Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need Hijacking Removal Help [Closed]

Started by sfratian , Jul 08 2009 09:16 PM

  • This topic is locked This topic is locked

#1
sfratian
Posted 08 July 2009 - 09:16 PM

sfratian

    New Member

  • Member
  • Pip
  • 8 posts
My browser has somehow been hijacked. Whenever I do a search, no matter what search site, when I click on the links to any of the search results I get diverted to someother site. It is a different site that I am always diverted to. I have run my anti-virus and anti-spyware, after updating, and they have found nothing.

Here is my log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:21 PM, on 7/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DGAgent\DgService.exe
C:\Program Files\DGAgent\dgagent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DGAgent\DGPROMPT.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\WebEx\Productivity Tools\PTIM.exe
C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe
C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe
C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\Program Files\DGAgent\DgScan.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\PROGRA~1\MICROS~2\Office12\PPCNVCOM.EXE
C:\Notes\NLNOTES.EXE
C:\Notes\ntaskldr.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://mycvg.convergys.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Convergys Corporation
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.*.convergys.com;*.*.cbis.com;155.90.*.*;*.*.convergys.com;*.*.cbis.com;155.90.*.*;*.*.convergys.c
om;*.*.cbis.com;155.90.*.*;*.convergys.com;wms
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKCU\..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\PTIM.exe
O4 - HKCU\..\Run: [ptmsgfrm.exe] C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe
O4 - HKCU\..\Run: [PTOneClick] C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe
O4 - HKCU\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://mycvg.convergys.com
O15 - Trusted Zone: *.convergys.com
O15 - Trusted Zone: *.convergys.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1230907996093
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://www.gamehouse...BGamePlayer.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://convergys3.w...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.convergys.com
O17 - HKLM\Software\..\Telephony: DomainName = na.convergys.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.convergys.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = img.convergys.com,cmg.convergys.com,oz.convergys.com,convergys.com,na.convergys.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.convergys.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = img.convergys.com,cmg.convergys.com,oz.convergys.com,convergys.com,na.convergys.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = img.convergys.com,cmg.convergys.com,oz.convergys.com,convergys.com,na.convergys.com
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Usage History Scanning Service (DGScan) - Verdasys, Inc. - C:\Program Files\DGAgent\DgScan.exe
O23 - Service: Usage History Monitor (DGService) - Verdasys, Inc. - C:\Program Files\DGAgent\DgService.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 10468 bytes
  • 0

Advertisements

#2
fenzodahl512
Posted 08 July 2009 - 10:57 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following....



Please download The Comedian.exe by Rorschach112 to your desktop
  • Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished
STOP! if you can't complete this step.. Tell me more about it..




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.




NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
Please rename the random filename or GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.

IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GAMERS result..
  • 0

#3
sfratian
Posted 12 July 2009 - 01:55 PM

sfratian

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Just tried everything you listed, and I still have the issue. Here are all the logs you requested:


Malwarebytes' Anti-Malware 1.38
Database version: 2413
Windows 5.1.2600 Service Pack 2

7/12/2009 3:40:13 PM
mbam-log-2009-07-12 (15-40-13).txt

Scan type: Full Scan (C:\|)
Objects scanned: 154858
Time elapsed: 12 minute(s), 34 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 13
Files Infected: 16

Memory Processes Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWeb) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\documents and settings\sfratian\local settings\Temp\bucksnet.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\Uninstall Fun Web Products.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\Cache\17077A3F.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
  • 0

#4
sfratian
Posted 12 July 2009 - 01:56 PM

sfratian

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of random's system information tool 1.06 (written by random/random)
Run by SFRATIAN at 2009-07-12 15:46:44
Microsoft Windows XP Professional Service Pack 2
System drive C: has 130 GB (85%) free of 153 GB
Total RAM: 2000 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:47 PM, on 7/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DGAgent\DgService.exe
C:\Program Files\DGAgent\dgagent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\LANDesk\Shared Files\rainstall.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\DGAgent\DgScan.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\WebEx\Productivity Tools\PTIM.exe
C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe
C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\sfratian\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\SFRATIAN.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://mycvg.convergys.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Convergys Corporation
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.*.convergys.com;*.*.cbis.com;155.90.*.*;*.*.convergys.com;*.*.cbis.com;155.90.*.*;*.*.convergys.c
om;*.*.cbis.com;155.90.*.*;*.convergys.com;wms
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\PTIM.exe
O4 - HKCU\..\Run: [ptmsgfrm.exe] C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe
O4 - HKCU\..\Run: [PTOneClick] C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://mycvg.convergys.com
O15 - Trusted Zone: *.convergys.com
O15 - Trusted Zone: *.convergys.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1230907996093
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://www.gamehouse...BGamePlayer.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://convergys3.w...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.convergys.com
O17 - HKLM\Software\..\Telephony: DomainName = na.convergys.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.convergys.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = img.convergys.com,cmg.convergys.com,oz.convergys.com,convergys.com,na.convergys.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.convergys.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = img.convergys.com,cmg.convergys.com,oz.convergys.com,convergys.com,na.convergys.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = img.convergys.com,cmg.convergys.com,oz.convergys.com,convergys.com,na.convergys.com
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Usage History Scanning Service (DGScan) - Verdasys, Inc. - C:\Program Files\DGAgent\DgScan.exe
O23 - Service: Usage History Monitor (DGService) - Verdasys, Inc. - C:\Program Files\DGAgent\DgService.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 10245 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2004-08-04 143360]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-09-15 150040]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-09-15 178712]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-09-15 150040]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-21 52840]
"vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe [2007-03-14 125632]
"IntelAPMClient"=C:\Program Files\LANDesk\LDClient\amclient.exe [2006-12-04 323584]
"SDClientMonitor"=C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe [2006-11-01 258048]
"AESTFltr"=C:\WINDOWS\system32\AESTFltr.exe [2008-08-27 471040]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-11-18 483420]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-06-29 520024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PTIM.exe"=C:\Program Files\WebEx\Productivity Tools\PTIM.exe [2009-04-28 210248]
"ptmsgfrm.exe"=C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe [2009-04-28 42312]
"PTOneClick"=C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe [2009-04-28 165192]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

C:\Documents and Settings\sfratian\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-08-25 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2007-03-14 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGAPIMon.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGBUSMon.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DgDmk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DgDmkl.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGDS.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGDSL.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGDT.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGDTL.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dgfiltr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGFSMon.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGKPMail.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGMaster.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dgrec.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGRule.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGUSBMon.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProtectedStorage]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DGAPIMon.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DGBUSMon.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DgDmk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DgDmkl.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DGDS.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DGDSL.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DGDT.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DGDTL.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dgfiltr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DGFSMon.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DGKPMail.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DGMaster.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dgrec.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DGRule.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DGService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DGTDIMon.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DGUSBMon.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProtectedStorage]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=Convergys Corporation
"legalnoticetext"=This computer network contains confidential and proprietary information of
Convergys Corporation, its subsidiaries and its affiliates. No disclosure,
duplication or use of any portion of the network outside of Convergys
Corporation is permitted without the prior express written consent of Convergys
Corporation. Questions concerning the use or disclosure of proprietary
information must be promptly referred through proper channels to the Convergys
Corporation Legal Department.
------------------------------------------------------------------------------------------------------------------------------
Your access to Convergys Corporation systems is granted at the discretion of
Convergys Corporation. That access may be rescinded or denied at any time.
You have no personal expectation of privacy regarding your use of Convergys
Corporation systems. By utilizing Convergys Corporation systems, you expressly
acknowledge and agree that Convergys Corporation may monitor your use and
review the content of material that you access at any time or in accordance with
legal process.
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoMSAppLogo5ChannelNotify"=
"NoToolbarCustomize"=
"NoBandCustomize"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LANDesk\LDClient\AdvanceAgent.exe"="C:\Program Files\LANDesk\LDClient\AdvanceAgent.exe:*:Enabled:LANDesk Advance Agent"
"C:\WINDOWS\system32\msgsys.exe"="C:\WINDOWS\system32\msgsys.exe:*:Enabled:LANDesk Message Service"
"C:\Program Files\LANDesk\LDClient\issuser.exe"="C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:LANDesk Remote Control Agent"
"C:\Program Files\LANDesk\Shared Files\residentagent.exe"="C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk® Management Agent"
"C:\Program Files\LANDesk\LDClient\tmcsvc.exe"="C:\Program Files\LANDesk\LDClient\tmcsvc.exe:*:Enabled:LANDesk Targeted Multicast"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3b33f31-667f-11d9-9186-806d6172696f}]
shell\AutoRun\command - D:\Programs\nu2menu\nu2menu.exe


======List of files/folders created in the last 3 months======

2009-07-12 15:46:44 ----D---- C:\rsit
2009-07-12 15:26:11 ----D---- C:\Documents and Settings\sfratian\Application Data\Malwarebytes
2009-07-12 15:26:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-12 15:26:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-12 15:21:27 ----D---- C:\WINDOWS\ERDNT
2009-07-12 15:20:59 ----D---- C:\Program Files\ERUNT
2009-07-08 23:03:05 ----D---- C:\Program Files\Trend Micro
2009-07-05 10:15:41 ----D---- C:\WINDOWS\Minidump
2009-06-19 06:34:11 ----SHD---- C:\Config.Msi
2009-06-18 08:51:16 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-18 08:51:10 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-18 08:49:59 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-18 08:49:50 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-05-22 11:59:02 ----D---- C:\WINDOWS\DGInstallTempFolder
2009-05-22 11:58:44 ----D---- C:\Documents and Settings\All Users\Application Data\{C1546EE8-A398-459C-B287-8EA84C4A58D3}
2009-05-22 11:58:32 ----D---- C:\Program Files\DGAgent
2009-05-22 00:05:45 ----D---- C:\Documents and Settings\All Users\Application Data\JollyBear
2009-05-02 09:25:49 ----D---- C:\Documents and Settings\sfratian\Application Data\Help
2009-04-28 07:28:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-28 07:26:48 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-04-26 13:15:18 ----D---- C:\Program Files\PokerRoom.com
2009-04-22 08:14:04 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-22 08:13:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-22 08:13:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-22 08:13:46 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-22 08:13:34 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-21 10:04:02 ----A---- C:\WINDOWS\notesnsd.ini
2009-04-19 23:20:16 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-04-19 23:08:14 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-19 23:08:09 ----D---- C:\Program Files\Lavasoft
2009-04-19 23:08:09 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-04-19 22:49:09 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-19 22:32:50 ----A---- C:\WINDOWS\vpc32.INI
2009-04-18 22:32:50 ----D---- C:\WINDOWS\system32\Adobe
2009-04-15 10:15:51 ----A---- C:\WINDOWS\system32\atasnt40.dll
2009-04-13 17:43:50 ----D---- C:\Documents and Settings\sfratian\Application Data\Webex

