001528DF
IAT C:\Windows\system32\lsm.exe[692] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00152947
IAT C:\Windows\system32\lsm.exe[692] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00152F24
IAT C:\Windows\system32\lsm.exe[692] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00152C6A
IAT C:\Windows\system32\lsm.exe[692] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00152F24
IAT C:\Windows\system32\lsm.exe[692] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 00152C6A
IAT C:\Windows\system32\lsm.exe[692] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 00152F24
IAT C:\Windows\system32\lsm.exe[692] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 001529B1
IAT C:\Windows\system32\lsm.exe[692] @ C:\Windows\system32\ws2_32.dll [ntdll.dll!NtQueryDirectoryFile] 001529B1
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00A229B1
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00A228DF
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00A22947
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00A22F24
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00A22C6A
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00A22F24
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 00A229B1
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 00A22C6A
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 00A22F24
IAT C:\Windows\system32\svchost.exe[956] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 00A229B1
IAT C:\Windows\System32\svchost.exe[992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 012129B1
IAT C:\Windows\System32\svchost.exe[992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 012128DF
IAT C:\Windows\System32\svchost.exe[992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01212947
IAT C:\Windows\System32\svchost.exe[992] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01212F24
IAT C:\Windows\System32\svchost.exe[992] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 01212C6A
IAT C:\Windows\System32\svchost.exe[992] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 01212F24
IAT C:\Windows\System32\svchost.exe[992] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 01212C6A
IAT C:\Windows\System32\svchost.exe[992] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 01212F24
IAT C:\Windows\System32\svchost.exe[992] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 012129B1
IAT C:\Windows\System32\svchost.exe[992] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 012129B1
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 009129B1
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 009128DF
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00912947
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00912F24
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00912C6A
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00912F24
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 009129B1
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 00912C6A
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 00912F24
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 009129B1
IAT C:\Windows\System32\svchost.exe[1152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00EF29B1
IAT C:\Windows\System32\svchost.exe[1152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00EF28DF
IAT C:\Windows\System32\svchost.exe[1152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00EF2947
IAT C:\Windows\System32\svchost.exe[1152] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00EF2F24
IAT C:\Windows\System32\svchost.exe[1152] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00EF2C6A
IAT C:\Windows\System32\svchost.exe[1152] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00EF2F24
IAT C:\Windows\System32\svchost.exe[1152] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 00EF29B1
IAT C:\Windows\System32\svchost.exe[1152] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00EF2C6A
IAT C:\Windows\System32\svchost.exe[1152] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00EF2F24
IAT C:\Windows\System32\svchost.exe[1152] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 00EF29B1
IAT C:\Windows\system32\svchost.exe[1208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00A829B1
IAT C:\Windows\system32\svchost.exe[1208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00A828DF
IAT C:\Windows\system32\svchost.exe[1208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00A82947
IAT C:\Windows\system32\svchost.exe[1208] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00A82F24
IAT C:\Windows\system32\svchost.exe[1208] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00A82C6A
IAT C:\Windows\system32\svchost.exe[1208] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00A82F24
IAT C:\Windows\system32\svchost.exe[1208] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 00A829B1
IAT C:\Windows\system32\svchost.exe[1208] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00A82C6A
IAT C:\Windows\system32\svchost.exe[1208] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00A82F24
IAT C:\Windows\system32\svchost.exe[1208] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 00A829B1
IAT C:\Windows\system32\SLsvc.exe[1336] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 003A29B1
IAT C:\Windows\system32\SLsvc.exe[1336] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 003A28DF
IAT C:\Windows\system32\SLsvc.exe[1336] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003A2947
IAT C:\Windows\system32\SLsvc.exe[1336] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 003A29B1
IAT C:\Windows\system32\SLsvc.exe[1336] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 003A2F24
IAT C:\Windows\system32\SLsvc.exe[1336] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 003A2C6A
IAT C:\Windows\system32\SLsvc.exe[1336] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 003A2F24
IAT C:\Windows\system32\SLsvc.exe[1336] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 003A2C6A
IAT C:\Windows\system32\SLsvc.exe[1336] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 003A2F24
IAT C:\Windows\system32\SLsvc.exe[1336] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 003A29B1
IAT C:\Windows\system32\svchost.exe[1428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 006E29B1
IAT C:\Windows\system32\svchost.exe[1428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 006E28DF
IAT C:\Windows\system32\svchost.exe[1428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 006E2947
IAT C:\Windows\system32\svchost.exe[1428] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 006E2F24
IAT C:\Windows\system32\svchost.exe[1428] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 006E2C6A
IAT C:\Windows\system32\svchost.exe[1428] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 006E2F24
IAT C:\Windows\system32\svchost.exe[1428] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 006E29B1
IAT C:\Windows\system32\svchost.exe[1428] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 006E2C6A
IAT C:\Windows\system32\svchost.exe[1428] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 006E2F24
IAT C:\Windows\system32\svchost.exe[1428] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 006E29B1
