mbam-setup won't install mbam.exe, a few issues... [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

mbam-setup won't install mbam.exe, a few issues... [Solved]

Options

CoffeeBreath View Member Profile	Oct 26 2009, 08:55 AM Post #1
Member Posts: 13 OS: win xp, but mostly linux	Howdy, Got the pornotube.com stuff on the desktop and notices about a few different trojan infections. What I've done: - Ran TFC, it deleted 900M + of stuff. Afterwards firefox won't work but at least the porn desktop links are gone :-) - Ran SysRestorePoint, but it gives a popup that restore point creation failed (and yet the status window says it succeeded) - Ran ERUNT and it successfully created the registry backup - Tried to install MBAM, but the installer won't create mbam.exe in the install directory. Tried installing to different locations, and renaming the installer as I downloaded it to no avail. - Skipped windows update thinking I shouldn't bother while the system is infected - Reboots don't change how any of these steps act. I'm attaching the RootRepeal log, and the OTL OTL.Txt and Extras.Txt. Any help greatly appreciated! Thanks, Steve. Attached File(s) RootRepeal_report_10_25_09__22_42_13_.txt ( 6.71K ) Number of downloads: 57 OTL.Txt ( 108.53K ) Number of downloads: 44 Extras.Txt ( 55.59K ) Number of downloads: 37

CoffeeBreath View Member Profile	Oct 27 2009, 09:17 PM Post #2
Member Posts: 13 OS: win xp, but mostly linux	A further update: I was able to get mbam.exe installed by installing and updating it on another computer and copying it over to the bad one. I used a private web server to download it, so no worries about infecting any media... :-) It ran and identified a number of trojans and bad registry settings, which I told it to remove (log attached). After a reboot, I'm unable to re-launch the mbam executable I copied "Error code: 707(3,0)", and a new attempt to install it still fails to create mbam.exe, so there still seem to be issues. I've re-run TFC, rootrepeal and OTL (new logs attached). Note that OTL didn't create an Extras.txt file this time (and I ran it again just to be sure). Another symptom I've noticed is that when I attempt to run firefox it says "Firefox is already running, but is not responding. To open a new window, you must first close the existing FIrefox process, or restart your system." Of course restarting the system doesn't seem to change that; upgrading firefox to 3.5.4 also didn't help. Hopefully when we get the rest of the gunk cleaned out that'll start working again too... :-) Thanks for any help you can provide! Steve. Attached File(s) mbam_log_2009_10_27__18_33_15_.txt ( 7.71K ) Number of downloads: 14 OTL.Txt ( 113.62K ) Number of downloads: 8 RootRepeal_report_10_27_09__23_04_43_.txt ( 4.19K ) Number of downloads: 9

piano9playa5 View Member Profile	Oct 30 2009, 04:09 PM Post #3
GeekU Senior Posts: 1,241 OS: XP Home	Hello! Welcome to GeekstoGo! I'm piano9playa5 and will be assisting you with your malware problems. If you have any questions, ask away! Just a few tips to make things go smoothly: Please be patient. There may be delays in between my posts, as I must check everything with a moderator before posting. Don't run tools you see being used in another topic. Running tools unsupervised can be dangerous. Copy\Paste logs in your replies, rather than attaching them, unless I instruct you to do otherwise. This makes things easier for me, and the moderator looking over this topic. I know you are trying to be helpful, but please don't attach files unless I ask you to. We prefer you to open, and Copy\Paste the contents here. I'll post back some instructions shortly. This post has been edited by piano9playa5: Oct 30 2009, 04:10 PM

CoffeeBreath View Member Profile	Oct 30 2009, 04:58 PM Post #4
Member Posts: 13 OS: win xp, but mostly linux	Sounds good, thanks, I thought I had read through the instructions properly but missed the part about cut&paste instead of attach... Oh well now I know :-)

piano9playa5 View Member Profile	Oct 30 2009, 05:01 PM Post #5
GeekU Senior Posts: 1,241 OS: XP Home	Hello. No problem The logs are little old. I want to make sure that I have a few different logs and a fresh look at the system before proceeding... Step One To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link. Download OTS to your Desktop Close ALL OTHER PROGRAMS. Double-click on OTS to start the program. Check the box that says Scan All Users Check the box that says 64 bit Under Additional Scans check the following: Reg - Shell Spawning File - Lop Check File - Purity Scan Evnt - EvtViewer (last 10) Now click the Run Scan button on the toolbar. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it. Please attach the log in your next post. It's usually located on the Desktop. To attach a file, do the following: Click Add Reply Under the reply panel is the Attachments Panel Browse for the attachment file you want to upload, then click the green Upload button. Once it has uploaded, click the Manage Current Attachments drop down box Click on to insert the attachment into your post Step Two Download GMER from Here. Note the file's name and save it to your root folder, such as C:\. Disconnect from the Internet and close all running programs. Temporarily disable any real-time active protection so your security program drivers will not conflict with this file. Click on this link to see a list of programs that should be disabled. Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator") Allow the driver to load if asked. You may be prompted to scan immediately if it detects rootkit activity. If you are prompted to scan your system click "No", save the log and post back the results. If not prompted, click the "Rootkit/Malware" tab. On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked. Select all drives that are connected to your system to be scanned. Click the Scan button to begin. (Please be patient as it can take some time to complete) When the scan is finished, click Save to save the scan results to your Desktop. Save the file as Results.log and copy/paste the contents in your next reply. Exit the program and re-enable all active protection when done.