======List of files/folders modified in the last 3 months======

2009-07-12 15:44:26 ----D---- C:\WINDOWS\Temp
2009-07-12 15:43:39 ----D---- C:\Documents and Settings\All Users\Application Data\vulScan
2009-07-12 15:43:16 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-07-12 15:43:12 ----RD---- C:\Program Files
2009-07-12 15:43:12 ----D---- C:\WINDOWS\system32\drivers
2009-07-12 15:43:12 ----D---- C:\WINDOWS
2009-07-12 15:42:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-12 15:26:11 ----D---- C:\WINDOWS\Prefetch
2009-07-12 12:13:48 ----D---- C:\WINDOWS\system32
2009-07-10 19:42:02 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-08 21:52:33 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-08 17:20:58 ----D---- C:\WINDOWS\security
2009-07-08 15:18:59 ----A---- C:\WINDOWS\win.ini
2009-07-08 15:14:38 ----AD---- C:\Notes
2009-07-07 22:10:57 ----D---- C:\WINDOWS\Registration
2009-07-07 17:45:51 ----AD---- C:\drv
2009-07-06 08:28:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-25 17:15:16 ----AD---- C:\old profile
2009-06-25 17:15:03 ----AD---- C:\I386
2009-06-25 17:14:50 ----AD---- C:\SNAP
2009-06-25 17:14:48 ----AD---- C:\WORD
2009-06-25 17:14:47 ----AD---- C:\ROTT
2009-06-25 17:11:54 ----ASHD---- C:\RECYCLER
2009-06-25 17:09:08 ----AD---- C:\_OTMoveIt
2009-06-25 17:08:58 ----AD---- C:\My WebEx Documents
2009-06-25 17:08:55 ----AD---- C:\temp
2009-06-25 17:08:54 ----AD---- C:\My Downloads
2009-06-25 16:57:04 ----AD---- C:\Documents and Settings
2009-06-19 06:36:38 ----SHD---- C:\WINDOWS\Installer
2009-06-18 08:51:32 ----HD---- C:\WINDOWS\inf
2009-06-18 08:51:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-18 08:51:26 ----D---- C:\Program Files\Internet Explorer
2009-06-18 08:51:13 ----A---- C:\WINDOWS\imsins.BAK
2009-06-18 08:51:09 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-01 09:51:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-14 12:41:33 ----SD---- C:\Documents and Settings\sfratian\Application Data\Microsoft
2009-05-02 09:25:49 ----D---- C:\WINDOWS\Help
2009-04-29 00:52:44 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-04-29 00:52:42 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-04-29 00:52:42 ----A---- C:\WINDOWS\system32\browseui.dll
2009-04-29 00:52:41 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-04-29 00:52:41 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-04-29 00:52:41 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-04-29 00:52:40 ----A---- C:\WINDOWS\system32\wininet.dll
2009-04-29 00:52:40 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-04-29 00:52:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-04-29 00:52:39 ----A---- C:\WINDOWS\system32\mstime.dll
2009-04-29 00:52:38 ----A---- C:\WINDOWS\system32\msrating.dll
2009-04-29 00:52:38 ----A---- C:\WINDOWS\system32\inseng.dll
2009-04-29 00:52:38 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-04-29 00:52:38 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-04-29 00:52:38 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-04-29 00:52:38 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-04-29 00:52:38 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-04-29 00:52:37 ----A---- C:\WINDOWS\system32\danim.dll
2009-04-29 00:52:36 ----A---- C:\WINDOWS\system32\cdfview.dll
2009-04-28 11:01:36 ----D---- C:\WINDOWS\system32\wbem
2009-04-28 11:01:35 ----D---- C:\WINDOWS\AppPatch
2009-04-27 05:18:42 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-04-26 23:13:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-21 08:44:33 ----D---- C:\Program Files\Common Files
2009-04-19 23:12:43 ----SD---- C:\WINDOWS\Tasks
2009-04-19 23:08:05 ----D---- C:\WINDOWS\WinSxS
2009-04-18 22:34:06 ----D---- C:\WINDOWS\system32\Macromed
2009-04-18 22:34:06 ----D---- C:\Documents and Settings\sfratian\Application Data\Macromedia
2009-04-18 22:33:17 ----D---- C:\Documents and Settings\sfratian\Application Data\Adobe
2009-04-16 15:54:27 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-15 11:11:19 ----A---- C:\WINDOWS\system32\rpcrt4.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2000-02-03 24608]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-02-12 196752]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R3 AESTAud;AE Audio Service; C:\WINDOWS\system32\drivers\AESTAud.sys [2008-08-27 112128]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-10-09 1123328]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 cvusbdrv;Broadcom USH CV; C:\WINDOWS\System32\Drivers\cvusbdrv.sys [2008-07-31 32808]
R3 DGAPIMon;DGAPIMon; \??\C:\WINDOWS\System32\Drivers\DGAPIMon.SYS []
R3 DGCOTMAN;DGCOTMAN; \??\C:\WINDOWS\System32\Drivers\DGCOTMAN.sys []
R3 DGFSMon;DGFSMon; \??\C:\WINDOWS\System32\Drivers\DGFSMon.SYS []
R3 DGKPMail;DGKPMail; \??\C:\WINDOWS\System32\Drivers\DGKPMail.sys []
R3 DGRule;DGRule; \??\C:\WINDOWS\System32\Drivers\DGRule.SYS []
R3 DGTDIMon;DGTDIMon; \??\C:\WINDOWS\System32\Drivers\DGTDIMon.SYS []
R3 e1yexpress;Intel® Gigabit Network Connections Driver; C:\WINDOWS\system32\DRIVERS\e1y5132.sys [2008-11-19 244368]
R3 Eacfilt;Eacfilt Miniport; C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2004-06-23 11001]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-08-25 6045504]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service; C:\WINDOWS\system32\drivers\IntcHdmi.sys [2008-07-30 110080]
R3 IPSECSHM;Nortel IPSECSHM Adapter; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-06-23 148688]
R3 ldblank;Screen Blanking driver for Remote Control; C:\WINDOWS\system32\DRIVERS\ldblank.sys [2005-07-01 11904]
R3 ldmirror;ldmirror; C:\WINDOWS\system32\DRIVERS\ldmirror.sys [2005-07-01 3328]
R3 mirrorflt;Mirror Filter Driver for Uninstall; C:\WINDOWS\system32\DRIVERS\mirrorflt.sys [2005-07-01 3712]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090701.004\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090701.004\navex15.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-11-18 1392819]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-02-12 24720]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-13 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 42496]
S2 IPSECEXT;Nortel Extranet Access Protocol; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-06-23 148688]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys []
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-11-29 163328]
S3 DGDmkl;DGDmkl; C:\WINDOWS\System32\Drivers\DgDmkl.sys [2008-12-04 287104]
S3 DGDSL;DGDSL; C:\WINDOWS\System32\Drivers\DgDsl.sys [2008-12-04 167040]
S3 DGDTL;DGDTL; C:\WINDOWS\System32\Drivers\DgDtl.sys [2008-12-04 134784]
S3 DGFILTR;DGFILTR; C:\WINDOWS\System32\Drivers\DgFiltr.sys [2008-12-04 62208]
S3 DGREC;DGREC; C:\WINDOWS\System32\Drivers\DgRec.sys [2008-12-04 34560]
S3 DGUSBMon;DGUSBMon; \??\C:\WINDOWS\System32\Drivers\DGUSBMon.SYS []
S3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2003-03-08 121344]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-04 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-04 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-04 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-04 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-04 22271]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys []
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-02-12 12944]
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-02-12 110736]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-02-12 31888]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20060807.097\symidsco.sys []
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-02-12 28304]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CBA8;LANDesk® Management Agent; C:\Program Files\LANDesk\Shared Files\residentagent.exe [2006-11-21 122880]
R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-11-21 202344]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-11-21 169576]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2000-06-29 52224]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [2007-03-14 31424]
R2 DGService;Usage History Monitor; C:\Program Files\DGAgent\DgService.exe [2008-12-04 212992]
R2 Intel Local Scheduler Service;Intel Local Scheduler Service; C:\Program Files\LANDesk\LDClient\LocalSch.EXE [2006-08-14 86016]
R2 Intel PDS;Intel PDS; C:\WINDOWS\system32\CBA\pds.exe [2006-06-05 32819]
R2 Intel Targeted Multicast;LANDesk Targeted Multicast; C:\Program Files\LANDesk\LDClient\tmcsvc.exe [2006-06-16 114688]
R2 ISSUSER;LANDesk Remote Control Service; C:\PROGRA~1\LANDesk\LDClient\issuser.exe [2006-12-15 353792]
R2 ISSVC;IS Service; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [2007-03-05 87680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-29 1029456]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2007-03-14 116416]
R2 Softmon;LANDesk® Software Monitoring Service; C:\Program Files\LANDesk\LDClient\softmon.exe [2006-11-16 262144]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-01-10 1160792]
R2 STacSV;Audio Service; c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe [2008-11-18 241746]
R2 SymSecurePort;Symantec SecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [2007-03-05 173696]
R3 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-11-21 192104]
R3 DGScan;Usage History Scanning Service; C:\Program Files\DGAgent\DgScan.exe [2008-12-04 290816]
R3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-02-12 214672]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [2007-03-14 1816768]

-----------------EOF-----------------
  • 0

#5
sfratian
Posted 12 July 2009 - 01:57 PM

sfratian

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
info.txt logfile of random's system information tool 1.06 2009-07-12 15:46:49

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{47ECCB1F-2811-49C0-B6A7-26778639ABA0}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Shockwave Player 11.5-->C:\WINDOWS\system32\Adobe\uninstaller.exe
Citrix Presentation Server Client-->MsiExec.exe /I{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Defender Client Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DED689D2-695E-11D4-83D7-00105AA3164A}\Setup.exe" -l0x9 -uninst
Digital Guardian Agent-->"C:\Documents and Settings\All Users\Application Data\{C1546EE8-A398-459C-B287-8EA84C4A58D3}\DGAgentSetup.exe" REMOVE=TRUE MODIFY=FALSE
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\SETUP.exe" -l0x9 -remove -removeonly
IE5 Registration-->MsiExec.exe /I{C1E26EED-CC8B-4371-9CC7-AD8A5814B4B2}
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Java 2 Runtime Environment, SE v1.4.2_06-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
LANDesk Advance Agent-->MsiExec.exe /I{678FA755-3883-4D50-BB79-5067224D7332}
LANDesk Advance Agent-->MsiExec.exe /I{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}
LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Lotus Notes 6.5.3-->MsiExec.exe /I{70D040E8-C756-4B59-A1FC-B758D9A0792D}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Live Meeting 2007-->MsiExec.exe /I{C2DA1CDC-EF9D-4B7C-91F8-710B17AD44A7}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Nortel Networks Contivity VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF964A78-078C-11D1-B7A7-0000C0134CE6}\setup.exe" Uninstall
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Symantec Client Security-->MsiExec.exe /I{D0E46FF4-2775-4BD9-9467-B62B702D470E}
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WebEx Productivity Tools-->MsiExec.exe /I{BD5F604E-0460-4DC9-9007-0E7189FD4760}
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)-->rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\RoundTable_F29D632BDCC1844B9B7688A0A4B4DA9E716B76FF\RoundTable.inf
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: Symantec AntiVirus Corporate Edition
FW: Symantec Client Firewall (disabled)

======System event log======

Computer Name: CIN02SFRA2782
Event Code: 14
Message: The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 240 minutes.