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1492] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 009529B1
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1492] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 009528DF
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1492] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00952947
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1492] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00952F24
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1492] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00952C6A
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1492] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00952F24
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1492] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 009529B1
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1492] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00952C6A
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1492] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00952F24
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1492] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 009529B1
IAT C:\Windows\system32\aestsrv.exe[1512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 008C29B1
IAT C:\Windows\system32\aestsrv.exe[1512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 008C28DF
IAT C:\Windows\system32\aestsrv.exe[1512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 008C2947
IAT C:\Windows\system32\aestsrv.exe[1512] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 008C2F24
IAT C:\Windows\system32\aestsrv.exe[1512] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 008C2C6A
IAT C:\Windows\system32\aestsrv.exe[1512] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 008C2F24
IAT C:\Windows\system32\aestsrv.exe[1512] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 008C2C6A
IAT C:\Windows\system32\aestsrv.exe[1512] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 008C2F24
IAT C:\Windows\system32\aestsrv.exe[1512] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 008C29B1
IAT C:\Windows\system32\aestsrv.exe[1512] @ C:\Windows\system32\ws2_32.dll [ntdll.dll!NtQueryDirectoryFile] 008C29B1
IAT C:\Windows\system32\svchost.exe[1544] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 013529B1
IAT C:\Windows\system32\svchost.exe[1544] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 013528DF
IAT C:\Windows\system32\svchost.exe[1544] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01352947
IAT C:\Windows\system32\svchost.exe[1544] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01352F24
IAT C:\Windows\system32\svchost.exe[1544] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 01352C6A
IAT C:\Windows\system32\svchost.exe[1544] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 01352F24
IAT C:\Windows\system32\svchost.exe[1544] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 013529B1
IAT C:\Windows\system32\svchost.exe[1544] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 01352C6A
IAT C:\Windows\system32\svchost.exe[1544] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 01352F24
IAT C:\Windows\system32\svchost.exe[1544] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 013529B1
IAT C:\Windows\System32\WLTRYSVC.EXE[1656] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 009E29B1
IAT C:\Windows\System32\WLTRYSVC.EXE[1656] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 009E28DF
IAT C:\Windows\System32\WLTRYSVC.EXE[1656] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 009E2947
IAT C:\Windows\System32\WLTRYSVC.EXE[1656] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 009E2F24
IAT C:\Windows\System32\WLTRYSVC.EXE[1656] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 009E2C6A
IAT C:\Windows\System32\WLTRYSVC.EXE[1656] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 009E2F24
IAT C:\Windows\System32\WLTRYSVC.EXE[1656] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 009E2C6A
IAT C:\Windows\System32\WLTRYSVC.EXE[1656] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 009E2F24
IAT C:\Windows\System32\WLTRYSVC.EXE[1656] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 009E29B1
IAT C:\Windows\System32\WLTRYSVC.EXE[1656] @ C:\Windows\system32\ws2_32.dll [ntdll.dll!NtQueryDirectoryFile] 009E29B1
IAT C:\Windows\system32\WLANExt.exe[1664] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 002A29B1
IAT C:\Windows\system32\WLANExt.exe[1664] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 002A28DF
IAT C:\Windows\system32\WLANExt.exe[1664] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 002A2947
IAT C:\Windows\system32\WLANExt.exe[1664] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 002A2F24
IAT C:\Windows\system32\WLANExt.exe[1664] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 002A2C6A
IAT C:\Windows\system32\WLANExt.exe[1664] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 002A2F24
IAT C:\Windows\system32\WLANExt.exe[1664] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 002A29B1
IAT C:\Windows\system32\WLANExt.exe[1664] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 002A2C6A
IAT C:\Windows\system32\WLANExt.exe[1664] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 002A2F24
IAT C:\Windows\system32\WLANExt.exe[1664] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 002A29B1
IAT C:\Windows\System32\bcmwltry.exe[1676] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtQueryDirectoryFile] 044929B1
IAT C:\Windows\System32\bcmwltry.exe[1676] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!LdrGetProcedureAddress] 044928DF
IAT C:\Windows\System32\bcmwltry.exe[1676] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!LdrLoadDll] 04492947
IAT C:\Windows\System32\bcmwltry.exe[1676] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 04492F24
IAT C:\Windows\System32\bcmwltry.exe[1676] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 04492C6A
IAT C:\Windows\System32\bcmwltry.exe[1676] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 04492F24
IAT C:\Windows\System32\bcmwltry.exe[1676] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 044929B1
IAT C:\Windows\System32\bcmwltry.exe[1676] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 04492C6A
IAT C:\Windows\System32\bcmwltry.exe[1676] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 04492F24
IAT C:\Windows\System32\bcmwltry.exe[1676] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 044929B1
IAT C:\Windows\System32\spoolsv.exe[2020] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 01EB29B1
IAT C:\Windows\System32\spoolsv.exe[2020] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01EB28DF
IAT C:\Windows\System32\spoolsv.exe[2020] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01EB2947
IAT C:\Windows\System32\spoolsv.exe[2020] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01EB2F24
IAT C:\Windows\System32\spoolsv.exe[2020] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 01EB2C6A
IAT C:\Windows\System32\spoolsv.exe[2020] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 01EB2F24