CoffeeBreath View Member Profile	Oct 30 2009, 06:25 PM Post #6
Member Posts: 13 OS: win xp, but mostly linux	OTS log here: OTS.Txt ( 215.35K ) Number of downloads: 6 And the GMER log is here: GMER 1.0.15.15163 - http://www.gmer.net Rootkit scan 2009-10-30 20:19:35 Windows 5.1.2600 Service Pack 3 Running: 9yyjp06x.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\pxtdrpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB6DAB6B8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB6DAB574] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB6DABA52] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB6DAB14C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB6DAB64E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB6DAB08C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB6DAB0F0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB6DAB76E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB6DAB72E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB6DAB8AE] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\Explorer.exe[1992] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CAE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\WINDOWS\Explorer.exe[1992] WS2_32.dll!socket 71AB4211 5 Bytes JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\WINDOWS\Explorer.exe[1992] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\WINDOWS\Explorer.exe[1992] WS2_32.dll!recv 71AB676F 5 Bytes JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\nvsvc32.exe[140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\WINDOWS\system32\nvsvc32.exe[140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\WINDOWS\system32\nvsvc32.exe[140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\WINDOWS\system32\nvsvc32.exe[140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\WINDOWS\system32\nvsvc32.exe[140] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\system32\nvsvc32.exe[140] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0013941E IAT C:\WINDOWS\system32\nvsvc32.exe[140] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\WINDOWS\system32\nvsvc32.exe[140] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\system32\nvsvc32.exe[140] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\system32\nvsvc32.exe[140] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\WINDOWS\system32\nvsvc32.exe[140] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\system32\nvsvc32.exe[140] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\system32\nvsvc32.exe[140] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\system32\nvsvc32.exe[140] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\WINDOWS\system32\nvsvc32.exe[140] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\WINDOWS\system32\nvsvc32.exe[140] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\system32\nvsvc32.exe[140] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\WINDOWS\system32\nvsvc32.exe[140] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\system32\nvsvc32.exe[140] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\system32\nvsvc32.exe[140] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\WINDOWS\system32\services.exe[472] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 007E0002 IAT C:\WINDOWS\system32\services.exe[472] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 007E0000 IAT C:\WINDOWS\system32\services.exe[472] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 015D5B01 IAT C:\WINDOWS\system32\services.exe[472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 015D5B01 IAT C:\WINDOWS\system32\services.exe[472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 015D5A4D IAT C:\WINDOWS\system32\services.exe[472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 015D59E8 IAT C:\WINDOWS\system32\services.exe[472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 015D59B6 IAT C:\WINDOWS\system32\services.exe[472] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcA] 015D947D IAT C:\WINDOWS\system32\services.exe[472] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!EndPaint] 015D941E IAT C:\WINDOWS\system32\services.exe[472] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!BeginPaint] 015D93C1 IAT C:\WINDOWS\system32\services.exe[472] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 015D6062 IAT C:\WINDOWS\system32\services.exe[472] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcW] 015D9448 IAT C:\WINDOWS\system32\services.exe[472] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 015D5DBA IAT C:\WINDOWS\system32\services.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 015D947D IAT C:\WINDOWS\system32\services.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 015D9448 IAT C:\WINDOWS\system32\services.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 015D6062 IAT C:\WINDOWS\system32\services.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 015D941E IAT C:\WINDOWS\system32\services.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 015D93C1 IAT C:\WINDOWS\system32\services.exe[472] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 015D5B01 IAT C:\WINDOWS\system32\services.exe[472] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 015D947D IAT C:\WINDOWS\system32\services.exe[472] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 015D5DBA IAT C:\WINDOWS\system32\services.exe[472] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 015D9448 IAT C:\WINDOWS\system32\services.exe[472] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 015D6062 IAT C:\WINDOWS\system32\lsass.exe[484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 011C5B01 IAT C:\WINDOWS\system32\lsass.exe[484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 011C5A4D IAT C:\WINDOWS\system32\lsass.exe[484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 011C59E8 IAT C:\WINDOWS\system32\lsass.exe[484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 011C59B6 IAT C:\WINDOWS\system32\lsass.exe[484] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 011C5A4D IAT C:\WINDOWS\system32\lsass.exe[484] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 011C5B01 IAT C:\WINDOWS\system32\lsass.exe[484] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 011C5A4D IAT C:\WINDOWS\system32\lsass.exe[484] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 011C59E8 IAT C:\WINDOWS\system32\lsass.exe[484] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 011C5DBA IAT C:\WINDOWS\system32\lsass.exe[484] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 011C9448 IAT C:\WINDOWS\system32\lsass.exe[484] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 011C6062 IAT C:\WINDOWS\system32\lsass.exe[484] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 011C947D IAT C:\WINDOWS\system32\lsass.exe[484] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 011C941E IAT C:\WINDOWS\system32\lsass.exe[484] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 011C93C1 IAT C:\WINDOWS\system32\lsass.exe[484] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 011C6062 IAT C:\WINDOWS\system32\lsass.exe[484] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 011C9448 IAT C:\WINDOWS\system32\lsass.exe[484] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 011C5DBA IAT C:\WINDOWS\system32\lsass.exe[484] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 011C947D IAT C:\WINDOWS\system32\lsass.exe[484] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 011C9448 IAT C:\WINDOWS\system32\lsass.exe[484] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 011C6062 IAT C:\WINDOWS\system32\lsass.exe[484] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 011C941E IAT C:\WINDOWS\system32\lsass.exe[484] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 011C93C1 IAT C:\WINDOWS\system32\lsass.exe[484] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 011C947D IAT C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe[552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe[552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe[552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe[552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe[552] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe[552] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe[552] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe[552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe[552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0013941E IAT C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe[552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe[552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe[552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe[552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe[552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe[552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe[552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe[552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe[552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe[552] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe[552] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\WINDOWS\system32\svchost.exe[640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00D959B6 IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 01185B01 IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01185A4D IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 011859E8 IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 011859B6 IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 01185DBA IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 01189448 IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 01186062 IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0118947D IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0118941E IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 011893C1 IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 01186062 IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 01189448 IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 01185DBA IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0118947D IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 01189448 IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01186062 IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0118941E IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 011893C1 IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 01185B01 IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0118947D IAT C:\WINDOWS\System32\svchost.exe[824] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 01955B01 IAT C:\WINDOWS\System32\svchost.exe[824] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01955A4D IAT C:\WINDOWS\System32\svchost.exe[824] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 019559E8 IAT C:\WINDOWS\System32\svchost.exe[824] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 019559B6 IAT C:\WINDOWS\System32\svchost.exe[824] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 01955DBA IAT C:\WINDOWS\System32\svchost.exe[824] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 01959448 IAT C:\WINDOWS\System32\svchost.exe[824] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 01956062 IAT C:\WINDOWS\System32\svchost.exe[824] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0195947D IAT C:\WINDOWS\System32\svchost.exe[824] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0195941E IAT C:\WINDOWS\System32\svchost.exe[824] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 019593C1 IAT C:\WINDOWS\System32\svchost.exe[824] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 01956062 IAT C:\WINDOWS\System32\svchost.exe[824] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 01959448 IAT C:\WINDOWS\System32\svchost.exe[824] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 01955DBA IAT C:\WINDOWS\System32\svchost.exe[824] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0195947D IAT C:\WINDOWS\System32\svchost.exe[824] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 01959448 IAT C:\WINDOWS\System32\svchost.exe[824] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01956062 IAT C:\WINDOWS\System32\svchost.exe[824] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0195941E IAT C:\WINDOWS\System32\svchost.exe[824] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 019593C1 IAT C:\WINDOWS\System32\svchost.exe[824] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 01955B01 IAT C:\WINDOWS\System32\svchost.exe[824] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0195947D IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00BD5B01 IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00BD5A4D IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00BD59E8 IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00BD59B6 IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00BD5DBA IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00BD9448 IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00BD6062 IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 00BD947D IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 00BD941E IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 00BD93C1 IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00BD6062 IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00BD9448 IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00BD5DBA IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 00BD947D IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00BD9448 IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00BD6062 IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 00BD941E IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 00BD93C1 IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00BD5B01 IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 00BD947D IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1060] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1060] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1060] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1060] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1060] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1060] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1060] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1060] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1060] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1060] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1060] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1556] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1556] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1556] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1556] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1556] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Bonjour\mDNSResponder.exe[1580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Bonjour\mDNSResponder.exe[1580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\Program Files\Bonjour\mDNSResponder.exe[1580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\Program Files\Bonjour\mDNSResponder.exe[1580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\Program Files\Bonjour\mDNSResponder.exe[1580] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Bonjour\mDNSResponder.exe[1580] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Bonjour\mDNSResponder.exe[1580] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Bonjour\mDNSResponder.exe[1580] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Bonjour\mDNSResponder.exe[1580] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Bonjour\mDNSResponder.exe[1580] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Bonjour\mDNSResponder.exe[1580] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Bonjour\mDNSResponder.exe[1580] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Bonjour\mDNSResponder.exe[1580] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Bonjour\mDNSResponder.exe[1580] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Bonjour\mDNSResponder.exe[1580] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Bonjour\mDNSResponder.exe[1580] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Bonjour\mDNSResponder.exe[1580] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Bonjour\mDNSResponder.exe[1580] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Bonjour\mDNSResponder.exe[1580] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Bonjour\mDNSResponder.exe[1580] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\system32\hphmon03.exe[1608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\WINDOWS\system32\hphmon03.exe[1608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\WINDOWS\system32\hphmon03.exe[1608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\WINDOWS\system32\hphmon03.exe[1608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\WINDOWS\system32\hphmon03.exe[1608] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\system32\hphmon03.exe[1608] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0013941E IAT C:\WINDOWS\system32\hphmon03.exe[1608] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\WINDOWS\system32\hphmon03.exe[1608] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\system32\hphmon03.exe[1608] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\system32\hphmon03.exe[1608] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\WINDOWS\system32\hphmon03.exe[1608] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\system32\hphmon03.exe[1608] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\system32\hphmon03.exe[1608] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\system32\hphmon03.exe[1608] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\WINDOWS\system32\hphmon03.exe[1608] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\WINDOWS\system32\hphmon03.exe[1608] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\WINDOWS\system32\hphmon03.exe[1608] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\WINDOWS\system32\hphmon03.exe[1608] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\system32\hphmon03.exe[1608] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\system32\hphmon03.exe[1608] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\system32\RunDll32.exe[1640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405B01 IAT C:\WINDOWS\system32\RunDll32.exe[1640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405A4D IAT C:\WINDOWS\system32\RunDll32.exe[1640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004059E8 IAT C:\WINDOWS\system32\RunDll32.exe[1640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004059B6 IAT C:\WINDOWS\system32\RunDll32.exe[1640] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405DBA IAT C:\WINDOWS\system32\RunDll32.exe[1640] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00409448 IAT C:\WINDOWS\system32\RunDll32.exe[1640] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00406062 IAT C:\WINDOWS\system32\RunDll32.exe[1640] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0040947D IAT C:\WINDOWS\system32\RunDll32.exe[1640] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0040941E IAT C:\WINDOWS\system32\RunDll32.exe[1640] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 004093C1 IAT C:\WINDOWS\system32\RunDll32.exe[1640] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00406062 IAT C:\WINDOWS\system32\RunDll32.exe[1640] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00409448 IAT C:\WINDOWS\system32\RunDll32.exe[1640] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405DBA IAT C:\WINDOWS\system32\RunDll32.exe[1640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0040947D IAT C:\WINDOWS\system32\RunDll32.exe[1640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00409448 IAT C:\WINDOWS\system32\RunDll32.exe[1640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00406062 IAT C:\WINDOWS\system32\RunDll32.exe[1640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0040941E IAT C:\WINDOWS\system32\RunDll32.exe[1640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 004093C1 IAT C:\WINDOWS\system32\RunDll32.exe[1640] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405B01 IAT C:\WINDOWS\system32\RunDll32.exe[1640] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0040947D IAT C:\Program Files\iPod\bin\iPodService.exe[1652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\iPod\bin\iPodService.exe[1652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\Program Files\iPod\bin\iPodService.exe[1652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\Program Files\iPod\bin\iPodService.exe[1652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\Program Files\iPod\bin\iPodService.exe[1652] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\iPod\bin\iPodService.exe[1652] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\iPod\bin\iPodService.exe[1652] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\iPod\bin\iPodService.exe[1652] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\iPod\bin\iPodService.exe[1652] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\iPod\bin\iPodService.exe[1652] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\iPod\bin\iPodService.exe[1652] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\iPod\bin\iPodService.exe[1652] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\iPod\bin\iPodService.exe[1652] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\iPod\bin\iPodService.exe[1652] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\iPod\bin\iPodService.exe[1652] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\iPod\bin\iPodService.exe[1652] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\iPod\bin\iPodService.exe[1652] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\iPod\bin\iPodService.exe[1652] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\iPod\bin\iPodService.exe[1652] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\iPod\bin\iPodService.exe[1652] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1668] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1668] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1668] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1668] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1668] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1668] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1668] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1668] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1668] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1668] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1668] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1668] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1668] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1668] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1668] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1668] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\VM_STI.EXE[1692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\WINDOWS\VM_STI.EXE[1692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\WINDOWS\VM_STI.EXE[1692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\WINDOWS\VM_STI.EXE[1692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\WINDOWS\VM_STI.EXE[1692] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\WINDOWS\VM_STI.EXE[1692] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\VM_STI.EXE[1692] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\VM_STI.EXE[1692] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\VM_STI.EXE[1692] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0013941E IAT C:\WINDOWS\VM_STI.EXE[1692] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\WINDOWS\VM_STI.EXE[1692] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\VM_STI.EXE[1692] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\VM_STI.EXE[1692] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\WINDOWS\VM_STI.EXE[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\VM_STI.EXE[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\VM_STI.EXE[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\VM_STI.EXE[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\WINDOWS\VM_STI.EXE[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\WINDOWS\VM_STI.EXE[1692] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\VM_STI.EXE[1692] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\WINDOWS\system32\CTsvcCDA.EXE[1700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\WINDOWS\system32\CTsvcCDA.EXE[1700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\WINDOWS\system32\CTsvcCDA.EXE[1700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\WINDOWS\system32\CTsvcCDA.EXE[1700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\WINDOWS\system32\CTsvcCDA.EXE[1700] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\system32\CTsvcCDA.EXE[1700] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0013941E IAT C:\WINDOWS\system32\CTsvcCDA.EXE[1700] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\WINDOWS\system32\CTsvcCDA.EXE[1700] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\system32\CTsvcCDA.EXE[1700] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\system32\CTsvcCDA.EXE[1700] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\WINDOWS\system32\CTsvcCDA.EXE[1700] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\system32\CTsvcCDA.EXE[1700] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\system32\CTsvcCDA.EXE[1700] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\system32\CTsvcCDA.EXE[1700] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\WINDOWS\system32\CTsvcCDA.EXE[1700] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\WINDOWS\system32\CTsvcCDA.EXE[1700] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\system32\CTsvcCDA.EXE[1700] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\WINDOWS\system32\CTsvcCDA.EXE[1700] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\system32\CTsvcCDA.EXE[1700] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\system32\CTsvcCDA.EXE[1700] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00075B01 IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00075A4D IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 000759E8 IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 000759B6 IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1728] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00075B01 IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1728] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0007947D IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1728] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0007941E IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1728] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 000793C1 IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1728] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00076062 IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1728] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00079448 IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1728] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00075DBA IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1728] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0007947D IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1728] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00079448 IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1728] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00076062 IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1728] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0007941E IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1728] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 000793C1 IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1728] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00075DBA IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1728] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00079448 IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1728] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00076062 IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1728] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0007947D IAT C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE[1836] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE[1836] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE[1836] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE[1836] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE[1836] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE[1836] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE[1836] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE[1836] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE[1836] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE[1836] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE[1836] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE[1836] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE[1836] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE[1836] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE[1836] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE[1836] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE[1836] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE[1836] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE[1836] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE[1836] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Java\jre6\bin\jqs.exe[1896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\Program Files\Java\jre6\bin\jqs.exe[1896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1896] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1896] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Java\jre6\bin\jqs.exe[1896] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1896] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1896] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Java\jre6\bin\jqs.exe[1896] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Java\jre6\bin\jqs.exe[1896] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1896] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1896] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1896] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Java\jre6\bin\jqs.exe[1896] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Java\jre6\bin\jqs.exe[1896] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1896] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1896] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Java\jre6\bin\jqs.exe[1896] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1896] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1960] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1960] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0013941E IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1960] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1960] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1960] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1960] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1960] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1960] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1960] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1960] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1960] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1960] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1960] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1960] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1960] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1960] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe[1976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe[1976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe[1976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe[1976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe[1976] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe[1976] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe[1976] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe[1976] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe[1976] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\Explorer.exe [USER32.dll!TranslateMessage] 02366062 IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\Explorer.exe [USER32.dll!BeginPaint] 023693C1 IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\Explorer.exe [USER32.dll!EndPaint] 0236941E IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\Explorer.exe [USER32.dll!DefWindowProcW] 02369448 IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 02365B01 IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 02365A4D IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 023659E8 IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 023659B6 IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 02365DBA IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 02369448 IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 02366062 IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0236947D IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 02369448 IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 02366062 IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0236941E IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 023693C1 IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0236947D IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0236947D IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0236941E IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 023693C1 IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 02366062 IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 02369448 IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 02365DBA IAT C:\WINDOWS\Explorer.exe[1992] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 02365B01 IAT C:\WINDOWS\system32\RUNDLL32.EXE[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405B01 IAT C:\WINDOWS\system32\RUNDLL32.EXE[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405A4D IAT C:\WINDOWS\system32\RUNDLL32.EXE[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004059E8 IAT C:\WINDOWS\system32\RUNDLL32.EXE[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004059B6 IAT C:\WINDOWS\system32\RUNDLL32.EXE[2072] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405DBA IAT C:\WINDOWS\system32\RUNDLL32.EXE[2072] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00409448 IAT C:\WINDOWS\system32\RUNDLL32.EXE[2072] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00406062 IAT C:\WINDOWS\system32\RUNDLL32.EXE[2072] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0040947D IAT C:\WINDOWS\system32\RUNDLL32.EXE[2072] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0040941E IAT C:\WINDOWS\system32\RUNDLL32.EXE[2072] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 004093C1 IAT C:\WINDOWS\system32\RUNDLL32.EXE[2072] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00406062 IAT C:\WINDOWS\system32\RUNDLL32.EXE[2072] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00409448 IAT C:\WINDOWS\system32\RUNDLL32.EXE[2072] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405DBA IAT C:\WINDOWS\system32\RUNDLL32.EXE[2072] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0040947D IAT C:\WINDOWS\system32\RUNDLL32.EXE[2072] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00409448 IAT C:\WINDOWS\system32\RUNDLL32.EXE[2072] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00406062 IAT C:\WINDOWS\system32\RUNDLL32.EXE[2072] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0040941E IAT C:\WINDOWS\system32\RUNDLL32.EXE[2072] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 004093C1 IAT C:\WINDOWS\system32\RUNDLL32.EXE[2072] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405B01 