Record Number: 6989
Source Name: W32Time
Time Written: 20090612214733.000000-240
Event Type: warning
User:

Computer Name: CIN02SFRA2782
Event Code: 40961
Message: The Security System could not establish a secured connection with the server DNS/mur-ns.cvgs.net. No authentication protocol was available.

Record Number: 6988
Source Name: LSASRV
Time Written: 20090612210236.000000-240
Event Type: warning
User:

Computer Name: CIN02SFRA2782
Event Code: 40960
Message: The Security System detected an attempted downgrade attack for
server DNS/mur-ns.cvgs.net. The failure code from authentication protocol Kerberos
was "There are currently no logon servers available to service the logon request.
(0xc000005e)".

Record Number: 6987
Source Name: LSASRV
Time Written: 20090612210236.000000-240
Event Type: warning
User:

Computer Name: CIN02SFRA2782
Event Code: 5719
Message: No Domain Controller is available for domain NA due to the following:
There are currently no logon servers available to service the logon request.
.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Record Number: 6986
Source Name: NETLOGON
Time Written: 20090612202554.000000-240
Event Type: error
User:

Computer Name: CIN02SFRA2782
Event Code: 40961
Message: The Security System could not establish a secured connection with the server DNS/mur-ns.cvgs.net. No authentication protocol was available.

Record Number: 6985
Source Name: LSASRV
Time Written: 20090612200235.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: CIN02SFRA2782
Event Code: 1053
Message: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

Record Number: 4414
Source Name: Userenv
Time Written: 20090610190254.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: CIN02SFRA2782
Event Code: 1053
Message: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

Record Number: 4413
Source Name: Userenv
Time Written: 20090610184253.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: CIN02SFRA2782
Event Code: 1053
Message: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

Record Number: 4412
Source Name: Userenv
Time Written: 20090610181833.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: CIN02SFRA2782
Event Code: 1053
Message: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

Record Number: 4411
Source Name: Userenv
Time Written: 20090610173823.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: CIN02SFRA2782
Event Code: 1053
Message: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

Record Number: 4410
Source Name: Userenv
Time Written: 20090610170909.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"LDMS_LOCAL_DIR"=C:\Program Files\LANDesk\LDClient\Data

-----------------EOF-----------------
  • 0

#6
sfratian
Posted 12 July 2009 - 01:58 PM

sfratian

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-12 15:58:05
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code 8A442378 ZwEnumerateKey
Code 897F9718 ZwFlushInstructionCache
Code 8A2EFC2F IoDeleteDevice
Code 8A65358F IoRegisterDeviceInterface
Code 8A650317 IoSetDeviceInterfaceState
Code 897F29BE IofCallDriver
Code 897FB4EE IofCompleteRequest
Code DGMaster.sys (Digital Guardian Agent Master for 2K/XP/Verdasys, Inc.) PsDisableImpersonation
Code DGMaster.sys (Digital Guardian Agent Master for 2K/XP/Verdasys, Inc.) PsImpersonateClient
Code DGMaster.sys (Digital Guardian Agent Master for 2K/XP/Verdasys, Inc.) PsRestoreImpersonation
Code DGMaster.sys (Digital Guardian Agent Master for 2K/XP/Verdasys, Inc.) PsRevertThreadToSelf
Code DGMaster.sys (Digital Guardian Agent Master for 2K/XP/Verdasys, Inc.) PsRevertToSelf