IAT C:\Windows\System32\spoolsv.exe[2020] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 01EB29B1
IAT C:\Windows\System32\spoolsv.exe[2020] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 01EB2C6A
IAT C:\Windows\System32\spoolsv.exe[2020] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 01EB2F24
IAT C:\Windows\System32\spoolsv.exe[2020] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 01EB29B1
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 008429B1
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 008428DF
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00842947
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00842F24
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00842C6A
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00842F24
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 008429B1
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00842C6A
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00842F24
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 008429B1
IAT C:\Windows\system32\svchost.exe[2140] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 008429B1
IAT C:\Windows\system32\svchost.exe[2140] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 008428DF
IAT C:\Windows\system32\svchost.exe[2140] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00842947
IAT C:\Windows\system32\svchost.exe[2140] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00842F24
IAT C:\Windows\system32\svchost.exe[2140] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00842C6A
IAT C:\Windows\system32\svchost.exe[2140] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00842F24
IAT C:\Windows\system32\svchost.exe[2140] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 008429B1
IAT C:\Windows\system32\svchost.exe[2140] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 00842C6A
IAT C:\Windows\system32\svchost.exe[2140] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 00842F24
IAT C:\Windows\system32\svchost.exe[2140] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 008429B1
IAT C:\Windows\system32\STacSV.exe[2216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00A329B1
IAT C:\Windows\system32\STacSV.exe[2216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00A328DF
IAT C:\Windows\system32\STacSV.exe[2216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00A32947
IAT C:\Windows\system32\STacSV.exe[2216] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00A32C6A
IAT C:\Windows\system32\STacSV.exe[2216] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00A32F24
IAT C:\Windows\system32\STacSV.exe[2216] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00A32F24
IAT C:\Windows\system32\STacSV.exe[2216] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 00A32C6A
IAT C:\Windows\system32\STacSV.exe[2216] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 00A32F24
IAT C:\Windows\system32\STacSV.exe[2216] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 00A329B1
IAT C:\Windows\system32\STacSV.exe[2216] @ C:\Windows\system32\ws2_32.dll [ntdll.dll!NtQueryDirectoryFile] 00A329B1
IAT C:\Program Files\DellTPad\Apntex.exe[2268] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 01AC29B1
IAT C:\Program Files\DellTPad\Apntex.exe[2268] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01AC28DF
IAT C:\Program Files\DellTPad\Apntex.exe[2268] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01AC2947
IAT C:\Program Files\DellTPad\Apntex.exe[2268] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01AC2F24
IAT C:\Program Files\DellTPad\Apntex.exe[2268] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 01AC2C6A
IAT C:\Program Files\DellTPad\Apntex.exe[2268] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 01AC2F24
IAT C:\Program Files\DellTPad\Apntex.exe[2268] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 01AC2C6A
IAT C:\Program Files\DellTPad\Apntex.exe[2268] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 01AC2F24
IAT C:\Program Files\DellTPad\Apntex.exe[2268] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 01AC29B1
IAT C:\Program Files\DellTPad\Apntex.exe[2268] @ C:\Windows\system32\ws2_32.dll [ntdll.dll!NtQueryDirectoryFile] 01AC29B1
IAT C:\Windows\system32\svchost.exe[2276] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00AC29B1
IAT C:\Windows\system32\svchost.exe[2276] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00AC28DF
IAT C:\Windows\system32\svchost.exe[2276] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00AC2947
IAT C:\Windows\system32\svchost.exe[2276] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00AC2F24
IAT C:\Windows\system32\svchost.exe[2276] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00AC2C6A
IAT C:\Windows\system32\svchost.exe[2276] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00AC2F24
IAT C:\Windows\system32\svchost.exe[2276] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00AC2C6A
IAT C:\Windows\system32\svchost.exe[2276] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00AC2F24
IAT C:\Windows\system32\svchost.exe[2276] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 00AC29B1
IAT C:\Windows\system32\svchost.exe[2276] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 00AC29B1
IAT C:\Windows\System32\svchost.exe[2312] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 008F29B1
IAT C:\Windows\System32\svchost.exe[2312] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 008F28DF
IAT C:\Windows\System32\svchost.exe[2312] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 008F2947
IAT C:\Windows\System32\svchost.exe[2312] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 008F2F24
IAT C:\Windows\System32\svchost.exe[2312] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 008F2C6A
IAT C:\Windows\System32\svchost.exe[2312] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 008F2F24
IAT C:\Windows\System32\svchost.exe[2312] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 008F2C6A
IAT C:\Windows\System32\svchost.exe[2312] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 008F2F24
IAT C:\Windows\System32\svchost.exe[2312] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 008F29B1
IAT C:\Windows\System32\svchost.exe[2312] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 008F29B1
IAT C:\Windows\system32\DRIVERS\xaudio.exe[2552] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 009029B1
IAT C:\Windows\system32\DRIVERS\xaudio.exe[2552] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 009028DF
IAT C:\Windows\system32\DRIVERS\xaudio.exe[2552] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00902947
IAT C:\Windows\system32\DRIVERS\xaudio.exe[2552] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00902C6A
IAT C:\Windows\system32\DRIVERS\xaudio.exe[2552] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00902F24
IAT C:\Windows\system32\DRIVERS\xaudio.exe[2552] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00902F24
IAT C:\Windows\system32\DRIVERS\xaudio.exe[2552] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 00902C6A
IAT C:\Windows\system32\DRIVERS\xaudio.exe[2552] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 00902F24
IAT C:\Windows\system32\DRIVERS\xaudio.exe[2552] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 009029B1