IAT C:\WINDOWS\system32\RUNDLL32.EXE[2072] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0040947D IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2080] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2080] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2080] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2080] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2080] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2080] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0013941E IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2080] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2080] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2080] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2080] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2080] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2080] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2080] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2080] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2080] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2080] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe[2092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe[2092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe[2092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe[2092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe[2092] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe[2092] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe[2092] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe[2092] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe[2092] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe[2092] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe[2092] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe[2092] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe[2092] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe[2092] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe[2092] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe[2092] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe[2092] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe[2092] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe[2092] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe[2092] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\system32\svchost.exe[2132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405B01 IAT C:\WINDOWS\system32\svchost.exe[2132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405A4D IAT C:\WINDOWS\system32\svchost.exe[2132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004059E8 IAT C:\WINDOWS\system32\svchost.exe[2132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004059B6 IAT C:\WINDOWS\system32\svchost.exe[2132] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405DBA IAT C:\WINDOWS\system32\svchost.exe[2132] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00409448 IAT C:\WINDOWS\system32\svchost.exe[2132] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00406062 IAT C:\WINDOWS\system32\svchost.exe[2132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0040947D IAT C:\WINDOWS\system32\svchost.exe[2132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0040941E IAT C:\WINDOWS\system32\svchost.exe[2132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 004093C1 IAT C:\WINDOWS\system32\svchost.exe[2132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00406062 IAT C:\WINDOWS\system32\svchost.exe[2132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00409448 IAT C:\WINDOWS\system32\svchost.exe[2132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405DBA IAT C:\WINDOWS\system32\svchost.exe[2132] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0040947D IAT C:\WINDOWS\system32\svchost.exe[2132] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00409448 IAT C:\WINDOWS\system32\svchost.exe[2132] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00406062 IAT C:\WINDOWS\system32\svchost.exe[2132] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0040941E IAT C:\WINDOWS\system32\svchost.exe[2132] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 004093C1 IAT C:\WINDOWS\system32\svchost.exe[2132] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405B01 IAT C:\WINDOWS\system32\svchost.exe[2132] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0040947D IAT C:\Program Files\IncrediMail\bin\IMApp.exe[2140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\IncrediMail\bin\IMApp.exe[2140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\Program Files\IncrediMail\bin\IMApp.exe[2140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\Program Files\IncrediMail\bin\IMApp.exe[2140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\Program Files\IncrediMail\bin\IMApp.exe[2140] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\IncrediMail\bin\IMApp.exe[2140] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\IncrediMail\bin\IMApp.exe[2140] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\IncrediMail\bin\IMApp.exe[2140] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\IncrediMail\bin\IMApp.exe[2140] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\IncrediMail\bin\IMApp.exe[2140] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\IncrediMail\bin\IMApp.exe[2140] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\IncrediMail\bin\IMApp.exe[2140] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\IncrediMail\bin\IMApp.exe[2140] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\IncrediMail\bin\IMApp.exe[2140] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\IncrediMail\bin\IMApp.exe[2140] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\IncrediMail\bin\IMApp.exe[2140] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\IncrediMail\bin\IMApp.exe[2140] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\IncrediMail\bin\IMApp.exe[2140] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\IncrediMail\bin\IMApp.exe[2140] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\IncrediMail\bin\IMApp.exe[2140] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\ci\quicktime\QTTask.exe[2180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\ci\quicktime\QTTask.exe[2180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\ci\quicktime\QTTask.exe[2180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\ci\quicktime\QTTask.exe[2180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\ci\quicktime\QTTask.exe[2180] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\ci\quicktime\QTTask.exe[2180] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0013941E IAT C:\ci\quicktime\QTTask.exe[2180] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\ci\quicktime\QTTask.exe[2180] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\ci\quicktime\QTTask.exe[2180] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\ci\quicktime\QTTask.exe[2180] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\ci\quicktime\QTTask.exe[2180] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\ci\quicktime\QTTask.exe[2180] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\ci\quicktime\QTTask.exe[2180] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\ci\quicktime\QTTask.exe[2180] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\ci\quicktime\QTTask.exe[2180] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\ci\quicktime\QTTask.exe[2180] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\ci\quicktime\QTTask.exe[2180] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\ci\quicktime\QTTask.exe[2180] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\ci\quicktime\QTTask.exe[2180] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\ci\quicktime\QTTask.exe[2180] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\iTunes\iTunesHelper.exe[2196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\iTunes\iTunesHelper.exe[2196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\Program Files\iTunes\iTunesHelper.exe[2196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\Program Files\iTunes\iTunesHelper.exe[2196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\Program Files\iTunes\iTunesHelper.exe[2196] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\iTunes\iTunesHelper.exe[2196] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\iTunes\iTunesHelper.exe[2196] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\iTunes\iTunesHelper.exe[2196] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\iTunes\iTunesHelper.exe[2196] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\iTunes\iTunesHelper.exe[2196] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\iTunes\iTunesHelper.exe[2196] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\iTunes\iTunesHelper.exe[2196] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\iTunes\iTunesHelper.exe[2196] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\iTunes\iTunesHelper.exe[2196] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\iTunes\iTunesHelper.exe[2196] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\iTunes\iTunesHelper.exe[2196] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\iTunes\iTunesHelper.exe[2196] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\iTunes\iTunesHelper.exe[2196] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\iTunes\iTunesHelper.exe[2196] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\iTunes\iTunesHelper.exe[2196] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\WINDOWS\AutoFlip.exe[2340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\WINDOWS\AutoFlip.exe[2340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\WINDOWS\AutoFlip.exe[2340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\WINDOWS\AutoFlip.exe[2340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\WINDOWS\AutoFlip.exe[2340] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\WINDOWS\AutoFlip.exe[2340] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\AutoFlip.exe[2340] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\AutoFlip.exe[2340] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\AutoFlip.exe[2340] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0013941E IAT C:\WINDOWS\AutoFlip.exe[2340] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\WINDOWS\AutoFlip.exe[2340] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\AutoFlip.exe[2340] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\AutoFlip.exe[2340] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\WINDOWS\AutoFlip.exe[2340] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\AutoFlip.exe[2340] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\AutoFlip.exe[2340] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\AutoFlip.exe[2340] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\WINDOWS\AutoFlip.exe[2340] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\WINDOWS\AutoFlip.exe[2340] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\WINDOWS\AutoFlip.exe[2340] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2356] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2356] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2356] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2356] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2356] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2356] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2356] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2356] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2356] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2356] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2356] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2356] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2356] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2356] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2356] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2356] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Java\jre6\bin\jusched.exe[2404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Java\jre6\bin\jusched.exe[2404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\Program Files\Java\jre6\bin\jusched.exe[2404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\Program Files\Java\jre6\bin\jusched.exe[2404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\Program Files\Java\jre6\bin\jusched.exe[2404] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Java\jre6\bin\jusched.exe[2404] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Java\jre6\bin\jusched.exe[2404] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Java\jre6\bin\jusched.exe[2404] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Java\jre6\bin\jusched.exe[2404] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Java\jre6\bin\jusched.exe[2404] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Java\jre6\bin\jusched.exe[2404] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Java\jre6\bin\jusched.exe[2404] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Java\jre6\bin\jusched.exe[2404] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Java\jre6\bin\jusched.exe[2404] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Java\jre6\bin\jusched.exe[2404] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Java\jre6\bin\jusched.exe[2404] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Java\jre6\bin\jusched.exe[2404] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Java\jre6\bin\jusched.exe[2404] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Java\jre6\bin\jusched.exe[2404] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Java\jre6\bin\jusched.exe[2404] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2444] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2444] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2444] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2444] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2444] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2444] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2444] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2444] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2444] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2444] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00075B01 IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00075A4D IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 000759E8 IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 000759B6 IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2488] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00075B01 IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2488] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0007947D IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2488] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0007941E IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2488] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 000793C1 IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2488] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00076062 IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2488] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00079448 IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2488] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00075DBA IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2488] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0007947D IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2488] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00079448 IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2488] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00076062 IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2488] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0007941E IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2488] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 000793C1 IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2488] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00075DBA IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2488] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00079448 IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2488] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00076062 IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2488] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0007947D IAT C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[2596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[2596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[2596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[2596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[2596] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[2596] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[2596] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[2596] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[2596] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[2596] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[2596] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[2596] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[2596] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[2596] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[2596] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[2596] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[2596] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[2596] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[2596] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE[2596] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\NetMeeting\conf.exe[2624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00075B01 IAT C:\Program Files\NetMeeting\conf.exe[2624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00075A4D IAT C:\Program Files\NetMeeting\conf.exe[2624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 000759E8 IAT C:\Program Files\NetMeeting\conf.exe[2624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 000759B6 IAT C:\Program Files\NetMeeting\conf.exe[2624] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00075B01 IAT C:\Program Files\NetMeeting\conf.exe[2624] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0007947D IAT C:\Program Files\NetMeeting\conf.exe[2624] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00079448 IAT C:\Program Files\NetMeeting\conf.exe[2624] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00076062 IAT C:\Program Files\NetMeeting\conf.exe[2624] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0007941E IAT C:\Program Files\NetMeeting\conf.exe[2624] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 000793C1 IAT C:\Program Files\NetMeeting\conf.exe[2624] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00075DBA IAT C:\Program Files\NetMeeting\conf.exe[2624] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00079448 IAT C:\Program Files\NetMeeting\conf.exe[2624] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00076062 IAT C:\Program Files\NetMeeting\conf.exe[2624] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0007947D IAT C:\Program Files\NetMeeting\conf.exe[2624] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0007941E IAT C:\Program Files\NetMeeting\conf.exe[2624] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 000793C1 IAT C:\Program Files\NetMeeting\conf.exe[2624] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00076062 IAT C:\Program Files\NetMeeting\conf.exe[2624] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00079448 IAT C:\Program Files\NetMeeting\conf.exe[2624] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00075DBA IAT C:\Program Files\NetMeeting\conf.exe[2624] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0007947D IAT C:\WINDOWS\system32\ctfmon.exe[2672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00085B01 IAT C:\WINDOWS\system32\ctfmon.exe[2672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00085A4D IAT C:\WINDOWS\system32\ctfmon.exe[2672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 000859E8 IAT C:\WINDOWS\system32\ctfmon.exe[2672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 000859B6 IAT C:\WINDOWS\system32\ctfmon.exe[2672] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00085DBA IAT C:\WINDOWS\system32\ctfmon.exe[2672] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00089448 IAT C:\WINDOWS\system32\ctfmon.exe[2672] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00086062 IAT C:\WINDOWS\system32\ctfmon.exe[2672] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0008947D IAT C:\WINDOWS\system32\ctfmon.exe[2672] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0008941E IAT C:\WINDOWS\system32\ctfmon.exe[2672] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 000893C1 IAT C:\WINDOWS\system32\ctfmon.exe[2672] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00086062 IAT C:\WINDOWS\system32\ctfmon.exe[2672] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00089448 IAT C:\WINDOWS\system32\ctfmon.exe[2672] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00085DBA IAT C:\WINDOWS\system32\ctfmon.exe[2672] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0008947D IAT C:\WINDOWS\system32\ctfmon.exe[2672] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00089448 IAT C:\WINDOWS\system32\ctfmon.exe[2672] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00086062 IAT C:\WINDOWS\system32\ctfmon.exe[2672] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0008941E IAT C:\WINDOWS\system32\ctfmon.exe[2672] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 000893C1 IAT C:\WINDOWS\system32\ctfmon.exe[2672] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00085B01 IAT C:\WINDOWS\system32\ctfmon.exe[2672] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0008947D IAT C:\Program Files\Skype\Phone\Skype.exe[2904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Skype\Phone\Skype.exe[2904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\Program Files\Skype\Phone\Skype.exe[2904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\Program Files\Skype\Phone\Skype.exe[2904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\Program Files\Skype\Phone\Skype.exe[2904] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Skype\Phone\Skype.exe[2904] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Skype\Phone\Skype.exe[2904] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Skype\Phone\Skype.exe[2904] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Skype\Phone\Skype.exe[2904] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Skype\Phone\Skype.exe[2904] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Skype\Phone\Skype.exe[2904] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Skype\Phone\Skype.exe[2904] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Skype\Phone\Skype.exe[2904] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Skype\Phone\Skype.exe[2904] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Skype\Phone\Skype.exe[2904] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Skype\Phone\Skype.exe[2904] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Skype\Phone\Skype.exe[2904] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Skype\Phone\Skype.exe[2904] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Skype\Phone\Skype.exe[2904] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Skype\Phone\Skype.exe[2904] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\WINDOWS\DESKMENU.EXE[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\WINDOWS\DESKMENU.EXE[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\WINDOWS\DESKMENU.EXE[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\WINDOWS\DESKMENU.EXE[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\WINDOWS\DESKMENU.EXE[3108] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\DESKMENU.EXE[3108] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0013941E IAT C:\WINDOWS\DESKMENU.EXE[3108] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\WINDOWS\DESKMENU.EXE[3108] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\DESKMENU.EXE[3108] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\DESKMENU.EXE[3108] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\WINDOWS\DESKMENU.EXE[3108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\DESKMENU.EXE[3108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\DESKMENU.EXE[3108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\DESKMENU.EXE[3108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\WINDOWS\DESKMENU.EXE[3108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\WINDOWS\DESKMENU.EXE[3108] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\WINDOWS\DESKMENU.EXE[3108] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\WINDOWS\DESKMENU.EXE[3108] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\WINDOWS\DESKMENU.EXE[3108] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\WINDOWS\DESKMENU.EXE[3108] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\WINDOWS\system32\rundll32.exe[3152] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405B01 IAT C:\WINDOWS\system32\rundll32.exe[3152] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405A4D IAT C:\WINDOWS\system32\rundll32.exe[3152] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004059E8 IAT C:\WINDOWS\system32\rundll32.exe[3152] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004059B6 IAT C:\WINDOWS\system32\rundll32.exe[3152] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405DBA IAT C:\WINDOWS\system32\rundll32.exe[3152] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00409448 IAT C:\WINDOWS\system32\rundll32.exe[3152] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00406062 IAT C:\WINDOWS\system32\rundll32.exe[3152] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0040947D IAT C:\WINDOWS\system32\rundll32.exe[3152] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0040941E IAT C:\WINDOWS\system32\rundll32.exe[3152] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 004093C1 IAT C:\WINDOWS\system32\rundll32.exe[3152] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00406062 IAT C:\WINDOWS\system32\rundll32.exe[3152] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00409448 IAT C:\WINDOWS\system32\rundll32.exe[3152] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405DBA IAT C:\WINDOWS\system32\rundll32.exe[3152] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0040947D IAT C:\WINDOWS\system32\rundll32.exe[3152] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00409448 IAT C:\WINDOWS\system32\rundll32.exe[3152] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00406062 IAT C:\WINDOWS\system32\rundll32.exe[3152] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0040941E IAT C:\WINDOWS\system32\rundll32.exe[3152] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 004093C1 IAT C:\WINDOWS\system32\rundll32.exe[3152] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405B01 IAT C:\WINDOWS\system32\rundll32.exe[3152] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0040947D IAT C:\Palm\hotsync.exe[3172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Palm\hotsync.exe[3172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\Palm\hotsync.exe[3172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\Palm\hotsync.exe[3172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\Palm\hotsync.exe[3172] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Palm\hotsync.exe[3172] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Palm\hotsync.exe[3172] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0013941E IAT C:\Palm\hotsync.exe[3172] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Palm\hotsync.exe[3172] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Palm\hotsync.exe[3172] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Palm\hotsync.exe[3172] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Palm\hotsync.exe[3172] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Palm\hotsync.exe[3172] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Palm\hotsync.exe[3172] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Palm\hotsync.exe[3172] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\Palm\hotsync.exe[3172] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Palm\hotsync.exe[3172] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Palm\hotsync.exe[3172] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Palm\hotsync.exe[3172] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Palm\hotsync.exe[3172] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Microsoft Office\Office\OSA.EXE[3204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405B01 IAT C:\Program Files\Microsoft Office\Office\OSA.EXE[3204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405A4D IAT C:\Program Files\Microsoft Office\Office\OSA.EXE[3204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004059E8 IAT C:\Program Files\Microsoft Office\Office\OSA.EXE[3204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004059B6 IAT C:\Program Files\Microsoft Office\Office\OSA.EXE[3204] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405DBA IAT C:\Program Files\Microsoft Office\Office\OSA.EXE[3204] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00409448 IAT C:\Program Files\Microsoft Office\Office\OSA.EXE[3204] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00406062 IAT C:\Program Files\Microsoft Office\Office\OSA.EXE[3204] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0040947D IAT C:\Program Files\Microsoft Office\Office\OSA.EXE[3204] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0040941E IAT C:\Program Files\Microsoft Office\Office\OSA.EXE[3204] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 004093C1 IAT C:\Program Files\Microsoft Office\Office\OSA.EXE[3204] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00406062 IAT C:\Program Files\Microsoft Office\Office\OSA.EXE[3204] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00409448 IAT C:\Program Files\Microsoft Office\Office\OSA.EXE[3204] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405DBA IAT C:\Program Files\Microsoft Office\Office\OSA.EXE[3204] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0040947D IAT C:\Program Files\Microsoft Office\Office\OSA.EXE[3204] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00409448 IAT C:\Program Files\Microsoft Office\Office\OSA.EXE[3204] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00406062 IAT C:\Program Files\Microsoft Office\Office\OSA.EXE[3204] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0040941E IAT C:\Program Files\Microsoft Office\Office\OSA.EXE[3204] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 004093C1 IAT C:\Program Files\Microsoft Office\Office\OSA.EXE[3204] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405B01 IAT C:\Program Files\Microsoft Office\Office\OSA.EXE[3204] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0040947D IAT C:\WINDOWS\System32\alg.exe[3476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405B01 IAT C:\WINDOWS\System32\alg.exe[3476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405A4D IAT C:\WINDOWS\System32\alg.exe[3476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004059E8 IAT C:\WINDOWS\System32\alg.exe[3476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004059B6 IAT C:\WINDOWS\System32\alg.exe[3476] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405DBA IAT C:\WINDOWS\System32\alg.exe[3476] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00409448 IAT C:\WINDOWS\System32\alg.exe[3476] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00406062 IAT C:\WINDOWS\System32\alg.exe[3476] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405B01 IAT C:\WINDOWS\System32\alg.exe[3476] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0040947D IAT C:\WINDOWS\System32\alg.exe[3476] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0040941E IAT C:\WINDOWS\System32\alg.exe[3476] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 004093C1 IAT C:\WINDOWS\System32\alg.exe[3476] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00406062 IAT C:\WINDOWS\System32\alg.exe[3476] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00409448 IAT C:\WINDOWS\System32\alg.exe[3476] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405DBA IAT C:\WINDOWS\System32\alg.exe[3476] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0040947D IAT C:\WINDOWS\System32\alg.exe[3476] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00409448 IAT C:\WINDOWS\System32\alg.exe[3476] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00406062 IAT C:\WINDOWS\System32\alg.exe[3476] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0040941E IAT C:\WINDOWS\System32\alg.exe[3476] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 004093C1 IAT C:\WINDOWS\System32\alg.exe[3476] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0040947D IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4268] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4268] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4268] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4268] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4268] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4268] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4268] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4268] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4268] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4268] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0013941E IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4268] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4268] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4268] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4268] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4268] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[4268] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\9yyjp06x.exe[5288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\9yyjp06x.exe[5288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135A4D IAT C:\9yyjp06x.exe[5288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001359E8 IAT C:\9yyjp06x.exe[5288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001359B6 IAT C:\9yyjp06x.exe[5288] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\9yyjp06x.exe[5288] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0013941E IAT C:\9yyjp06x.exe[5288] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\9yyjp06x.exe[5288] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\9yyjp06x.exe[5288] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\9yyjp06x.exe[5288] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\9yyjp06x.exe[5288] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0013947D IAT C:\9yyjp06x.exe[5288] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\9yyjp06x.exe[5288] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\9yyjp06x.exe[5288] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0013941E IAT C:\9yyjp06x.exe[5288] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 001393C1 IAT C:\9yyjp06x.exe[5288] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135B01 IAT C:\9yyjp06x.exe[5288] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135DBA IAT C:\9yyjp06x.exe[5288] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00139448 IAT C:\9yyjp06x.exe[5288] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00136062 IAT C:\9yyjp06x.exe[5288] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 0013947D ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\SYSTEM32\sdra64.exe File C:\WINDOWS\SYSTEM32\lowsec File C:\WINDOWS\SYSTEM32\lowsec\user.ds File C:\WINDOWS\SYSTEM32\lowsec\local.ds ---- EOF - GMER 1.0.15 ---- Hopefully those came through okay! Thanks, Steve.