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF0BC 5 Bytes JMP 897F29C3
.text ntkrnlpa.exe!IofCompleteRequest 804EF14C 5 Bytes JMP 897FB4F3
.text ntkrnlpa.exe!IoDeleteDevice 804F1808 5 Bytes JMP 8A2EFC34
PAGE ntkrnlpa.exe!IoSetDeviceInterfaceState 805877E8 5 Bytes JMP 8A65031C
PAGE ntkrnlpa.exe!IoRegisterDeviceInterface 80587924 5 Bytes JMP 8A653594
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B528A 5 Bytes JMP 897F971C
PAGE ntkrnlpa.exe!PsImpersonateClient 805CD9A0 5 Bytes JMP B9EC82AA DGMaster.sys (Digital Guardian Agent Master for 2K/XP/Verdasys, Inc.)
PAGE ntkrnlpa.exe!PsDisableImpersonation 805CDC62 5 Bytes JMP B9EC8372 DGMaster.sys (Digital Guardian Agent Master for 2K/XP/Verdasys, Inc.)
PAGE ntkrnlpa.exe!PsRestoreImpersonation 805CDD3A 5 Bytes JMP B9EC8406 DGMaster.sys (Digital Guardian Agent Master for 2K/XP/Verdasys, Inc.)
PAGE ntkrnlpa.exe!PsRevertToSelf 805CDD6E 5 Bytes JMP B9EC8544 DGMaster.sys (Digital Guardian Agent Master for 2K/XP/Verdasys, Inc.)
PAGE ntkrnlpa.exe!PsRevertThreadToSelf 805CDDFE 5 Bytes JMP B9EC84C0 DGMaster.sys (Digital Guardian Agent Master for 2K/XP/Verdasys, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 8062296E 5 Bytes JMP 8A44237C
PAGE fltmgr.sys!FltLoadFilter + 25E B9E14B92 5 Bytes JMP 89DD07EC
.text NDIS.sys!NdisCompleteBindAdapter B9C8FA44 5 Bytes JMP 8A2ECFCC
PAGENPNP NDIS.sys!NdisRegisterProtocol B9C9617D 5 Bytes JMP 8A2F5D8C
PAGENPNP NDIS.sys!NdisDeregisterProtocol B9CA07FD 5 Bytes JMP 8A2FA2E4
PAGENDSP NDIS.sys!NdisMWanSendComplete + FE2 B9CA624F 5 Bytes JMP 8A49AC14
PAGENDSP NDIS.sys!NdisReset + B7 B9CA6A8F 5 Bytes JMP 8A4A656C
.text tcpip.sys!ARPRcvPacket A7F397FA 5 Bytes JMP 8A49C8B4
.text tcpip.sys!ARPRcv A7F3E2A0 5 Bytes JMP 8A49C7BC
.text tcpip.sys!ARPRcv + AF1 A7F3ED91 5 Bytes JMP 8A43E46C
.text tcpip.sys!ARPRcv + D10 A7F3EFB0 5 Bytes JMP 8A545CC4
.text tcpip.sys!ARPRcv + 3250 A7F414F0 5 Bytes JMP 8A494C14
.text tcpip.sys!IPGetInfo + AAF A7F50C73 5 Bytes JMP 8A49950C
.text tcpip.sys!IPDelayedNdisReEnumerateBindings + 70D A7F5317D 5 Bytes JMP 8A2F0924
.text tcpip.sys!tcpxsum + 11128 A7F671BE 5 Bytes JMP 8A49BA94
.text tcpip.sys!tcpxsum + 11673 A7F67709 5 Bytes JMP 8A49AB1C
.text tcpip.sys!tcpxsum + 11793 A7F67829 5 Bytes JMP 8A497F34
? system32\drivers\yswff.sys The system cannot find the path specified. !
? \DmkServer\??\WINDOWS\System32\ntdll.dll The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 006B000A
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 7804402C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] ADVAPI32.dll!EnumServicesStatusA 77DED89F 5 Bytes JMP 78043BAC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 78043AEC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] ADVAPI32.dll!OpenServiceA 77DEE2AE 5 Bytes JMP 78043F6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] ADVAPI32.dll!EnumServicesStatusExW 77E36863 3 Bytes JMP 78043DEC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] ADVAPI32.dll!EnumServicesStatusExW + 4 77E36867 1 Byte [00]
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] ADVAPI32.dll!EnumServicesStatusExA 77E36AD7 5 Bytes JMP 78043D2C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] ADVAPI32.dll!UnlockServiceDatabase + 73 77E37C04 7 Bytes JMP 78043C6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] USER32.dll!GetWindowRgnBox + 97 7E41FC20 7 Bytes JMP 7801A47C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] USER32.dll!CreateWindowExW + 309 7E41FF2E 7 Bytes JMP 7801A3BC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] GDI32.dll!DeleteDC + 115 77F16F74 7 Bytes JMP 7800D20C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] WININET.dll!InternetLockRequestFile + 25E8 771CE9A4 7 Bytes JMP 7804EECC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 7804920C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 7804892C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] WS2_32.dll!connect 71AB406A 5 Bytes JMP 780487AC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] WS2_32.dll!send 71AB428A 5 Bytes JMP 780489EC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 78048DAC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] WS2_32.dll!WSAEnumNetworkEvents 71AB4617 5 Bytes JMP 78048CEC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 780492CC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] WS2_32.dll!recv 71AB615A 5 Bytes JMP 7804886C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 78048E6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 780486EC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] WS2_32.dll!WSAAsyncSelect 71AC0979 5 Bytes JMP 78048B6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 78048C2C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] WS2_32.dll!WSAAccept 71AC0DA9 5 Bytes JMP 78048AAC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] SHELL32.dll!SHCreateDirectoryExA + 5F21 7CA6FDE9 7 Bytes JMP 7801277C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] SHELL32.dll!SHFileOperationW + 2E3 7CA700D1 7 Bytes JMP 780126BC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\DGAgent\DgService.exe[692] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0097000A
.text C:\WINDOWS\System32\SCardSvr.exe[728] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0064000A
.text C:\WINDOWS\System32\SCardSvr.exe[728] USER32.dll!GetWindowRgnBox + 97 7E41FC20 7 Bytes JMP 7801A47C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] USER32.dll!CreateWindowExW + 309 7E41FF2E 7 Bytes JMP 7801A3BC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] GDI32.dll!DeleteDC + 115 77F16F74 7 Bytes JMP 7800D20C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 7804402C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] ADVAPI32.dll!EnumServicesStatusA 77DED89F 5 Bytes JMP 78043BAC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 78043AEC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] ADVAPI32.dll!OpenServiceA 77DEE2AE 5 Bytes JMP 78043F6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] ADVAPI32.dll!EnumServicesStatusExW 77E36863 3 Bytes JMP 78043DEC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] ADVAPI32.dll!EnumServicesStatusExW + 4 77E36867 1 Byte [00]
.text C:\WINDOWS\System32\SCardSvr.exe[728] ADVAPI32.dll!EnumServicesStatusExA 77E36AD7 5 Bytes JMP 78043D2C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] ADVAPI32.dll!UnlockServiceDatabase + 73 77E37C04 7 Bytes JMP 78043C6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] SHELL32.dll!SHCreateDirectoryExA + 5F21 7CA6FDE9 7 Bytes JMP 7801277C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] SHELL32.dll!SHFileOperationW + 2E3 7CA700D1 7 Bytes JMP 780126BC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] WININET.dll!InternetLockRequestFile + 25E8 771CE9A4 7 Bytes JMP 7804EECC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 7804920C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 7804892C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] WS2_32.dll!connect 71AB406A 5 Bytes JMP 780487AC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] WS2_32.dll!send 71AB428A 5 Bytes JMP 780489EC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 78048DAC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] WS2_32.dll!WSAEnumNetworkEvents 71AB4617 5 Bytes JMP 78048CEC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 780492CC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] WS2_32.dll!recv 71AB615A 5 Bytes JMP 7804886C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 78048E6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 780486EC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] WS2_32.dll!WSAAsyncSelect 71AC0979 5 Bytes JMP 78048B6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 78048C2C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\SCardSvr.exe[728] WS2_32.dll!WSAAccept 71AC0DA9 5 Bytes JMP 78048AAC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 006C000A
.text C:\WINDOWS\system32\crypserv.exe[756] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 7804402C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] ADVAPI32.dll!EnumServicesStatusA 77DED89F 5 Bytes JMP 78043BAC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 78043AEC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] ADVAPI32.dll!OpenServiceA 77DEE2AE 5 Bytes JMP 78043F6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] ADVAPI32.dll!EnumServicesStatusExW 77E36863 3 Bytes JMP 78043DEC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] ADVAPI32.dll!EnumServicesStatusExW + 4 77E36867 1 Byte [00]
.text C:\WINDOWS\system32\crypserv.exe[756] ADVAPI32.dll!EnumServicesStatusExA 77E36AD7 5 Bytes JMP 78043D2C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] ADVAPI32.dll!UnlockServiceDatabase + 73 77E37C04 7 Bytes JMP 78043C6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] SHELL32.dll!SHCreateDirectoryExA + 5F21 7CA6FDE9 7 Bytes JMP 7801277C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] SHELL32.dll!SHFileOperationW + 2E3 7CA700D1 7 Bytes JMP 780126BC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] GDI32.dll!DeleteDC + 115 77F16F74 7 Bytes JMP 7800D20C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] USER32.dll!GetWindowRgnBox + 97 7E41FC20 7 Bytes JMP 7801A47C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] USER32.dll!CreateWindowExW + 309 7E41FF2E 7 Bytes JMP 7801A3BC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] WININET.dll!InternetLockRequestFile + 25E8 771CE9A4 7 Bytes JMP 7804EECC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 7804920C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 7804892C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] WS2_32.dll!connect 71AB406A 5 Bytes JMP 780487AC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] WS2_32.dll!send 71AB428A 5 Bytes JMP 780489EC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 78048DAC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] WS2_32.dll!WSAEnumNetworkEvents 71AB4617 5 Bytes JMP 78048CEC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 780492CC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] WS2_32.dll!recv 71AB615A 5 Bytes JMP 7804886C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 78048E6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 780486EC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] WS2_32.dll!WSAAsyncSelect 71AC0979 5 Bytes JMP 78048B6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 78048C2C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\crypserv.exe[756] WS2_32.dll!WSAAccept 71AC0DA9 5 Bytes JMP 78048AAC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\NOTEPAD.EXE[812] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 008C000A
.text C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe[1056] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0093000A
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1388] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 006A000A
.text C:\Program Files\WebEx\Productivity Tools\ptSrv.exe[1432] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 088F000A
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 7804920C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 7804892C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] WS2_32.dll!connect 71AB406A 5 Bytes JMP 780487AC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] WS2_32.dll!send 71AB428A 5 Bytes JMP 780489EC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 78048DAC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] WS2_32.dll!WSAEnumNetworkEvents 71AB4617 5 Bytes JMP 78048CEC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 780492CC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] WS2_32.dll!recv 71AB615A 5 Bytes JMP 7804886C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 78048E6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 780486EC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] WS2_32.dll!WSAAsyncSelect 71AC0979 5 Bytes JMP 78048B6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 78048C2C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] WS2_32.dll!WSAAccept 71AC0DA9 5 Bytes JMP 78048AAC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 7804402C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] ADVAPI32.dll!EnumServicesStatusA 77DED89F 5 Bytes JMP 78043BAC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 78043AEC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] ADVAPI32.dll!OpenServiceA 77DEE2AE 5 Bytes JMP 78043F6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] ADVAPI32.dll!EnumServicesStatusExW 77E36863 3 Bytes JMP 78043DEC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] ADVAPI32.dll!EnumServicesStatusExW + 4 77E36867 1 Byte [00]
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] ADVAPI32.dll!EnumServicesStatusExA 77E36AD7 5 Bytes JMP 78043D2C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] ADVAPI32.dll!UnlockServiceDatabase + 73 77E37C04 7 Bytes JMP 78043C6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] USER32.dll!GetWindowRgnBox + 97 7E41FC20 7 Bytes JMP 7801A47C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] USER32.dll!CreateWindowExW + 309 7E41FF2E 7 Bytes JMP 7801A3BC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] GDI32.dll!DeleteDC + 115 77F16F74 7 Bytes JMP 7800D20C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] SHELL32.dll!SHCreateDirectoryExA + 5F21 7CA6FDE9 7 Bytes JMP 7801277C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] SHELL32.dll!SHFileOperationW + 2E3 7CA700D1 7 Bytes JMP 780126BC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] WININET.dll!InternetLockRequestFile + 25E8 771CE9A4 7 Bytes JMP 7804EECC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] netapi32.dll!NetShareAdd 5B86FD48 7 Bytes JMP 7803BA2C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] netapi32.dll!NetShareSetInfo 5B8710C4 7 Bytes JMP 7803BA60 C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe[1560] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0071000A
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1612] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 007B000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00B8000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 7804402C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] ADVAPI32.dll!EnumServicesStatusA 77DED89F 5 Bytes JMP 78043BAC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 78043AEC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] ADVAPI32.dll!OpenServiceA 77DEE2AE 5 Bytes JMP 78043F6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] ADVAPI32.dll!EnumServicesStatusExW 77E36863 3 Bytes JMP 78043DEC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] ADVAPI32.dll!EnumServicesStatusExW + 4 77E36867 1 Byte [00]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] ADVAPI32.dll!EnumServicesStatusExA 77E36AD7 5 Bytes JMP 78043D2C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] ADVAPI32.dll!UnlockServiceDatabase + 73 77E37C04 7 Bytes JMP 78043C6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] USER32.dll!GetWindowRgnBox + 97 7E41FC20 7 Bytes JMP 7801A47C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] USER32.dll!CreateWindowExW + 309 7E41FF2E 7 Bytes JMP 7801A3BC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] GDI32.dll!DeleteDC + 115 77F16F74 7 Bytes JMP 7800D20C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] SHELL32.dll!SHCreateDirectoryExA + 5F21 7CA6FDE9 7 Bytes JMP 7801277C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] SHELL32.dll!SHFileOperationW + 2E3 7CA700D1 7 Bytes JMP 780126BC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] WININET.dll!InternetLockRequestFile + 25E8 771CE9A4 7 Bytes JMP 7804EECC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 7804920C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 7804892C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] WS2_32.dll!connect 71AB406A 5 Bytes JMP 780487AC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] WS2_32.dll!send 71AB428A 5 Bytes JMP 780489EC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 78048DAC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] WS2_32.dll!WSAEnumNetworkEvents 71AB4617 5 Bytes JMP 78048CEC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 780492CC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] WS2_32.dll!recv 71AB615A 5 Bytes JMP 7804886C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 78048E6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 780486EC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] WS2_32.dll!WSAAsyncSelect 71AC0979 5 Bytes JMP 78048B6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 78048C2C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] WS2_32.dll!WSAAccept 71AC0DA9 5 Bytes JMP 78048AAC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] NETAPI32.dll!NetShareAdd 5B86FD48 7 Bytes JMP 7803BA2C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] NETAPI32.dll!NetShareSetInfo 5B8710C4 7 Bytes JMP 7803BA60 C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\winlogon.exe[1900] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\services.exe[1944] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0064000A
.text C:\WINDOWS\System32\svchost.exe[2092] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\NOTEPAD.EXE[2224] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 008C000A
.text C:\WINDOWS\System32\svchost.exe[2260] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0065000A
.text ...
.text C:\WINDOWS\System32\locator.exe[2860] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 7804402C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] ADVAPI32.dll!EnumServicesStatusA 77DED89F 5 Bytes JMP 78043BAC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 78043AEC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] ADVAPI32.dll!OpenServiceA 77DEE2AE 5 Bytes JMP 78043F6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] ADVAPI32.dll!EnumServicesStatusExW 77E36863 3 Bytes JMP 78043DEC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] ADVAPI32.dll!EnumServicesStatusExW + 4 77E36867 1 Byte [00]
.text C:\WINDOWS\System32\locator.exe[2860] ADVAPI32.dll!EnumServicesStatusExA 77E36AD7 5 Bytes JMP 78043D2C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] ADVAPI32.dll!UnlockServiceDatabase + 73 77E37C04 7 Bytes JMP 78043C6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] NETAPI32.dll!NetShareAdd 5B86FD48 7 Bytes JMP 7803BA2C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] NETAPI32.dll!NetShareSetInfo 5B8710C4 7 Bytes JMP 7803BA60 C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] USER32.dll!GetWindowRgnBox + 97 7E41FC20 7 Bytes JMP 7801A47C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] USER32.dll!CreateWindowExW + 309 7E41FF2E 7 Bytes JMP 7801A3BC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] GDI32.dll!DeleteDC + 115 77F16F74 7 Bytes JMP 7800D20C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] SHELL32.dll!SHCreateDirectoryExA + 5F21 7CA6FDE9 7 Bytes JMP 7801277C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] SHELL32.dll!SHFileOperationW + 2E3 7CA700D1 7 Bytes JMP 780126BC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] WININET.dll!InternetLockRequestFile + 25E8 771CE9A4 7 Bytes JMP 7804EECC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 7804920C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 7804892C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] WS2_32.dll!connect 71AB406A 5 Bytes JMP 780487AC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] WS2_32.dll!send 71AB428A 5 Bytes JMP 780489EC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 78048DAC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] WS2_32.dll!WSAEnumNetworkEvents 71AB4617 5 Bytes JMP 78048CEC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 780492CC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] WS2_32.dll!recv 71AB615A 5 Bytes JMP 7804886C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 78048E6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 780486EC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] WS2_32.dll!WSAAsyncSelect 71AC0979 5 Bytes JMP 78048B6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 78048C2C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\locator.exe[2860] WS2_32.dll!WSAAccept 71AC0DA9 5 Bytes JMP 78048AAC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\Program Files\LANDesk\LDClient\softmon.exe[2900] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0091000A
.text C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe[2932] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 009B000A
.text C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe[3200] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 003E000A
.text C:\WINDOWS\system32\hkcmd.exe[3296] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0899000A
.text C:\WINDOWS\system32\igfxpers.exe[3304] ntdll.dll!LdrLoadDll 7C915CBB 3 Bytes JMP 0892000A
.text ...
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] ADVAPI32.dll!OpenServiceW 77DE5F05 5 Bytes JMP 7804402C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] ADVAPI32.dll!EnumServicesStatusA 77DED89F 5 Bytes JMP 78043BAC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] ADVAPI32.dll!ControlService 77DEE055 5 Bytes JMP 78043AEC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] ADVAPI32.dll!OpenServiceA 77DEE2AE 5 Bytes JMP 78043F6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] ADVAPI32.dll!EnumServicesStatusExW 77E36863 3 Bytes JMP 78043DEC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] ADVAPI32.dll!EnumServicesStatusExW + 4 77E36867 1 Byte [00]