IAT C:\Windows\system32\DRIVERS\xaudio.exe[2552] @ C:\Windows\system32\ws2_32.dll [ntdll.dll!NtQueryDirectoryFile] 009029B1
IAT C:\Windows\system32\wuauclt.exe[2948] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 003129B1
IAT C:\Windows\system32\wuauclt.exe[2948] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 003128DF
IAT C:\Windows\system32\wuauclt.exe[2948] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00312947
IAT C:\Windows\system32\wuauclt.exe[2948] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00312C6A
IAT C:\Windows\system32\wuauclt.exe[2948] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00312F24
IAT C:\Windows\system32\wuauclt.exe[2948] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00312F24
IAT C:\Windows\system32\wuauclt.exe[2948] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00312C6A
IAT C:\Windows\system32\wuauclt.exe[2948] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00312F24
IAT C:\Windows\system32\wuauclt.exe[2948] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 003129B1
IAT C:\Windows\system32\wuauclt.exe[2948] @ C:\Windows\system32\ws2_32.dll [ntdll.dll!NtQueryDirectoryFile] 003129B1
IAT C:\Windows\system32\taskeng.exe[3072] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00C629B1
IAT C:\Windows\system32\taskeng.exe[3072] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00C628DF
IAT C:\Windows\system32\taskeng.exe[3072] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00C62947
IAT C:\Windows\system32\taskeng.exe[3072] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00C62C6A
IAT C:\Windows\system32\taskeng.exe[3072] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00C62F24
IAT C:\Windows\system32\taskeng.exe[3072] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 00C629B1
IAT C:\Windows\system32\taskeng.exe[3072] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00C62F24
IAT C:\Windows\system32\taskeng.exe[3072] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00C62C6A
IAT C:\Windows\system32\taskeng.exe[3072] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00C62F24
IAT C:\Windows\system32\taskeng.exe[3072] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 00C629B1
IAT C:\Windows\System32\igfxtray.exe[3112] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 019229B1
IAT C:\Windows\System32\igfxtray.exe[3112] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 019228DF
IAT C:\Windows\System32\igfxtray.exe[3112] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01922947
IAT C:\Windows\System32\igfxtray.exe[3112] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 01922C6A
IAT C:\Windows\System32\igfxtray.exe[3112] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 01922F24
IAT C:\Windows\System32\igfxtray.exe[3112] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 01922C6A
IAT C:\Windows\System32\igfxtray.exe[3112] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 01922F24
IAT C:\Windows\System32\igfxtray.exe[3112] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 019229B1
IAT C:\Windows\System32\igfxtray.exe[3112] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01922F24
IAT C:\Windows\System32\igfxtray.exe[3112] @ C:\Windows\system32\ws2_32.dll [ntdll.dll!NtQueryDirectoryFile] 019229B1
IAT C:\Windows\System32\hkcmd.exe[3120] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 01B729B1
IAT C:\Windows\System32\hkcmd.exe[3120] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01B728DF
IAT C:\Windows\System32\hkcmd.exe[3120] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01B72947
IAT C:\Windows\System32\hkcmd.exe[3120] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 01B72C6A
IAT C:\Windows\System32\hkcmd.exe[3120] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 01B72F24
IAT C:\Windows\System32\hkcmd.exe[3120] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 01B72C6A
IAT C:\Windows\System32\hkcmd.exe[3120] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 01B72F24
IAT C:\Windows\System32\hkcmd.exe[3120] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 01B729B1
IAT C:\Windows\System32\hkcmd.exe[3120] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01B72F24
IAT C:\Windows\System32\hkcmd.exe[3120] @ C:\Windows\system32\ws2_32.dll [ntdll.dll!NtQueryDirectoryFile] 01B729B1
IAT C:\Windows\System32\igfxpers.exe[3128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 015929B1
IAT C:\Windows\System32\igfxpers.exe[3128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 015928DF
IAT C:\Windows\System32\igfxpers.exe[3128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01592947
IAT C:\Windows\System32\igfxpers.exe[3128] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 01592C6A
IAT C:\Windows\System32\igfxpers.exe[3128] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 01592F24
IAT C:\Windows\System32\igfxpers.exe[3128] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01592F24
IAT C:\Windows\System32\igfxpers.exe[3128] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 01592C6A
IAT C:\Windows\System32\igfxpers.exe[3128] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 01592F24
IAT C:\Windows\System32\igfxpers.exe[3128] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 015929B1
IAT C:\Windows\System32\igfxpers.exe[3128] @ C:\Windows\system32\ws2_32.dll [ntdll.dll!NtQueryDirectoryFile] 015929B1
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 016629B1
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 016628DF
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01662947
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3152] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01662F24
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3152] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 01662C6A
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3152] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 01662F24
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3152] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 016629B1
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3152] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 01662C6A
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3152] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 01662F24
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3152] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 016629B1
IAT C:\Program Files\Windows Media Player\wmpnetwk.exe[3364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00FE29B1
IAT C:\Program Files\Windows Media Player\wmpnetwk.exe[3364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00FE28DF
IAT C:\Program Files\Windows Media Player\wmpnetwk.exe[3364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00FE2947
IAT C:\Program Files\Windows Media Player\wmpnetwk.exe[3364] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00FE2C6A
IAT C:\Program Files\Windows Media Player\wmpnetwk.exe[3364] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00FE2F24
IAT C:\Program Files\Windows Media Player\wmpnetwk.exe[3364] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 00FE29B1