piano9playa5 View Member Profile	Oct 31 2009, 06:50 AM Post #7
GeekU Senior Posts: 1,241 OS: XP Home	Hello. Let's begin! Step One I see that you once had Norton installed. This one can be a bugger to remove, and often leave straps behind. Please download and run the Norton Removal Tool, to remove these scraps. Step Two Start OTS again. Copy/Paste the information in the CodeBox below, into the panel where it says "Paste fix here". CODE [Kill Explorer] [Unregister Dlls] [Driver Services - Safe List] YY -> (isapeep) isapeep [Kernel \| On_Demand \| Stopped] -> C:\WINDOWS\SYSTEM32\isapeep.sys [Modules - Safe List] YY -> zemeruwi.dll -> C:\WINDOWS\SYSTEM32\zemeruwi.dll YY -> nawariko.dll -> C:\WINDOWS\SYSTEM32\nawariko.dll [Registry - Safe List] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run YY -> "80856330" -> C:\Documents and Settings\All Users\Application Data\80856330\80856330.exe [C:\Documents and Settings\All Users\Application Data\80856330\80856330.exe] YY -> "juhezuhet" -> C:\WINDOWS\System32\zemeruwi.DLL [Rundll32.exe "c:\windows\system32\zemeruwi.dll",a] < Run [HKEY_USERS\S-1-5-21-507921405-299502267-725345543-1004\] > -> HKEY_USERS\S-1-5-21-507921405-299502267-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run YN -> "wow64main.exe" -> C:\DOCUME~1\user\LOCALS~1\Temp\wow64main.exe [C:\DOCUME~1\user\LOCALS~1\Temp\wow64main.exe] < Internet Explorer Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Extensions\ YN -> CmdMapping\\"{c95fe080-8f5d-11d2-a20b-00aa003c157a}" [HKLM] -> [Reg Error: Key error.] < Internet Explorer Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Extensions\ YN -> CmdMapping\\"{c95fe080-8f5d-11d2-a20b-00aa003c157a}" [HKLM] -> [Reg Error: Key error.] < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs AppInit_DLLs -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls YY -> nawariko.dll -> C:\WINDOWS\System32\nawariko.dll YY -> c:\windows\system32\zemeruwi.dll -> C:\WINDOWS\SYSTEM32\zemeruwi.dll < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell YN -> rundll32.exe -> YY -> dckp.suo -> C:\WINDOWS\System32\dckp.suo YN -> printer -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon UserInit -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit YY -> C:\WINDOWS\system32\sdra64.exe -> C:\WINDOWS\System32\sdra64.exe < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad YY -> "{02f2a4cb-4355-4f32-a7e9-7dc91eba7bce}" [HKLM] -> C:\WINDOWS\SYSTEM32\zemeruwi.dll [gapiloyav] < SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler YY -> "{02f2a4cb-4355-4f32-a7e9-7dc91eba7bce}" [HKLM] -> C:\WINDOWS\SYSTEM32\zemeruwi.dll [tokatiluy] [Files/Folders - Modified Within 30 Days] NY -> wejuwojo -> C:\WINDOWS\System32\wejuwojo NY -> 9yyjp06x.exe -> C:\9yyjp06x.exe NY -> yepitayo.dll -> C:\WINDOWS\System32\yepitayo.dll NY -> dckp.suo -> C:\WINDOWS\System32\dckp.suo [Files - No Company Name] NY -> 9yyjp06x.exe -> C:\9yyjp06x.exe NY -> Security Tool.lnk -> C:\Documents and Settings\user\Desktop\Security Tool.lnk NY -> yepitayo.dll -> C:\WINDOWS\System32\yepitayo.dll NY -> dckp.suo -> C:\WINDOWS\System32\dckp.suo NY -> xtnop.exe -> C:\xtnop.exe NY -> zemeruwi.dll -> C:\WINDOWS\System32\zemeruwi.dll NY -> yuguvine.dll -> C:\WINDOWS\System32\yuguvine.dll NY -> vodayufi.dll -> C:\WINDOWS\System32\vodayufi.dll NY -> toyedofi.dll -> C:\WINDOWS\System32\toyedofi.dll NY -> fajejako.dll -> C:\WINDOWS\System32\fajejako.dll NY -> sihayuso.dll -> C:\WINDOWS\System32\sihayuso.dll NY -> bidubiti.dll -> C:\WINDOWS\System32\bidubiti.dll NY -> lomehane.dll -> C:\WINDOWS\System32\lomehane.dll NY -> yalemera.dll -> C:\WINDOWS\System32\yalemera.dll NY -> nawariko.dll -> C:\WINDOWS\System32\nawariko.dll NY -> kuhirelu.dll -> C:\WINDOWS\System32\kuhirelu.dll NY -> diwuwumo.dll -> C:\WINDOWS\System32\diwuwumo.dll NY -> fenofaki.dll -> C:\WINDOWS\System32\fenofaki.dll NY -> zugeyale.dll -> C:\WINDOWS\System32\zugeyale.dll NY -> napinope.dll -> C:\WINDOWS\System32\napinope.dll NY -> jikiponi.dll -> C:\WINDOWS\System32\jikiponi.dll [File - Lop Check] NY -> C:\Documents and Settings\All Users\Application Data\54701623 -> C:\Documents and Settings\All Users\Application Data\54701623 NY -> C:\Documents and Settings\All Users\Application Data\18730221 -> C:\Documents and Settings\All Users\Application Data\18730221 NY -> C:\Documents and Settings\All Users\Application Data\80856330 -> C:\Documents and Settings\All Users\Application Data\80856330 [Custom Items] :files C:\WINDOWS\SYSTEM32\lowsec :end [Empty Temp Folders] [Start Explorer] [Reboot] Ensure you have pasted everything in, then click the Run Fix button. The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post the contents of the Notepad back here. I will review the information when it comes back in. Step Three Please download Combofix from any of the links below. Download Link #1 Download Link #2 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications. This can generally be accomplished via right click on the System Tray icon. They may otherwise interfere with our tools. A list on how to disable various programs can be found Here. Double click on ComboFix and follow the prompts given. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. Note: Do not mouse-click ComboFix's window while it's running. That may cause it to stall When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply. Logs&Info** Remember to post back the following logs: OTS Fix Results C:\ComboFix.txt