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] ADVAPI32.dll!EnumServicesStatusExA 77E36AD7 5 Bytes JMP 78043D2C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] ADVAPI32.dll!UnlockServiceDatabase + 73 77E37C04 7 Bytes JMP 78043C6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] GDI32.dll!DeleteDC + 115 77F16F74 7 Bytes JMP 7800D20C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] USER32.dll!GetWindowRgnBox + 97 7E41FC20 7 Bytes JMP 7801A47C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] USER32.dll!CreateWindowExW + 309 7E41FF2E 7 Bytes JMP 7801A3BC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] SHELL32.dll!SHCreateDirectoryExA + 5F21 7CA6FDE9 7 Bytes JMP 7801277C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] SHELL32.dll!SHFileOperationW + 2E3 7CA700D1 7 Bytes JMP 780126BC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] WININET.dll!InternetLockRequestFile + 25E8 771CE9A4 7 Bytes JMP 7804EECC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 7804920C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 7804892C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] WS2_32.dll!connect 71AB406A 5 Bytes JMP 780487AC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] WS2_32.dll!send 71AB428A 5 Bytes JMP 780489EC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 78048DAC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] WS2_32.dll!WSAEnumNetworkEvents 71AB4617 5 Bytes JMP 78048CEC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 780492CC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] WS2_32.dll!recv 71AB615A 5 Bytes JMP 7804886C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 78048E6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 780486EC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] WS2_32.dll!WSAAsyncSelect 71AC0979 5 Bytes JMP 78048B6C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 78048C2C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] WS2_32.dll!WSAAccept 71AC0DA9 5 Bytes JMP 78048AAC C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] NETAPI32.dll!NetShareAdd 5B86FD48 7 Bytes JMP 7803BA2C C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[3368] NETAPI32.dll!NetShareSetInfo 5B8710C4 7 Bytes JMP 7803BA60 C:\WINDOWS\System32\DgApi.dll (DgApiMon Dynamic Link Library/Verdasys, Inc.)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0076000A
.text C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe[3564] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 008F000A
.text C:\Program Files\WebEx\Productivity Tools\PTIM.exe[3568] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0093000A
.text C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe[3588] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0091000A
.text C:\WINDOWS\system32\wuauclt.exe[3592] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 003B000A
.text ...
.text C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe[3628] USER32.dll!GetWindowLongW 7E4188A6 5 Bytes JMP 0033F817 C:\Program Files\WebEx\Productivity Tools\ptSknMgr.dll (WebEx One-Click atsknmgr/WebEx Communications Inc.)
.text C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe[3628] USER32.dll!SetScrollInfo 7E419056 5 Bytes JMP 0033FA2A C:\Program Files\WebEx\Productivity Tools\ptSknMgr.dll (WebEx One-Click atsknmgr/WebEx Communications Inc.)
.text C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe[3628] USER32.dll!GetWindowLongA 7E41945D 5 Bytes JMP 0033F760 C:\Program Files\WebEx\Productivity Tools\ptSknMgr.dll (WebEx One-Click atsknmgr/WebEx Communications Inc.)
.text C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe[3628] USER32.dll!SetWindowLongA 7E41D60D 5 Bytes JMP 0033F57E C:\Program Files\WebEx\Productivity Tools\ptSknMgr.dll (WebEx One-Click atsknmgr/WebEx Communications Inc.)
.text C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe[3628] USER32.dll!SetWindowLongW 7E41D62B 5 Bytes JMP 0033F67C C:\Program Files\WebEx\Productivity Tools\ptSknMgr.dll (WebEx One-Click atsknmgr/WebEx Communications Inc.)
.text C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe[3628] USER32.dll!GetScrollInfo 7E420DA2 5 Bytes JMP 0033F962 C:\Program Files\WebEx\Productivity Tools\ptSknMgr.dll (WebEx One-Click atsknmgr/WebEx Communications Inc.)
.text C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe[3628] USER32.dll!SetScrollPos 7E42F710 5 Bytes JMP 0033FB31 C:\Program Files\WebEx\Productivity Tools\ptSknMgr.dll (WebEx One-Click atsknmgr/WebEx Communications Inc.)
.text C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe[3628] USER32.dll!SetScrollRange 7E42F95B 5 Bytes JMP 0033FC38 C:\Program Files\WebEx\Productivity Tools\ptSknMgr.dll (WebEx One-Click atsknmgr/WebEx Communications Inc.)
.text C:\WINDOWS\system32\AESTFltr.exe[3696] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0098000A
.text C:\Program Files\IDT\WDM\sttray.exe[3704] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 009B000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3728] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 003E000A
.text C:\Program Files\DGAgent\DgScan.exe[3816] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0093000A
.text C:\Documents and Settings\sfratian\Desktop\o0qzvldl.exe[3956] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 089B000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!MoveFileW] 009A036C
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileAttributesExW] 009A04D4
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileAttributesW] 009A048C
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!DeleteFileW] 009A03FC
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 009A02B8
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!CreateDCW] 009A0078
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!DeleteDC] 009A009C
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 009A02B8
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!MoveFileW] 009A036C
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!DeleteFileW] 009A03FC
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 009A02B8
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] 009A03FC
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteDC] 009A009C
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] 009A048C
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] 009A04D4
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DeleteFileW] 009A03FC
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 009A00E4
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetClipboardData] 009A00C0
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DispatchMessageW] 009A0174
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] 009A0468
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetEnvironmentVariableA] 009A0228
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] 009A03D8
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] 009A048C
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetEnvironmentVariableW] 009A024C
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] 009A03FC
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] 009A036C
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] 009A0348
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!StartDocA] 009A0030
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!StartDocW] 009A000C
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!CreateDCA] 009A0054
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!CreateDCW] 009A0078
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteDC] 009A009C
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] 009A0468
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileA] 009A03D8
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] 009A03FC
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] 009A048C
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 009A02DC
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 009A02B8
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!MoveFileA] 009A0348
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!MoveFileW] 009A036C
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesExW] 009A04D4
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DispatchMessageW] 009A0174
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!DeleteFileA] 009A03D8
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!MoveFileA] 009A0348
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!MoveFileExA] 009A0390
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetFileAttributesA] 009A0468
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CopyFileA] 009A02DC
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!DeleteFileA] 009A03D8
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!DeleteFileW] 009A03FC
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesA] 009A0468
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesW] 009A048C
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesExW] 009A04D4
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!CreateDCW] 009A0078
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteDC] 009A009C
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 009A03B4
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 009A02B8
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] 009A0468
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetEnvironmentVariableW] 009A024C
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] 009A036C
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] 009A04D4
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileWithProgressW] 009A0444
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 009A0300
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] 009A03FC
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] 009A048C
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DispatchMessageW] 009A0174
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetClipboardData] 009A00C0
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 009A00E4
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 009A03B4
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetFileAttributesW] 009A048C
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!MoveFileW] 009A036C
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetEnvironmentVariableW] 009A024C
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!DeleteFileW] 009A03FC
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CopyFileW] 009A02B8
IAT c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe[316] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetFileAttributesExW] 009A04D4
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] 008E0468
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetEnvironmentVariableA] 008E0228
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] 008E03D8
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] 008E048C
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetEnvironmentVariableW] 008E024C
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] 008E03FC
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] 008E036C
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] 008E0348
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!CreateDCW] 008E0078
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!DeleteDC] 008E009C
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 008E02B8
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!MoveFileW] 008E036C
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!DeleteFileW] 008E03FC
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 008E02B8
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] 008E03FC
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!MoveFileW] 008E036C
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileAttributesExW] 008E04D4
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileAttributesW] 008E048C
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!DeleteFileW] 008E03FC
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 008E02B8
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteDC] 008E009C
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] 008E048C
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] 008E04D4
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DeleteFileW] 008E03FC
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 008E00E4
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetClipboardData] 008E00C0
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DispatchMessageW] 008E0174
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!CreateDCW] 008E0078
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteDC] 008E009C
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 008E03B4
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 008E02B8
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] 008E0468
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetEnvironmentVariableW] 008E024C
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] 008E036C
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] 008E04D4
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileWithProgressW] 008E0444
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 008E0300
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] 008E03FC
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] 008E048C
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DispatchMessageW] 008E0174
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetClipboardData] 008E00C0
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 008E00E4
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!StartDocA] 008E0030
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!StartDocW] 008E000C
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!CreateDCA] 008E0054
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!CreateDCW] 008E0078
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteDC] 008E009C
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] 008E0468
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileA] 008E03D8
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] 008E03FC
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] 008E048C
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 008E02DC
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 008E02B8
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!MoveFileA] 008E0348
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!MoveFileW] 008E036C
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesExW] 008E04D4
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DispatchMessageW] 008E0174
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 008E03B4
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetFileAttributesW] 008E048C
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!MoveFileW] 008E036C
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetEnvironmentVariableW] 008E024C
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!DeleteFileW] 008E03FC
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CopyFileW] 008E02B8
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetFileAttributesExW] 008E04D4
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!DeleteFileA] 008E03D8
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!MoveFileA] 008E0348
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!MoveFileExA] 008E0390
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetFileAttributesA] 008E0468
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CopyFileA] 008E02DC
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!DeleteFileA] 008E03D8
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!DeleteFileW] 008E03FC
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesA] 008E0468
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesW] 008E048C
IAT C:\WINDOWS\System32\SCardSvr.exe[728] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesExW] 008E04D4
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!MoveFileW] 0077036C
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileAttributesExW] 007704D4
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileAttributesW] 0077048C
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!DeleteFileW] 007703FC
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 007702B8
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!CreateDCW] 00770078
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteDC] 0077009C
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 007703B4
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 007702B8
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] 00770468
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetEnvironmentVariableW] 0077024C
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] 0077036C
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] 007704D4
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileWithProgressW] 00770444
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 00770300
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] 007703FC
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] 0077048C
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DispatchMessageW] 00770174
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetClipboardData] 007700C0
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 007700E4
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 007702B8
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] 007703FC
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!CreateDCW] 00770078
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!DeleteDC] 0077009C
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 007702B8
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!MoveFileW] 0077036C
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!DeleteFileW] 007703FC
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] 00770468
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetEnvironmentVariableA] 00770228
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] 007703D8
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] 0077048C
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetEnvironmentVariableW] 0077024C
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] 007703FC
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] 0077036C
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] 00770348
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!StartDocA] 00770030
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!StartDocW] 0077000C
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!CreateDCA] 00770054
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!CreateDCW] 00770078
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteDC] 0077009C
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] 00770468
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileA] 007703D8
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] 007703FC
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] 0077048C
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 007702DC
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 007702B8
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!MoveFileA] 00770348
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!MoveFileW] 0077036C
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesExW] 007704D4
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DispatchMessageW] 00770174
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!DeleteFileA] 007703D8
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!MoveFileA] 00770348
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!MoveFileExA] 00770390
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetFileAttributesA] 00770468
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CopyFileA] 007702DC
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!DeleteFileA] 007703D8
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!DeleteFileW] 007703FC
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesA] 00770468
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesW] 0077048C
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesExW] 007704D4
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteDC] 0077009C
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] 0077048C
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] 007704D4
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DeleteFileW] 007703FC
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 007700E4
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetClipboardData] 007700C0
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DispatchMessageW] 00770174
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 007703B4
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetFileAttributesW] 0077048C
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!MoveFileW] 0077036C
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetEnvironmentVariableW] 0077024C
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!DeleteFileW] 007703FC
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CopyFileW] 007702B8
IAT C:\WINDOWS\system32\crypserv.exe[756] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetFileAttributesExW] 007704D4
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] 01220468
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetEnvironmentVariableA] 01220228
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] 012203D8
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] 0122048C
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetEnvironmentVariableW] 0122024C
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] 012203FC
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] 0122036C
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] 01220348
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!MoveFileW] 0122036C