IAT C:\Program Files\Windows Media Player\wmpnetwk.exe[3364] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00FE2F24
IAT C:\Program Files\Windows Media Player\wmpnetwk.exe[3364] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00FE2C6A
IAT C:\Program Files\Windows Media Player\wmpnetwk.exe[3364] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00FE2F24
IAT C:\Program Files\Windows Media Player\wmpnetwk.exe[3364] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 00FE29B1
IAT C:\Program Files\DellTPad\ApMsgFwd.exe[3420] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 008A29B1
IAT C:\Program Files\DellTPad\ApMsgFwd.exe[3420] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 008A28DF
IAT C:\Program Files\DellTPad\ApMsgFwd.exe[3420] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 008A2947
IAT C:\Program Files\DellTPad\ApMsgFwd.exe[3420] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 008A2F24
IAT C:\Program Files\DellTPad\ApMsgFwd.exe[3420] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 008A2C6A
IAT C:\Program Files\DellTPad\ApMsgFwd.exe[3420] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 008A2F24
IAT C:\Program Files\DellTPad\ApMsgFwd.exe[3420] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 008A2C6A
IAT C:\Program Files\DellTPad\ApMsgFwd.exe[3420] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 008A2F24
IAT C:\Program Files\DellTPad\ApMsgFwd.exe[3420] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 008A29B1
IAT C:\Program Files\DellTPad\ApMsgFwd.exe[3420] @ C:\Windows\system32\ws2_32.dll [ntdll.dll!NtQueryDirectoryFile] 008A29B1
IAT C:\Program Files\DellTPad\HidFind.exe[3452] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 008B29B1
IAT C:\Program Files\DellTPad\HidFind.exe[3452] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 008B28DF
IAT C:\Program Files\DellTPad\HidFind.exe[3452] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 008B2947
IAT C:\Program Files\DellTPad\HidFind.exe[3452] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 008B2C6A
IAT C:\Program Files\DellTPad\HidFind.exe[3452] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 008B2F24
IAT C:\Program Files\DellTPad\HidFind.exe[3452] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 008B2F24
IAT C:\Program Files\DellTPad\HidFind.exe[3452] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 008B2C6A
IAT C:\Program Files\DellTPad\HidFind.exe[3452] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 008B2F24
IAT C:\Program Files\DellTPad\HidFind.exe[3452] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 008B29B1
IAT C:\Program Files\DellTPad\HidFind.exe[3452] @ C:\Windows\system32\ws2_32.dll [ntdll.dll!NtQueryDirectoryFile] 008B29B1
IAT C:\Program Files\Digital Line Detect\DLG.exe[3492] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 01B029B1
IAT C:\Program Files\Digital Line Detect\DLG.exe[3492] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01B028DF
IAT C:\Program Files\Digital Line Detect\DLG.exe[3492] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01B02947
IAT C:\Program Files\Digital Line Detect\DLG.exe[3492] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 01B02C6A
IAT C:\Program Files\Digital Line Detect\DLG.exe[3492] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 01B02F24
IAT C:\Program Files\Digital Line Detect\DLG.exe[3492] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] 01B029B1
IAT C:\Program Files\Digital Line Detect\DLG.exe[3492] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01B02F24
IAT C:\Program Files\Digital Line Detect\DLG.exe[3492] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 01B029B1
IAT C:\Program Files\Digital Line Detect\DLG.exe[3492] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 01B02C6A
IAT C:\Program Files\Digital Line Detect\DLG.exe[3492] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 01B02F24
IAT C:\Windows\system32\igfxsrvc.exe[3512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 005D29B1
IAT C:\Windows\system32\igfxsrvc.exe[3512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 005D28DF
IAT C:\Windows\system32\igfxsrvc.exe[3512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 005D2947
IAT C:\Windows\system32\igfxsrvc.exe[3512] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 005D2C6A
IAT C:\Windows\system32\igfxsrvc.exe[3512] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 005D2F24
IAT C:\Windows\system32\igfxsrvc.exe[3512] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 005D2F24
IAT C:\Windows\system32\igfxsrvc.exe[3512] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 005D29B1
IAT C:\Windows\system32\igfxsrvc.exe[3512] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 005D2C6A
IAT C:\Windows\system32\igfxsrvc.exe[3512] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 005D2F24
IAT C:\Windows\system32\igfxsrvc.exe[3512] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 005D29B1
IAT C:\Windows\System32\alg.exe[3716] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004729B1
IAT C:\Windows\System32\alg.exe[3716] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004728DF
IAT C:\Windows\System32\alg.exe[3716] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00472947
IAT C:\Windows\System32\alg.exe[3716] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 004729B1
IAT C:\Windows\System32\alg.exe[3716] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00472C6A
IAT C:\Windows\System32\alg.exe[3716] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00472F24
IAT C:\Windows\System32\alg.exe[3716] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00472F24
IAT C:\Windows\System32\alg.exe[3716] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 00472C6A
IAT C:\Windows\System32\alg.exe[3716] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 00472F24
IAT C:\Windows\System32\alg.exe[3716] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 004729B1
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4256] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 029E29B1
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4256] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 029E28DF
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4256] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 029E2947
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4256] @ C:\Windows\system32\ole32.dll [USER32.dll!GetClipboardData] 029E2C6A
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4256] @ C:\Windows\system32\ole32.dll [USER32.dll!TranslateMessage] 029E2F24
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4256] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 029E2F24
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4256] @ C:\Windows\system32\shell32.dll [USER32.dll!GetClipboardData] 029E2C6A
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4256] @ C:\Windows\system32\shell32.dll [USER32.dll!TranslateMessage] 029E2F24
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4256] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtQueryDirectoryFile] 029E29B1
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4256] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!NtQueryDirectoryFile] 029E29B1