CoffeeBreath View Member Profile	Oct 31 2009, 09:32 AM Post #8
Member Posts: 13 OS: win xp, but mostly linux	Here's what happened: 1. I downloaded and ran the Norton removal tool, but it died with a windows notice: "Symantec Removal Utility has encountered a problem and needs to close. We are sorry for the inconvenience", and gives me the option to tell Microsoft about the problem. Would you like the crash logs it produced (I saved them off elsewhere)? 2. OTS was successful, and had me reboot the system. I noticed that Avast didn't start up, not sure if that's a result of the fix. Here's the log: All Processes Killed No active process named Explorer.EXE was found! [Driver Services - Safe List] Service isapeep stopped successfully! Service isapeep deleted successfully! C:\WINDOWS\SYSTEM32\isapeep.sys moved successfully. [Modules - Safe List] DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\nawariko.dll Releasing module C:\WINDOWS\system32\nawariko.dll C:\WINDOWS\SYSTEM32\nawariko.dll moved successfully. [Registry - Safe List] Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\80856330 deleted successfully. C:\Documents and Settings\All Users\Application Data\80856330\80856330.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\juhezuhet deleted successfully. DllUnregisterServer procedure not found in C:\WINDOWS\System32\zemeruwi.DLL C:\WINDOWS\System32\zemeruwi.DLL moved successfully. Registry value HKEY_USERS\S-1-5-21-507921405-299502267-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wow64main.exe deleted successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ not found. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:nawariko.dll deleted successfully. File C:\WINDOWS\System32\nawariko.dll not found. Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\zemeruwi.dll scheduled to be deleted on reboot. File C:\WINDOWS\SYSTEM32\zemeruwi.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:rundll32.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:dckp.suo deleted successfully. C:\WINDOWS\System32\dckp.suo moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:printer deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\sdra64.exe deleted successfully. File move failed. C:\WINDOWS\System32\sdra64.exe scheduled to be moved on reboot. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\gapiloyav not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02f2a4cb-4355-4f32-a7e9-7dc91eba7bce}\ not found. File C:\WINDOWS\SYSTEM32\zemeruwi.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{02f2a4cb-4355-4f32-a7e9-7dc91eba7bce} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02f2a4cb-4355-4f32-a7e9-7dc91eba7bce}\ not found. File C:\WINDOWS\SYSTEM32\zemeruwi.dll not found. [Files/Folders - Modified Within 30 Days] C:\WINDOWS\System32\wejuwojo moved successfully. C:\9yyjp06x.exe moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\System32\yepitayo.dll C:\WINDOWS\System32\yepitayo.dll moved successfully. File C:\WINDOWS\System32\dckp.suo not found! [Files - No Company Name] File C:\9yyjp06x.exe not found! C:\Documents and Settings\user\Desktop\Security Tool.lnk moved successfully. File C:\WINDOWS\System32\yepitayo.dll not found! File C:\WINDOWS\System32\dckp.suo not found! C:\xtnop.exe moved successfully. File C:\WINDOWS\System32\zemeruwi.dll not found! DllUnregisterServer procedure not found in C:\WINDOWS\System32\yuguvine.dll C:\WINDOWS\System32\yuguvine.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\System32\vodayufi.dll C:\WINDOWS\System32\vodayufi.dll moved successfully. File C:\WINDOWS\System32\toyedofi.dll not found! DllUnregisterServer procedure not found in C:\WINDOWS\System32\fajejako.dll C:\WINDOWS\System32\fajejako.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\System32\sihayuso.dll C:\WINDOWS\System32\sihayuso.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\System32\bidubiti.dll C:\WINDOWS\System32\bidubiti.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\System32\lomehane.dll C:\WINDOWS\System32\lomehane.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\System32\yalemera.dll C:\WINDOWS\System32\yalemera.dll moved successfully. File C:\WINDOWS\System32\nawariko.dll not found! DllUnregisterServer procedure not found in C:\WINDOWS\System32\kuhirelu.dll C:\WINDOWS\System32\kuhirelu.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\System32\diwuwumo.dll C:\WINDOWS\System32\diwuwumo.dll moved successfully. File C:\WINDOWS\System32\fenofaki.dll not found! File C:\WINDOWS\System32\zugeyale.dll not found! File C:\WINDOWS\System32\napinope.dll not found! File C:\WINDOWS\System32\jikiponi.dll not found! [File - Lop Check] C:\Documents and Settings\All Users\Application Data\54701623 folder moved successfully. C:\Documents and Settings\All Users\Application Data\18730221 folder moved successfully. C:\Documents and Settings\All Users\Application Data\80856330 folder moved successfully. [Custom Items] ========== FILES ========== File/Folder C:\WINDOWS\SYSTEM32\lowsec not found. [Empty Temp Folders] User: Default User ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: user C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\DCTZOY4D\desktop.ini deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\DCTZOY4D\kc_ie8_icon[1].bmp deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\DCTZOY4D\lc_kc_paint_brush_20x22[1].bmp deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\DCTZOY4D\spring_ic_butterfly_20x18[1].bmp deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\DCTZOY4D\magentic_sun_ic[1].bmp deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\DCTZOY4D\envalope2_ic_20x18[1].bmp deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\O7C3DDFR\desktop.ini deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\O7C3DDFR\spring_ck_ladybug_20x22[1].bmp deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\O7C3DDFR\icecream_kc_20x22[1].bmp deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\O7C3DDFR\spring_ic_ladybug_20x18[1].bmp deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\O7C3DDFR\lc_ic_paint_brush_20x18[1].bmp deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\O7C3DDFR\3d_magic_text3d_ic_20x18.[1].bmp deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\O7C3DDFR\usagestats[1].htm deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\FVTKH6NU\desktop.ini deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\FVTKH6NU\3d_magic_text3d_kc_20x22.[1].bmp deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\FVTKH6NU\jfp_kc_20x22[1].bmp deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\FVTKH6NU\leaf_kc_20x22[1].bmp deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\FVTKH6NU\icecream_ic_20x18[1].bmp deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\FVTKH6NU\ic_ie8_icon[1].bmp deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\FVTKH6NU\update[1].txt deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\R15PSFFK\desktop.ini deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\R15PSFFK\20x22_free_game_kc[1].bmp deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\R15PSFFK\spring_kc_butterfly_20x22[1].bmp deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\R15PSFFK\magentic_bug_kc[1].bmp deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\R15PSFFK\jfp_ic_20x18[1].bmp deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\R15PSFFK\leaf_ic_20x18[1].bmp deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\R15PSFFK\20x18_free_game_ic[1].bmp deleted successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini deleted successfully. File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\desktop.ini deleted successfully. ->Temporary Internet Files folder emptied: 69990 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes C:\Documents and Settings\user\Application Data\Apple Computer\Safari\FontsList.plist deleted successfully. C:\Documents and Settings\user\Application Data\Apple Computer\Safari\Cache.db deleted successfully. C:\Documents and Settings\user\Application Data\Apple Computer\Safari\WebpageIcons.db deleted successfully. C:\Documents and Settings\user\Application Data\Apple Computer\Safari\SafeBrowsing.db deleted successfully. C:\Documents and Settings\user\Application Data\Apple Computer\Safari\TopSites.plist deleted successfully. C:\Documents and Settings\user\Application Data\Apple Computer\Safari\Bookmarks.plist deleted successfully. C:\Documents and Settings\user\Application Data\Apple Computer\Safari\History.plist deleted successfully. C:\Documents and Settings\user\Application Data\Apple Computer\Safari\LastSession.plist deleted successfully. C:\Documents and Settings\user\Application Data\Apple Computer\Safari\Downloads.plist deleted successfully. C:\Documents and Settings\user\Application Data\Apple Computer\Safari\Webpage Previews\9F81E709EBF2C27F0422C0C85AE027AC.jpeg deleted successfully. C:\Documents and Settings\user\Application Data\Apple Computer\Safari\Webpage Previews\9F81E709EBF2C27F0422C0C85AE027AC.png deleted successfully. C:\Documents and Settings\user\Application Data\Apple Computer\Safari\Webpage Previews\D8D6CDB0E4D091557F24D9D340951BC3.jpeg deleted successfully. C:\Documents and Settings\user\Application Data\Apple Computer\Safari\Webpage Previews\D8D6CDB0E4D091557F24D9D340951BC3.png deleted successfully. C:\Documents and Settings\user\Application Data\Apple Computer\Safari\Cookies\Cookies.plist deleted successfully. C:\Documents and Settings\user\Application Data\Apple Computer\Safari\PubSub\Feeds\98faf8d5aa51181d8bc7cd3a329798a89e67d2b2.xml deleted successfully. C:\Documents and Settings\user\Application Data\Apple Computer\Safari\PubSub\Database\Database.sqlite3 deleted successfully. C:\Documents and Settings\user\Application Data\Apple Computer\Safari\PubSub\Clients.plist deleted successfully. C:\Documents and Settings\user\Application Data\Apple Computer\Safari\History\segments deleted successfully. C:\Documents and Settings\user\Application Data\Apple Computer\Safari\History\_3.cfs deleted successfully. C:\Documents and Settings\user\Application Data\Apple Computer\Safari\History\deletable deleted successfully. ->Apple Safari cache emptied: 14751893 bytes User: NetworkService C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CCR3FIM1\desktop.ini deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O5261VT0\desktop.ini deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\R93TK47W\desktop.ini deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G7NLKJ0D\desktop.ini deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini deleted successfully. File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\desktop.ini deleted successfully. ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OR21L84F\desktop.ini deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROQWCKC4\desktop.ini deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PE9107X0\desktop.ini deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TBF3XY6V\desktop.ini deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\desktop.ini deleted successfully. ->Temporary Internet Files folder emptied: 33170 bytes User: Steve ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4bc.dat scheduled to be deleted on reboot. Windows Temp folder emptied: 16384 bytes File delete failed. C:\WINDOWS\TEMP\_avast4_\Webshlock.txt scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\TEMP\Perflib_Perfdata_4bc.dat scheduled to be deleted on reboot. Session Manager Temp folder emptied: 16384 bytes File delete failed. C:\WINDOWS\TEMP\_avast4_\Webshlock.txt scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\TEMP\Perflib_Perfdata_4bc.dat scheduled to be deleted on reboot. Session Manager Tmp folder emptied: 16384 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 14.25 mb < End of fix log > OTS by OldTimer - Version 3.1.1.4 fix logfile created on 10312009_105554 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\System32\sdra64.exe scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot. File\Folder C:\WINDOWS\temp\Perflib_Perfdata_4bc.dat not found! Registry entries deleted on Reboot... Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\zemeruwi.dll scheduled to be deleted on reboot. 3. Combofix: I downloaded it from the second link you provided. I looked for my Avast task tray icon but didn't find it, so figured it wasn't running and it didn't need to be turned off. When I opened combofix, I got the little progress bar on my screen, and then an OTS window opened up (!). I hadn't tried to run OTS since rebooting. I deleted that copy of combofix, and re-downloaded from the first link in your post. When I run that one, it gives me the progress bar, then all my desktop icons blink once, and then nothing. I don't see any evidence of it in the task manager, and no new report files in my c:\ directory. For the heck of it, I deleted combofix again and did a reboot. This time I saw my Avast tray icon start up normally; I re-downloaded combofix, stopped avast's on-access protection, and ran combofix. It did the same thing -- progress bar, then nothing. At this point I gave the Norton removal tool one more try, and it looks like it has succeeded. After its reboot, I tried combofix again (freshly downloaded), but got the same results. At least I'm not getting the Security Tool garbage showing up any more... :-) Let me know what the next steps are, and thanks for your help so far! Steve.