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileAttributesExW] 012204D4
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileAttributesW] 0122048C
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!DeleteFileW] 012203FC
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 012202B8
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!CreateDCW] 01220078
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!DeleteDC] 0122009C
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 012202B8
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!MoveFileW] 0122036C
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!DeleteFileW] 012203FC
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 012202B8
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] 012203FC
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteDC] 0122009C
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] 0122048C
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] 012204D4
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DeleteFileW] 012203FC
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 012200E4
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetClipboardData] 012200C0
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DispatchMessageW] 01220174
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!StartDocA] 01220030
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!StartDocW] 0122000C
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!CreateDCA] 01220054
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!CreateDCW] 01220078
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteDC] 0122009C
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] 01220468
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileA] 012203D8
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] 012203FC
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] 0122048C
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 012202DC
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 012202B8
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!MoveFileA] 01220348
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!MoveFileW] 0122036C
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesExW] 012204D4
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DispatchMessageW] 01220174
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!CreateDCW] 01220078
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteDC] 0122009C
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 012203B4
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 012202B8
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] 01220468
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetEnvironmentVariableW] 0122024C
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] 0122036C
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] 012204D4
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileWithProgressW] 01220444
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 01220300
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] 012203FC
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] 0122048C
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DispatchMessageW] 01220174
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetClipboardData] 012200C0
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 012200E4
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!DeleteFileA] 012203D8
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!MoveFileA] 01220348
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!MoveFileExA] 01220390
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetFileAttributesA] 01220468
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CopyFileA] 012202DC
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!DeleteFileA] 012203D8
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!DeleteFileW] 012203FC
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesA] 01220468
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesW] 0122048C
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesExW] 012204D4
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!MoveFileExW] 012203B4
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetFileAttributesW] 0122048C
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!MoveFileW] 0122036C
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetEnvironmentVariableW] 0122024C
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!DeleteFileW] 012203FC
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CopyFileW] 012202B8
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetFileAttributesExW] 012204D4
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!GetFileAttributesW] 0122048C
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!DeleteFileW] 012203FC
IAT C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1548] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!MoveFileW] 0122036C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!MoveFileW] 094703FC
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileAttributesExW] 09470564
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileAttributesW] 0947051C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!DeleteFileW] 0947048C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 09470348
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!CreateDCW] 09470078
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!DeleteDC] 0947009C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 09470348
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!MoveFileW] 094703FC
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!DeleteFileW] 0947048C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 09470348
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] 0947048C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!CreateDCW] 09470078
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteDC] 0947009C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 09470444
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 09470348
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] 094704F8
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetEnvironmentVariableW] 094702DC
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] 094703FC
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] 09470564
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileWithProgressW] 094704D4
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 09470390
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] 0947048C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] 0947051C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DispatchMessageW] 09470174
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetClipboardData] 094700C0
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 094700E4
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] 094704F8
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetEnvironmentVariableA] 094702B8
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] 09470468
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] 0947051C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetEnvironmentVariableW] 094702DC
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] 0947048C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] 094703FC
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] 094703D8
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!StartDocA] 09470030
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!StartDocW] 0947000C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!CreateDCA] 09470054
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!CreateDCW] 09470078
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteDC] 0947009C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] 094704F8
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileA] 09470468
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] 0947048C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] 0947051C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 0947036C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 09470348
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!MoveFileA] 094703D8
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!MoveFileW] 094703FC
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesExW] 09470564
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DispatchMessageW] 09470174
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!DeleteFileA] 09470468
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!DeleteFileW] 0947048C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesA] 094704F8
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesW] 0947051C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesExW] 09470564
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteDC] 0947009C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] 0947051C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] 09470564
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DeleteFileW] 0947048C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 094700E4
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetClipboardData] 094700C0
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DispatchMessageW] 09470174
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!DeleteFileA] 09470468
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!MoveFileA] 094703D8
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!MoveFileExA] 09470420
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetFileAttributesA] 094704F8
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CopyFileA] 0947036C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 09470444
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetFileAttributesW] 0947051C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!MoveFileW] 094703FC
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetEnvironmentVariableW] 094702DC
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!DeleteFileW] 0947048C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CopyFileW] 09470348
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetFileAttributesExW] 09470564
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetFileAttributesW] 0947051C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!DeleteFileW] 0947048C
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1800] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!MoveFileW] 094703FC
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] 00860468
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetEnvironmentVariableA] 00860228
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] 008603D8
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] 0086048C
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetEnvironmentVariableW] 0086024C
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] 008603FC
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] 0086036C
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] 00860348
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!MoveFileW] 0086036C
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileAttributesExW] 008604D4
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileAttributesW] 0086048C
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!DeleteFileW] 008603FC
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 008602B8
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetFileAttributesW] 0086048C
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!DeleteFileW] 008603FC
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!MoveFileW] 0086036C
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!CreateDCW] 00860078
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!DeleteDC] 0086009C
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 008602B8
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!MoveFileW] 0086036C
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!DeleteFileW] 008603FC
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 008602B8
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] 008603FC
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteDC] 0086009C
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] 0086048C
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] 008604D4
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DeleteFileW] 008603FC
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 008600E4
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetClipboardData] 008600C0
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DispatchMessageW] 00860174
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!CreateDCW] 00860078
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteDC] 0086009C
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 008603B4
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 008602B8
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] 00860468
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetEnvironmentVariableW] 0086024C
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] 0086036C
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] 008604D4
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileWithProgressW] 00860444
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 00860300
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] 008603FC
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] 0086048C
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DispatchMessageW] 00860174
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetClipboardData] 008600C0
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 008600E4
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!StartDocA] 00860030
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!StartDocW] 0086000C
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!CreateDCA] 00860054
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!CreateDCW] 00860078
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteDC] 0086009C
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] 00860468
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileA] 008603D8
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] 008603FC
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] 0086048C
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 008602DC
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 008602B8
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!MoveFileA] 00860348
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!MoveFileW] 0086036C
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesExW] 008604D4
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DispatchMessageW] 00860174
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 008603B4
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetFileAttributesW] 0086048C
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!MoveFileW] 0086036C
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetEnvironmentVariableW] 0086024C
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!DeleteFileW] 008603FC
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CopyFileW] 008602B8
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetFileAttributesExW] 008604D4
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!DeleteFileA] 008603D8
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!MoveFileA] 00860348
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!MoveFileExA] 00860390
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetFileAttributesA] 00860468
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CopyFileA] 008602DC
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!DeleteFileA] 008603D8
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!DeleteFileW] 008603FC
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesA] 00860468
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesW] 0086048C
IAT C:\WINDOWS\System32\locator.exe[2860] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesExW] 008604D4
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] 00F80468
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetEnvironmentVariableA] 00F80228
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] 00F803D8
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] 00F8048C
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetEnvironmentVariableW] 00F8024C
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] 00F803FC
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] 00F8036C
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] 00F80348
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!MoveFileW] 00F8036C
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileAttributesExW] 00F804D4
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileAttributesW] 00F8048C
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!DeleteFileW] 00F803FC
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 00F802B8
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 00F802B8
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] 00F803FC
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!CreateDCW] 00F80078
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!DeleteDC] 00F8009C
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 00F802B8
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!MoveFileW] 00F8036C
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!DeleteFileW] 00F803FC
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteDC] 00F8009C
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] 00F8048C
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] 00F804D4
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DeleteFileW] 00F803FC
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00F800E4
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetClipboardData] 00F800C0
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DispatchMessageW] 00F80174
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!CreateDCW] 00F80078
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteDC] 00F8009C
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00F803B4
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 00F802B8
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] 00F80468
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetEnvironmentVariableW] 00F8024C
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] 00F8036C
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] 00F804D4
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileWithProgressW] 00F80444
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 00F80300
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] 00F803FC
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] 00F8048C
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DispatchMessageW] 00F80174
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetClipboardData] 00F800C0
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00F800E4
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!StartDocA] 00F80030
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!StartDocW] 00F8000C
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!CreateDCA] 00F80054
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!CreateDCW] 00F80078
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteDC] 00F8009C
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] 00F80468
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileA] 00F803D8
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] 00F803FC
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] 00F8048C
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 00F802DC
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 00F802B8
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!MoveFileA] 00F80348
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!MoveFileW] 00F8036C
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesExW] 00F804D4
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DispatchMessageW] 00F80174
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00F803B4
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetFileAttributesW] 00F8048C
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!MoveFileW] 00F8036C
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetEnvironmentVariableW] 00F8024C
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!DeleteFileW] 00F803FC
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CopyFileW] 00F802B8
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetFileAttributesExW] 00F804D4
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!DeleteFileA] 00F803D8
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!MoveFileA] 00F80348
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!MoveFileExA] 00F80390
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetFileAttributesA] 00F80468
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CopyFileA] 00F802DC
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!DeleteFileA] 00F803D8
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!DeleteFileW] 00F803FC
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesA] 00F80468
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesW] 00F8048C
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesExW] 00F804D4
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetFileAttributesW] 00F8048C
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!DeleteFileW] 00F803FC
IAT C:\WINDOWS\System32\wbem\unsecapp.exe[3368] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!MoveFileW] 00F8036C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs DGFSMon.SYS (Digital Guardian Agent File System Filter for 2K/XP/Verdasys, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \Driver\Tcpip \Device\Ip Code 8A43E468
Device \Driver\Tcpip \Device\Ip Code 8A545CC0