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\iaStor \Device\Harddisk0\DR0 855FB618

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\iastor.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:08 PM

Posted 18 January 2010 - 08:45 AM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 harryspotter

harryspotter
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 18 January 2010 - 09:39 AM

Combofix did say avast was still running, however I had turned it off



ComboFix 10-01-17.02 - HarrySpotter 18/01/2010 14:16:47.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2037.1003 [GMT 0:00]
Running from: c:\users\HarrySpotter\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090128-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1296 [VPS 090128-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3739840476-1799838778-598606433-500
c:\windows\run.log
c:\windows\system32\oem7.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-12-18 to 2010-01-18 )))))))))))))))))))))))))))))))
.

2010-01-18 14:25 . 2010-01-18 14:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-18 14:08 . 2010-01-18 14:26 -------- d-----w- c:\users\HarrySpotter\AppData\Local\temp
2010-01-18 09:33 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-01-18 09:33 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-18 09:33 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-01-17 19:02 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-17 19:02 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-12-25 01:30 . 2009-12-25 01:30 -------- d-----w- c:\programdata\WindowsSearch
2009-12-23 20:29 . 2009-12-23 20:29 -------- d-----w- c:\program files\TrendMicro
2009-12-23 19:45 . 2009-12-23 19:45 -------- d-----w- c:\programdata\CA
2009-12-23 16:58 . 2009-12-23 16:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-23 16:57 . 2009-12-23 16:57 -------- d-----w- c:\users\HarrySpotter\AppData\Roaming\Malwarebytes
2009-12-23 16:57 . 2009-12-23 16:57 -------- d-----w- c:\programdata\Malwarebytes
2009-12-20 23:13 . 2009-12-20 23:14 -------- d-----w- c:\program files\QuickTime
2009-12-20 23:12 . 2009-12-20 23:12 -------- d-----w- c:\program files\Common Files\Apple
2009-12-20 23:11 . 2009-12-20 23:11 -------- d-----w- c:\users\HarrySpotter\AppData\Local\Apple
2009-12-20 23:11 . 2009-12-20 23:11 -------- d-----w- c:\program files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-18 14:24 . 2009-10-05 09:19 -------- d-----w- c:\users\HarrySpotter\AppData\Roaming\Skype
2010-01-18 13:08 . 2009-10-05 09:22 -------- d-----w- c:\users\HarrySpotter\AppData\Roaming\skypePM
2010-01-18 10:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-17 22:11 . 2009-10-21 10:33 -------- d-----w- c:\program files\Trusteer
2010-01-04 16:11 . 2008-06-24 01:55 -------- d-----w- c:\program files\Google
2009-11-02 20:42 . 2009-10-05 08:35 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-27 09:51 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 13:20 . 2009-12-10 19:17 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16 . 2009-12-10 19:17 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55 . 2009-12-10 19:17 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2008-06-24 01:48 . 2008-06-24 01:48 76 --sh--r- c:\windows\CT4CET.bin
2008-06-24 09:26 . 2008-06-24 09:05 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-24 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"Google Update"="c:\users\HarrySpotter\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-07 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2008-06-24 77824]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-16 3444736]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-09 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-24 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-24 02:05 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\G:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [08/01/2009 15:58 114768]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [06/10/2009 13:42 58984]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [06/10/2009 13:42 334440]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [24/06/2008 01:33 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [08/01/2009 15:58 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [08/01/2009 15:57 51792]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [06/10/2009 13:42 972008]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [24/06/2008 09:27 111616]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [24/06/2008 01:55 30192]
.
Contents of the 'Scheduled Tasks' folder