piano9playa5 View Member Profile	Oct 31 2009, 10:04 AM Post #9
GeekU Senior Posts: 1,241 OS: XP Home	Just to confirm; avast! is properly loading on start-up now? Let's give this a whirl: You must use Internet Explorer to download this! Please download Combofix from any of the links below. You must rename it before saving. Please rename it to Svchost.com before saving it to your desktop. Download Link #1 Download Link #2 ================================== Temporarily disable Anti-Virus\Anti-Malware real-time protection. Double click on Svchost and follow the prompts. Be patient. It could take a while to load\run. When finished, it will produce a report for you. Please post the C:\ComboFix.txt so we can continue cleaning the system.

CoffeeBreath View Member Profile	Oct 31 2009, 01:21 PM Post #10
Member Posts: 13 OS: win xp, but mostly linux	Howdy, Yes, Avast looks to be starting properly on boot now. Unfortunately, I can't use either IE or firefox. I've been using Safari (which I think my nephew installed) to download things. I did the rename-on-save bit for combofix and it was able to start up successfully. It installed the windows recovery console and started its scan. It says it should take 10-20 minutes, but it has been running for about an hour so far (there's only a little disk activity according to the hdd light on the chassis). What's the threshold for "let it keep running" vs. "it's hung, start over"? No, I'm sure I didn't click in its window. :-) Thanks, Steve.