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)

Device \FileSystem\Lbd \Device\Lbd Code 8A338BA0
Device \FileSystem\Lbd \Device\Lbd Code 893D61C8
Device \FileSystem\Lbd \Device\Lbd Code 8A2FF968
Device \Driver\Tcpip \Device\Tcp Code 8A43E468
Device \Driver\Tcpip \Device\Tcp Code 8A545CC0

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Ftdisk \Device\HarddiskVolume1 DGBusMon.SYS (Digital Guardian Agent Bus Filter for 2K/XP/Verdasys, Inc.)
Device \Driver\Tcpip \Device\Udp Code 8A43E468
Device \Driver\Tcpip \Device\Udp Code 8A545CC0

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\RawIp Code 8A43E468
Device \Driver\Tcpip \Device\RawIp Code 8A545CC0

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\SYMTDI \Device\SymTDI Code 8A4BCDF8
Device \Driver\Tcpip \Device\IPMULTICAST Code 8A43E468
Device \Driver\Tcpip \Device\IPMULTICAST Code 8A545CC0
Device \Driver\Ftdisk \Device\FtControl DGBusMon.SYS (Digital Guardian Agent Bus Filter for 2K/XP/Verdasys, Inc.)

---- EOF - GMER 1.0.15 ----
  • 0

#7
fenzodahl512
Posted 12 July 2009 - 03:17 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.
Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..
  • 0

#8
sfratian
Posted 12 July 2009 - 04:45 PM

sfratian

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Seems to be fixed now, thanks

ComboFix 09-07-12.01 - SFRATIAN 07/12/2009 18:26.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2000.1526 [GMT -4:00]
Running from: c:\documents and settings\sfratian\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *disabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-1047532320-1803602521-3475507049-500
c:\recycler\S-1-5-21-1173567601-3189076136-2429062594-500
c:\recycler\S-1-5-21-1343024091-920026266-1708537768-1003
c:\recycler\S-1-5-21-144134544-2773917784-942327672-500
c:\recycler\S-1-5-21-1640420806-2255033184-340925868-500
c:\recycler\S-1-5-21-1709678644-2498472479-3300983881-500
c:\recycler\S-1-5-21-1862556660-4014549461-1423695893-500
c:\recycler\S-1-5-21-2151095828-4276736086-1446918067-500
c:\recycler\S-1-5-21-2408637986-3676211530-1275314624-500
c:\recycler\S-1-5-21-247229998-4125729038-3290907784-500
c:\recycler\S-1-5-21-2484363612-2337006901-1645355929-500
c:\recycler\S-1-5-21-2492778607-77696617-4034382057-500
c:\recycler\S-1-5-21-2743500355-4048574507-1854606710-500
c:\recycler\S-1-5-21-2846328538-1719086017-3738189747-500
c:\recycler\S-1-5-21-3105531810-2124830766-2087855637-500
c:\recycler\S-1-5-21-3131184738-2703550487-176284893-500
c:\recycler\S-1-5-21-3349571949-729027993-2724918661-500
c:\recycler\S-1-5-21-3378358662-592161605-1328078631-500
c:\recycler\S-1-5-21-3427328553-2323516562-3899912785-500
c:\recycler\S-1-5-21-3521298621-644244665-3309812891-500
c:\recycler\S-1-5-21-3603168189-1934178952-3559926047-500
c:\recycler\S-1-5-21-3844616200-3524276787-420604860-500
c:\recycler\S-1-5-21-3853299344-1696461873-343515072-500
c:\recycler\S-1-5-21-3870703291-912754136-1138329098-500
c:\recycler\S-1-5-21-3892889455-3699363918-2259394370-500
c:\recycler\S-1-5-21-3903780399-2630379904-1442914914-500
c:\recycler\S-1-5-21-3924146356-1005318136-2229829565-500
c:\recycler\S-1-5-21-3971502809-3283066428-2318789578-500
c:\recycler\S-1-5-21-4100265361-2938225829-2867136269-500
c:\recycler\S-1-5-21-4117009021-3973331601-2870699074-500
c:\recycler\S-1-5-21-4138524597-45147303-2554717072-1003
c:\recycler\S-1-5-21-4138524597-45147303-2554717072-500
c:\recycler\S-1-5-21-548863588-420992912-3538139870-500
c:\recycler\S-1-5-21-726769483-2009755280-2052215716-500
c:\recycler\S-1-5-21-831142950-3331414404-242623587-500
c:\recycler\S-1-5-21-852939637-402426186-454208632-500
c:\recycler\S-1-5-21-979108748-1210766989-2837108512-500
c:\windows\system32\drivers\hjgruiytjplamu.sys
c:\windows\system32\hjgruidctilcnc.dat
c:\windows\system32\hjgruihwuuowoc.dll
c:\windows\system32\hjgruipaiohjiv.dll
c:\windows\system32\hjgruipeddaqrh.dat
c:\windows\system32\iAlmcoin.dll

----- BITS: Possible infected sites -----

hxxp://cdcsusv02.na.convergys.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruixysxipyk


((((((((((((((((((((((((( Files Created from 2009-06-12 to 2009-07-12 )))))))))))))))))))))))))))))))
.

2009-07-12 19:20 . 2009-07-12 19:21 -------- d-----w- c:\program files\ERUNT
2009-07-09 03:03 . 2009-07-09 03:03 -------- d-----w- c:\program files\Trend Micro
2009-07-08 20:21 . 2009-02-12 23:04 876144 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d9603.vdb\NAVEX15.SYS
2009-07-08 20:21 . 2009-02-12 23:04 89104 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d9603.vdb\NAVENG.SYS
2009-07-08 20:21 . 2009-02-12 23:03 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d9603.vdb\NAVEX32A.DLL
2009-07-08 20:21 . 2009-02-12 23:03 177520 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d9603.vdb\NAVENG32.DLL
2009-07-08 20:21 . 2009-06-11 08:00 259368 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d9603.vdb\ECMSVR32.DLL
2009-07-08 20:21 . 2009-02-18 19:41 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d9603.vdb\CCERASER.DLL
2009-07-08 20:21 . 2009-02-06 19:26 101936 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d9603.vdb\ERASER.SYS
2009-07-08 20:21 . 2009-02-06 19:26 371248 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d9603.vdb\EECTRL.SYS
2009-07-08 20:20 . 2009-07-01 08:00 259368 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2dc204.vdb\ECMSVR32.DLL
2009-07-08 20:20 . 2009-02-18 19:41 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2dc204.vdb\CCERASER.DLL
2009-07-08 20:20 . 2009-02-12 23:04 876144 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2dc204.vdb\NAVEX15.SYS
2009-07-08 20:20 . 2009-02-12 23:04 89104 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2dc204.vdb\NAVENG.SYS
2009-07-08 20:20 . 2009-02-12 23:03 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2dc204.vdb\NAVEX32A.DLL
2009-07-08 20:20 . 2009-02-12 23:03 177520 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2dc204.vdb\NAVENG32.DLL
2009-07-08 20:20 . 2009-02-06 19:26 101936 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2dc204.vdb\ERASER.SYS
2009-07-08 20:20 . 2009-02-06 19:26 371248 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2dc204.vdb\EECTRL.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 22:36 . 2009-05-22 15:58 -------- d-----w- c:\program files\DGAgent
2009-07-12 22:21 . 2009-03-02 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\vulScan
2009-07-12 22:21 . 2005-02-01 12:39 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-12 22:19 . 2009-03-02 18:21 40 ----a-w- c:\windows\system32\profile.dat
2009-07-12 19:26 . 2009-07-12 19:26 -------- d-----w- c:\documents and settings\sfratian\Application Data\Malwarebytes
2009-07-12 19:26 . 2009-07-12 19:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-12 19:26 . 2009-07-12 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-11 20:23 . 2009-04-26 17:15 -------- d-----w- c:\program files\PokerRoom.com
2009-07-08 21:17 . 2009-06-23 03:12 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-08 21:17 . 2009-06-23 03:12 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-08 21:17 . 2009-06-23 03:12 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-30 03:17 . 2009-06-23 03:12 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-30 03:17 . 2009-06-23 03:12 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-30 03:17 . 2009-06-23 03:12 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-30 03:17 . 2009-06-23 03:12 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-30 03:16 . 2009-06-09 03:12 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-30 03:15 . 2009-06-09 03:12 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-30 03:15 . 2009-06-09 03:12 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-30 03:15 . 2009-06-23 03:12 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-30 03:15 . 2009-06-23 03:12 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-30 03:15 . 2009-06-23 03:12 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-30 03:14 . 2009-06-23 03:12 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-30 03:13 . 2009-06-23 03:12 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-30 03:13 . 2009-06-23 03:12 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-30 03:13 . 2009-06-23 03:12 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-17 15:27 . 2009-07-12 19:26 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-07-12 19:26 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-09 03:12 . 2009-06-09 03:12 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-09 03:12 . 2009-04-20 03:20 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-29 17:25 . 2009-04-13 21:43 -------- d-----w- c:\documents and settings\sfratian\Application Data\Webex
2009-05-29 17:25 . 2009-04-14 14:52 27976 ----a-w- c:\documents and settings\sfratian\Application Data\Webex\PlugIns\T26L10NSP49EP23\ptgpcdec.dll
2009-05-22 15:58 . 2009-05-22 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{C1546EE8-A398-459C-B287-8EA84C4A58D3}
2009-05-22 04:05 . 2009-05-22 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\JollyBear
2009-05-01 14:13 . 2009-05-01 14:13 57344 ----a-w- c:\documents and settings\sfratian\Application Data\Sun\Java\Deployment\javaws\cache\https\Dquickconnect.convergys.com\P-1\DMqcjars\RNfrmwrk_client_dlls.jar\tray.dll
2009-05-01 14:13 . 2009-05-01 14:13 270624 ----a-w- c:\documents and settings\sfratian\Application Data\Sun\Java\Deployment\javaws\cache\https\Dquickconnect.convergys.com\P-1\DMqcjars\RNfrmwrk_client_dlls.jar\corojdk11.dll
2009-05-01 14:13 . 2009-05-01 14:13 122880 ----a-w- c:\documents and settings\sfratian\Application Data\Sun\Java\Deployment\javaws\cache\https\Dquickconnect.convergys.com\P-1\DMqcjars\RNfrmwrk_client_dlls.jar\jdic.dll
2009-04-29 04:52 . 2004-08-24 00:32 659456 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-27 03:12 . 2009-04-27 03:12 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-27 03:12 . 2009-04-20 03:12 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-20 12:15 . 2009-04-14 14:52 74313 ----a-w- c:\documents and settings\sfratian\Application Data\Webex\PlugIns\T26L10NSP49EP23\ptIEGpc.dll
2009-04-17 19:06 . 2009-04-13 21:57 577 ----a-w- c:\documents and settings\sfratian\Application Data\MT.dat
2009-04-17 09:58 . 2002-08-29 12:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2005-01-31 18:21 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-15 14:16 . 2009-04-15 14:16 51304 ----a-w- c:\windows\system32\drivers\atnt40k.sys
2009-04-15 14:15 . 2009-04-15 14:15 202832 ----a-w- c:\windows\system32\atasnt40.dll
2009-04-14 14:52 . 2009-04-14 14:52 98712 ----a-w- c:\documents and settings\sfratian\Application Data\Webex\PlugIns\T26L10NSP49EP23\ieatgpc.dll
2009-04-14 14:52 . 2009-04-14 14:52 32768 ----a-w- c:\documents and settings\sfratian\Application Data\Webex\PlugIns\T26L10NSP49EP23\ptexmeet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTIM.exe"="c:\program files\WebEx\Productivity Tools\PTIM.exe" [2009-04-28 210248]
"ptmsgfrm.exe"="c:\program files\WebEx\Productivity Tools\ptmsgfrm.exe" [2009-04-28 42312]
"PTOneClick"="c:\program files\WebEx\Productivity Tools\ptoneclk.exe" [2009-04-28 165192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-15 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-15 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-15 150040]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2007-03-15 125632]
"IntelAPMClient"="c:\program files\LANDesk\LDClient\amclient.exe" [2006-12-04 323584]
"SDClientMonitor"="c:\program files\LANDesk\LDClient\webportal\sdclientmonitor.exe" [2006-11-01 258048]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-08-27 471040]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-11-19 483420]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-30 520024]