2009-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3739840476-1799838778-598606433-1000Core.job
- c:\users\HarrySpotter\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-07 12:07]

2010-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3739840476-1799838778-598606433-1000UA.job
- c:\users\HarrySpotter\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-07 12:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 14:26
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4516)
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
.
Completion time: 2010-01-18 14:28:55
ComboFix-quarantined-files.txt 2010-01-18 14:28

Pre-Run: 46,655,508,480 bytes free
Post-Run: 47,907,295,232 bytes free

- - End Of File - - 08A6C390447E2A2BAA2BAEFB0EEAB4F1

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:08 PM

Posted 19 January 2010 - 09:55 AM

Hi,

ComboFix seems not to see the infection, please run TDSSKiller instead:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.
Did you get any popups from your anti virus saying it detected or cleaned some infection?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 harryspotter

harryspotter
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 19 January 2010 - 10:57 AM

Hi

Dont remember anti virus giving any warnings

15:54:06:129 4556 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
15:54:06:130 4556 ================================================================================
15:54:06:130 4556 SystemInfo:

15:54:06:130 4556 OS Version: 6.0.6001 ServicePack: 1.0
15:54:06:130 4556 Product type: Workstation
15:54:06:130 4556 ComputerName: PINKSTER
15:54:06:130 4556 UserName: HarrySpotter
15:54:06:130 4556 Windows directory: C:\Windows
15:54:06:130 4556 Processor architecture: Intel x86
15:54:06:130 4556 Number of processors: 2
15:54:06:130 4556 Page size: 0x1000
15:54:06:132 4556 Boot type: Normal boot
15:54:06:132 4556 ================================================================================
15:54:06:135 4556 UnloadDriverW: NtUnloadDriver error 2
15:54:06:135 4556 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
15:54:06:137 4556 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
15:54:06:175 4556 UtilityInit: KLMD drop and load success
15:54:06:175 4556 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
15:54:06:175 4556 UtilityInit: KLMD open success
15:54:06:175 4556 UtilityInit: Initialize success
15:54:06:175 4556
15:54:06:175 4556 Scanning Services ...
15:54:06:175 4556 CreateRegParser: Registry parser init started
15:54:06:175 4556 CreateRegParser: DisableWow64Redirection error
15:54:06:175 4556 wfopen_ex: Trying to open file C:\Windows\system32\config\system
15:54:06:175 4556 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043
15:54:06:175 4556 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:54:06:175 4556 wfopen_ex: Trying to KLMD file open
15:54:06:175 4556 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system
15:54:06:176 4556 wfopen_ex: File opened ok (Flags 2)
15:54:06:221 4556 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 3B6AD8
15:54:06:221 4556 wfopen_ex: Trying to open file C:\Windows\system32\config\software
15:54:06:221 4556 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043
15:54:06:221 4556 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:54:06:221 4556 wfopen_ex: Trying to KLMD file open
15:54:06:221 4556 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software
15:54:06:222 4556 wfopen_ex: File opened ok (Flags 2)
15:54:06:222 4556 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 3B6B00
15:54:06:222 4556 CreateRegParser: EnableWow64Redirection error
15:54:06:222 4556 CreateRegParser: RegParser init completed
15:54:06:620 4556 GetAdvancedServicesInfo: Raw services enum returned 424 services
15:54:06:624 4556 fclose_ex: Trying to close file C:\Windows\system32\config\system
15:54:06:624 4556 fclose_ex: Trying to close file C:\Windows\system32\config\software
15:54:06:625 4556
15:54:06:625 4556 Scanning Kernel memory ...
15:54:06:625 4556 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
15:54:06:625 4556 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 86146150
15:54:06:625 4556 DetectCureTDL3: KLMD_GetDeviceObjectList returned 1 DevObjects