piano9playa5 View Member Profile	Oct 31 2009, 08:28 PM Post #11
GeekU Senior Posts: 1,241 OS: XP Home	Hey. Try it again (delete the copy, and download new renamed), but don't expect anything. In the event it does work, just ignore the following. Download avz4.zip from HERE Unzip it to your desktop to a folder named avz4 Double click on AVZ.exe to run it. Run an update by clicking the Auto Update button on the Right of the Log window: Click Start to begin the update Note: If you recieve an error message, chose a different source, then click Start again Start AVZ. Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box. Click on the �Execute selected scripts�. Automatic scanning, healing and system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip. It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan. All applications will work properly after the system restart. When restarted Start AVZ. Choose from the menu "File" => "Standard scripts " and mark the �Advanced System Analysis" check box. Click on the "Execute selected scripts". A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip. Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post To attach a file, do the following: Click Add Reply Under the reply panel is the Attachments Panel Browse for the attachment file you want to upload, then click the green Upload button Once it has uploaded, click the Manage Current Attachments drop down box Click on to insert the attachment into your post

CoffeeBreath View Member Profile	Nov 1 2009, 01:08 PM Post #12
Member Posts: 13 OS: win xp, but mostly linux	Here we go again! :-) I wasn't able to download avz4.zip directly -- safari kept on telling me it had an unknown error. I wound up transferring it thru another system, and managed to get it loaded and unpacked. When I opened the executable, the window would open up but then disappear after a second; this happenend several times. Borrowing a trick I saw earlier, I renamed the executable to svchost.exe, and then it was able to start and stay open. I chose the Standard Scripts option you specified, and it began its scan. However, after several seconds the program hung hard (end task couldn't end it). I rebooted to get control back. After rebooting, for the heck of it I decided to give mbam another try. This time it installed okay (it did create mbam.exe), but again I saw the "die after 1 second" problem. I renamed that executable to svchost.exe, and was able to get mbam to scan the system. Logs are below. After the reboot, I ran mbam (renamed as svchost.exe) again, and it found a few more things (including itself as svchost.exe!). That log is below as well. Then I went back to try avz again. I renamed the executable back to avz.exe, and saw the same "die after 1 second" issue, so put it back to svchost.exe and did the standard script scan again. This time I turned Avast off before the scan (not sure if it helps, figured it was worth trying). The scan completed successfully; I did the reboot, and the second "advanced system analysis" scan also finished. Those logs are attached here virusinfo_syscure.zip ( 32.12K ) Number of downloads: 7 virusinfo_syscheck.zip ( 32.96K ) Number of downloads: 5 Thanks for the help so far! Steve. Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 11/1/2009 10:15:42 AM mbam-log-2009-11-01 (10-15-42).txt Scan type: Quick Scan Objects scanned: 100623 Time elapsed: 3 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 5 Registry Values Infected: 4 Registry Data Items Infected: 8 Folders Infected: 1 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\WINDOWS\SYSTEM32\wuleketo.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{23d91b93-f885-4fc0-bf6e-00936d54063e} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\juhezuhet (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{23d91b93-f885-4fc0-bf6e-00936d54063e} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vidupojer (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (Hijack.Run) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (Hijack.Run) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (c:\windows\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\SYSTEM32\lowsec (Stolen.data) -> Quarantined and deleted successfully. Files Infected: c:\WINDOWS\SYSTEM32\wuleketo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\SYSTEM32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\golorojo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. Run number 2 Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 11/1/2009 10:41:14 AM mbam-log-2009-11-01 (10-41-14).txt Scan type: Quick Scan Objects scanned: 100643 Time elapsed: 3 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 6 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malwarebytes anti-malware (reboot) (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (Hijack.Run) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (Hijack.Run) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Malwarebytes' Anti-Malware\svchost.exe (Trojan.Agent) -> Delete on reboot.

piano9playa5 View Member Profile	Nov 2 2009, 04:18 PM Post #13
GeekU Senior Posts: 1,241 OS: XP Home	Hello Step One - WARNING! You have been infected by Information Stealing Infections! I have spotted signs of infections (Stolen.data) that may try and steal information from your system, and send it to a remote user. Information such as passwords, card numbers, etc. may be collected. If this computer is ever used for things such as On-line Banking or Transactions, I strongly recommend that you do the following as soon as possible: Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to. It is critical not to change passwords, do online-banking, etc. from the infected machine, as all new information may be sent. Please do not use the infected computer for online banking, transaction, or financial purposes until we give the all clear. Step Two Open AVZ (I believe you renamed to svchost?) Click File > Custom scripts Copy\Paste the contents of the following "Codebox" into the box in the window. (Including\starting with begin and including\finishing with end) CODE begin SearchRootkit(true, true); SetAVZGuardStatus(True); SetAVZPMStatus(True); TerminateProcessByName('c:\documents and settings\user\application data\s85-28348346-uit83-g3-72366-gdsg-1732735\winlogon.exe'); BC_DeleteFile('c:\documents and settings\user\application data\s85-28348346-uit83-g3-72366-gdsg-1732735\winlogon.exe'); DeleteFile('c:\documents and settings\user\application data\s85-28348346-uit83-g3-72366-gdsg-1732735\winlogon.exe'); BC_DeleteFile('C:\Documents and Settings\user\Application Data\S85-28348346-UIT83-G3-72366-GDSG-1732735\winlogon.exe'); DeleteFile('C:\Documents and Settings\user\Application Data\S85-28348346-UIT83-G3-72366-GDSG-1732735\winlogon.exe'); BC_DeleteFile('0.exe'); DeleteFile('0.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\WOW\boot','DisplayFallback'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Windows Login Services'); RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Windows Login Services'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Windows Login Services'); RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Windows Login Services'); BC_DeleteFile('C:\WINDOWS\Installer\3bdd0c60.msi'); DeleteFile('C:\WINDOWS\Installer\3bdd0c60.msi'); BC_DeleteFile('C:\Program Files\Common Files\Windows Live\.cache\5afec7ea1c9c84c\fssclient_x86.msi'); DeleteFile('C:\Program Files\Common Files\Windows Live\.cache\5afec7ea1c9c84c\fssclient_x86.msi'); BC_ImportDeletedList; ExecuteSysClean; BC_Activate; RebootWindows(true); end. Note: When you run the script, your PC will be restarted Click Run* Restart your PC if it doesn't do it automatically. Step Three Please delete any copies of ComboFix from your desktop before proceeding! Please download Combofix from any of the links below. You must rename it before saving. Please rename it to winlogon.exe before saving it to your desktop. Download Link #1 Download Link #2 Refer to the following diagram of Save As... if necessary. ================================== Temporarily disable Anti-Virus\Anti-Malware real-time protection. Double click on winlogon and follow the prompts. Be patient. It could take a while to load\run. When finished, it will produce a report for you. Please post the C:\ComboFix.txt so we can continue cleaning the system.

CoffeeBreath View Member Profile	Nov 4 2009, 09:14 PM Post #14
Member Posts: 13 OS: win xp, but mostly linux	Howdy, Sorry for the delay, Mon and Tues tend to be pretty busy... I ran the avz4 script, and it completed. I had to reboot the system myself; it didn't do so. You didn't ask for the log, but I figured I'd provide it anyways (below). I tried downloading and running combofix (renamed as winlogon) a couple of times, and each time it has hung like earlier (starts scan, says "usually takes 10 minutes could be 20" then nothing). Last time in this situation you had me run avz4 in the "analysis with malware removal enabled" mode, then in the regular "advanced system analysis" mode. I've done so, and attached the new .zip files to this message. Let me know what you'd like me to do next, and many more thanks for your continued support! Steve. virusinfo_syscure.zip ( 32.74K ) Number of downloads: 4 virusinfo_syscheck.zip ( 31.86K ) Number of downloads: 5 1.1 Searching for user-mode API hooks Analysis: kernel32.dll, export table found in section .text Analysis: ntdll.dll, export table found in section .text Analysis: user32.dll, export table found in section .text Analysis: advapi32.dll, export table found in section .text Analysis: ws2_32.dll, export table found in section .text Analysis: wininet.dll, export table found in section .text Analysis: rasapi32.dll, export table found in section .text Analysis: urlmon.dll, export table found in section .text Analysis: netapi32.dll, export table found in section .text 1.2 Searching for kernel-mode API hooks Driver loaded successfully SDT found (RVA=07C020) Kernel ntkrnlpa.exe found in memory at address 804D7000 SDT = 80553020 KiST = 80501B9C (284) Function NtClose (19) intercepted (805B1CC8->B6D766B8), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted >>> Function restored successfully ! >>> Hook code blocked Function NtCreateKey (29) intercepted (8061A332->B6D76574), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted >>> Function restored successfully ! >>> Hook code blocked Function NtDeleteValueKey (41) intercepted (8061A992->B6D76A52), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted >>> Function restored successfully ! >>> Hook code blocked Function NtDuplicateObject (44) intercepted (805B38DC->B6D7614C), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted >>> Function restored successfully ! >>> Hook code blocked Function NtOpenKey (77) intercepted (8061B704->B6D7664E), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted >>> Function restored successfully ! >>> Hook code blocked Function NtOpenProcess (7A) intercepted (805C1324->B6D7608C), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted >>> Function restored successfully ! >>> Hook code blocked Function NtOpenThread (80) intercepted (805C15B0->B6D760F0), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted >>> Function restored successfully ! >>> Hook code blocked Function NtQueryValueKey (B1) intercepted (8061856A->B6D7676E), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted >>> Function restored successfully ! >>> Hook code blocked Function NtRestoreKey (CC) intercepted (8061BCEA->B6D7672E), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted >>> Function restored successfully ! >>> Hook code blocked Function NtSetValueKey (F7) intercepted (806188B8->B6D768AE), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted >>> Function restored successfully ! >>> Hook code blocked Functions checked: 284, intercepted: 10, restored: 10 1.3 Checking IDT and SYSENTER Analyzing CPU 1 CmpCallCallBacks = 00088FF6 Disable callback OK Checking IDT and SYSENTER - complete 1.4 Searching for masking processes and drivers Checking not performed: extended monitoring driver (AVZPM) is not installed Driver loaded successfully 1.5 Checking IRP handlers Checking - complete Delete file:c:\documents and settings\user\application data\s85-28348346-uit83-g3-72366-gdsg-1732735\winlogon.exe Delete file:C:\Documents and Settings\user\Application Data\S85-28348346-UIT83-G3-72366-GDSG-1732735\winlogon.exe >>>To delete the file C:\Documents and Settings\user\Application Data\S85-28348346-UIT83-G3-72366-GDSG-1732735\winlogon.exe reboot is required Delete file:0.exe >>>To delete the file 0.exe reboot is required [malware removal microprogram]> parameter deleted *DisplayFallback of key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot [malware removal microprogram]> parameter deleted Windows Login Services of key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run [malware removal microprogram]> parameter deleted Windows Login Services of key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run [malware removal microprogram]> parameter deleted Windows Login Services of key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run [malware removal microprogram]> parameter deleted Windows Login Services of key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run Delete file:C:\WINDOWS\Installer\3bdd0c60.msi Delete file:C:\Program Files\Common Files\Windows Live\.cache\5afec7ea1c9c84c\fssclient_x86.msi Removing traces of deleted files... [malware removal microprogram]> Autoruns item deleted HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,HPDJ Taskbar Utility,C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [malware removal microprogram]> Autoruns item deleted HKEY_LOCAL_MACHINE,SYSTEM\CurrentControlSet\Services\Eventlog\Application\.NET Runtime 2.0 Error Reporting,EventMessageFile,c:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE [malware removal microprogram]> Autoruns item deleted HKEY_LOCAL_MACHINE,SYSTEM\CurrentControlSet\Services\Eventlog\Application\HotFixInstaller,EventMessageFile,C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE [malware removal microprogram]> Autoruns item deleted HKEY_LOCAL_MACHINE,SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft ® Visual C# 2005 Compiler,EventMessageFile,c:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE [malware removal microprogram]> Autoruns item deleted HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,HPDJ Taskbar Utility,C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [malware removal microprogram]> Autoruns item deleted HKEY_LOCAL_MACHINE,SYSTEM\CurrentControlSet\Services\Eventlog\Application\.NET Runtime 2.0 Error Reporting,EventMessageFile,c:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE [malware removal microprogram]> Autoruns item deleted HKEY_LOCAL_MACHINE,SYSTEM\CurrentControlSet\Services\Eventlog\Application\HotFixInstaller,EventMessageFile,C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE [malware removal microprogram]> Autoruns item deleted HKEY_LOCAL_MACHINE,SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft ® Visual C# 2005 Compiler,EventMessageFile,c:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE

piano9playa5 View Member Profile	Nov 6 2009, 02:35 PM Post #15
GeekU Senior Posts: 1,241 OS: XP Home	Hello. Sorry for the delay. School, midterms, volleyball, jazz band... I have a lot on my plate right now. Let's see what we can reveal! Step One Download RootRepeal from one of the following locations and save it to your desktop: Link 1 Link 2 Link 3 Double click to start the program Click on the Report tab at the bottom of the program window Click the button In the Select Scan dialog, check: Drivers Files Processes SSDT Stealth Objects Hidden Services Shadow SSDT Click the OK button In the next dialog, select all drives showing Click OK to start the scan Note: The scan can take some time. DO NOT* run any other programs while the scan is running* When the scan is complete, click the button and save the report to your Desktop as RootRepeal.txt Go to File, then Exit to close the program If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead. To attach a file, do the following: Click Add Reply Under the reply panel is the Attachments Panel Browse for the attachment file you want to upload, then click the green Upload button Once it has uploaded, click the Manage Current Attachments drop down box Click on to insert the attachment into your post Step Two Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. Under the Custom Scans/Fixes box at the bottom, paste in the following: netsvcs %SYSTEMDRIVE%\.exe %SYSTEMROOT%\.* /s /r %SYSTEMDRIVE%\eventlog.dll /s /md5 %SYSTEMDRIVE%\scecli.dll /s /md5 %SYSTEMDRIVE%\netlogon.dll /s /md5 %SYSTEMDRIVE%\cngaudit.dll /s /md5 %SYSTEMDRIVE%\sceclt.dll /s /md5 %SYSTEMDRIVE%\ntelogon.dll /s /md5 %SYSTEMDRIVE%\logevent.dll /s /md5 %SYSTEMDRIVE%\iaStor.sys /s /md5 %SYSTEMDRIVE%\nvstor.sys /s /md5 %SYSTEMDRIVE%\atapi.sys /s /md5 %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 %SYSTEMDRIVE%\viasraid.sys /s /md5 %SYSTEMDRIVE%\AGP440.sys /s /md5 %SYSTEMDRIVE%\vaxscsi.sys /s /md5 %SYSTEMDRIVE%\comres.dll /s /md5 %SYSTEMDRIVE%\appmgmts.dll /s /md5 Then click the Quick Scan button at the top. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in. Logs&Info Remember to post back the following logs: RootRepeal.txt OTL.txt Extras.txt

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal WinPC Defender - Malwarebytes won't install [Solved] 123	30 / 4,559	10th April 2009 - 02:30 AM eufouria started - last by RatHat
Virus, Spyware and Trojan Removal Virus? Can't install MBAM software	0 / 128	13th October 2009 - 02:31 PM TaxGeek started - last by TaxGeek
Virus, Spyware and Trojan Removal MBAM won't install and/or run, lots of pop ups... [Solved] 12	15 / 209	1st November 2009 - 06:33 PM redundant142 started - last by Rorschach112
Games Game won't install	0 / 75	9th November 2009 - 06:12 AM monkaymagic started - last by monkaymagic