15:54:06:625 4556
15:54:06:625 4556 DetectCureTDL3: DEVICE_OBJECT: 86716420
15:54:06:625 4556 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86716420
15:54:06:625 4556 DetectCureTDL3: DEVICE_OBJECT: 85603030
15:54:06:625 4556 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85603030
15:54:06:625 4556 KLMD_ReadMem: Trying to ReadMemory 0x85603030[0x38]
15:54:06:625 4556 DetectCureTDL3: DRIVER_OBJECT: 855F8908
15:54:06:625 4556 KLMD_ReadMem: Trying to ReadMemory 0x855F8908[0xA8]
15:54:06:626 4556 KLMD_ReadMem: Trying to ReadMemory 0x855D9108[0x1C]
15:54:06:626 4556 DetectCureTDL3: DRIVER_OBJECT name: \Driver\iaStor, Driver Name: iaStor
15:54:06:626 4556 DetectCureTDL3: IrpHandler (0) addr: 83443818
15:54:06:626 4556 DetectCureTDL3: IrpHandler (1) addr: 8265BFE3
15:54:06:626 4556 DetectCureTDL3: IrpHandler (2) addr: 83443818
15:54:06:626 4556 DetectCureTDL3: IrpHandler (3) addr: 8265BFE3
15:54:06:626 4556 DetectCureTDL3: IrpHandler (4) addr: 8265BFE3
15:54:06:626 4556 DetectCureTDL3: IrpHandler (5) addr: 8265BFE3
15:54:06:626 4556 DetectCureTDL3: IrpHandler (6) addr: 8265BFE3
15:54:06:626 4556 DetectCureTDL3: IrpHandler (7) addr: 8265BFE3
15:54:06:626 4556 DetectCureTDL3: IrpHandler (8) addr: 8265BFE3
15:54:06:626 4556 DetectCureTDL3: IrpHandler (9) addr: 8265BFE3
15:54:06:626 4556 DetectCureTDL3: IrpHandler (10) addr: 8265BFE3
15:54:06:626 4556 DetectCureTDL3: IrpHandler (11) addr: 8265BFE3
15:54:06:626 4556 DetectCureTDL3: IrpHandler (12) addr: 8265BFE3
15:54:06:626 4556 DetectCureTDL3: IrpHandler (13) addr: 8265BFE3
15:54:06:626 4556 DetectCureTDL3: IrpHandler (14) addr: 83441132
15:54:06:626 4556 DetectCureTDL3: IrpHandler (15) addr: 8343E918
15:54:06:626 4556 DetectCureTDL3: IrpHandler (16) addr: 8265BFE3
15:54:06:626 4556 DetectCureTDL3: IrpHandler (17) addr: 8265BFE3
15:54:06:626 4556 DetectCureTDL3: IrpHandler (18) addr: 8265BFE3
15:54:06:626 4556 DetectCureTDL3: IrpHandler (19) addr: 8265BFE3
15:54:06:626 4556 DetectCureTDL3: IrpHandler (20) addr: 8265BFE3
15:54:06:626 4556 DetectCureTDL3: IrpHandler (21) addr: 8265BFE3
15:54:06:626 4556 DetectCureTDL3: IrpHandler (22) addr: 8343AAB4
15:54:06:626 4556 DetectCureTDL3: IrpHandler (23) addr: 8343A07C
15:54:06:626 4556 DetectCureTDL3: IrpHandler (24) addr: 8265BFE3
15:54:06:626 4556 DetectCureTDL3: IrpHandler (25) addr: 8265BFE3
15:54:06:626 4556 DetectCureTDL3: IrpHandler (26) addr: 8265BFE3
15:54:06:626 4556 TDL3_FileDetect: Processing driver: iaStor
15:54:06:626 4556 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\iastor.sys
15:54:06:626 4556 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\iastor.sys
15:54:06:646 4556 TDL3_FileDetect: C:\Windows\system32\drivers\iastor.sys - Verdict: Clean
15:54:06:646 4556
15:54:06:646 4556 Completed
15:54:06:647 4556
15:54:06:647 4556 Results:
15:54:06:647 4556 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
15:54:06:647 4556 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
15:54:06:648 4556 File objects infected / cured / cured on reboot: 0 / 0 / 0
15:54:06:648 4556
15:54:06:649 4556 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
15:54:06:650 4556 UtilityDeinit: KLMD(ARK) unloaded successfully

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:08 PM

Posted 19 January 2010 - 12:57 PM

Hi,

could you please get me a new scan from gmer. Are you still getting redirected? Did you run ComboFix twice?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 harryspotter

harryspotter
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 20 January 2010 - 11:19 AM

Hi, eveytime I run gmer, it takes all day, freezes or shuts down pc.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:08 PM

Posted 20 January 2010 - 03:42 PM

Hi,

please run a scan with mbr instead then:
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
Please also anwser my other questions.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 harryspotter

harryspotter
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 21 January 2010 - 04:59 AM

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll i8042prt.sys kbdclass.sys ntkrnlpa.exe
kernel: MBR read successfully
user & kernel MBR OK

not getting redirected.
did run it twice in errror




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users