c:\documents and settings\sfratian\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1456251243-1460225243-1646622757-77536\Scripts\Logon\0\0]
"Script"=Facetime_Config.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1456251243-1460225243-1646622757-77536\Scripts\Logon\1\0]
"Script"=TrustedSites.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1456251243-1460225243-1646622757-77536\Scripts\Logon\1\1]
"Script"=GlobalIEsettings.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGAPIMon.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGBUSMon.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DgDmk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DgDmkl.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGDS.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGDSL.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGDT.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGDTL.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dgfiltr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGFSMon.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGKPMail.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGMaster.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dgrec.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGRule.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGUSBMon.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProtectedStorage]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 DGBusMon;DGBusMon;c:\windows\system32\drivers\DGBUSMon.sys [12/4/2008 5:59 PM 42112]
R0 DGDmk;DGDmk;c:\windows\system32\drivers\dgdmk.sys [12/4/2008 5:49 PM 285952]
R0 DGDS;DGDS;c:\windows\system32\drivers\dgds.sys [12/4/2008 5:50 PM 166144]
R0 DGDT;DGDT;c:\windows\system32\drivers\dgdt.sys [12/4/2008 5:51 PM 132608]
R0 DGMaster;DGMaster;c:\windows\system32\drivers\DGMaster.sys [12/4/2008 5:47 PM 577024]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/19/2009 11:12 PM 64160]
R2 CBA8;LANDesk® Management Agent;c:\program files\LANDesk\Shared Files\residentAgent.exe [11/21/2006 3:03 PM 122880]
R2 DGService;Usage History Monitor;c:\program files\DGAgent\DgService.exe [12/4/2008 5:57 PM 212992]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
R2 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [3/14/2007 8:48 PM 116416]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\LANDesk\LDClient\SoftMon.exe [3/2/2009 2:16 PM 262144]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [3/3/2009 3:06 PM 112128]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [3/2/2009 3:06 PM 32808]
R3 DGAPIMon;DGAPIMon;c:\windows\system32\drivers\DGAPIMon.sys [12/4/2008 5:59 PM 115328]
R3 DGCOTMAN;DGCOTMAN;c:\windows\system32\drivers\DGCotMan.sys [12/4/2008 5:50 PM 116096]
R3 DGFSMon;DGFSMon;c:\windows\system32\drivers\dgfsmon.SYS [12/4/2008 5:54 PM 90624]
R3 DGKPMail;DGKPMail;c:\windows\system32\drivers\DGKPMail.sys [12/4/2008 5:58 PM 32896]
R3 DGRule;DGRule;c:\windows\system32\drivers\DGRule.sys [12/4/2008 5:58 PM 97280]
R3 DGScan;Usage History Scanning Service;c:\program files\DGAgent\DgScan.exe [12/4/2008 5:56 PM 290816]
R3 DGTDIMon;DGTDIMon;c:\windows\system32\drivers\DGTDIMon.sys [12/4/2008 5:59 PM 127232]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [3/2/2009 3:06 PM 244368]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [3/2/2009 2:24 PM 11001]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/2/2009 2:23 PM 101936]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [3/2/2009 3:07 PM 110080]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [3/2/2009 2:16 PM 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [3/2/2009 2:16 PM 3328]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [3/2/2009 2:16 PM 3712]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [3/2/2009 2:24 PM 148688]
S3 DGDmkl;DGDmkl;c:\windows\system32\drivers\dgdmkl.sys [12/4/2008 5:50 PM 287104]
S3 DGDSL;DGDSL;c:\windows\system32\drivers\dgdsl.sys [12/4/2008 5:50 PM 167040]
S3 DGDTL;DGDTL;c:\windows\system32\drivers\dgdtl.sys [12/4/2008 5:51 PM 134784]
S3 DGFILTR;DGFILTR;c:\windows\system32\drivers\dgfiltr.sys [12/4/2008 5:47 PM 62208]
S3 DGREC;DGREC;c:\windows\system32\drivers\dgrec.sys [12/4/2008 5:46 PM 34560]
S3 DGUSBMon;DGUSBMon;c:\windows\system32\drivers\DGUSBMon.sys [12/4/2008 5:53 PM 51456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-06-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 03:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = ;*.*.convergys.com;*.*.cbis.com;155.90.*.*;*.*.convergys.com;*.*.cbis.com;155.90.*.*;*.*.convergys.c
om;*.*.cbis.com;155.90.*.*;*.convergys.com;wms
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Trusted Zone: convergys.com
Trusted Zone: convergys.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://www.gamehouse.com/games/JBGamePlayer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-12 18:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\:DG1__DS_DIR_HDR 3072 bytes hidden from API
C:\:DG1__DS_VOL_HDR 3072 bytes hidden from API
C:\cmdcons:DG1__DS_DIR_HDR 3072 bytes hidden from API
C:\ComboFix:DG1__DS_DIR_HDR 3072 bytes hidden from API
C:\Documents and Settings:DG1__DS_DIR_HDR 3072 bytes hidden from API
C:\I386:DG1__DS_DIR_HDR 3072 bytes hidden from API
C:\My Downloads:DG1__DS_DIR_HDR 3072 bytes hidden from API
C:\My WebEx Documents:DG1__DS_DIR_HDR 3072 bytes hidden from API
C:\Notes:DG1__DS_DIR_HDR 3072 bytes hidden from API
C:\old profile:DG1__DS_DIR_HDR 3072 bytes hidden from API
C:\Qoobox:DG1__DS_DIR_HDR 3072 bytes hidden from API
C:\ROTT:DG1__DS_DIR_HDR 3072 bytes hidden from API
C:\SNAP:DG1__DS_DIR_HDR 3072 bytes hidden from API
C:\temp:DG1__DS_DIR_HDR 3072 bytes hidden from API
C:\WORD:DG1__DS_DIR_HDR 3072 bytes hidden from API
C:\_OTMoveIt:DG1__DS_DIR_HDR 3072 bytes hidden from API
C:\drv:DG1__DS_DIR_HDR 3072 bytes hidden from API

scan completed successfully
hidden files: 17

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1900)
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-07-12 18:41
ComboFix-quarantined-files.txt 2009-07-12 22:41

Pre-Run: 135,934,021,632 bytes free
Post-Run: 136,362,541,056 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

305 --- E O F --- 2009-06-19 10:36
  • 0

#9
sfratian
Posted 12 July 2009 - 04:46 PM

sfratian

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:32 PM, on 7/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\system32\CF17054.exe
C:\WINDOWS\PEV.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.*.convergys.com;*.*.cbis.com;155.90.*.*;*.*.convergys.com;*.*.cbis.com;155.90.*.*;*.*.convergys.c
om;*.*.cbis.com;155.90.*.*;*.convergys.com;wms
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\PTIM.exe
O4 - HKCU\..\Run: [ptmsgfrm.exe] C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe
O4 - HKCU\..\Run: [PTOneClick] C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://mycvg.convergys.com
O15 - Trusted Zone: *.convergys.com
O15 - Trusted Zone: *.convergys.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1230907996093
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://www.gamehouse...BGamePlayer.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://convergys3.w...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.convergys.com
O17 - HKLM\Software\..\Telephony: DomainName = na.convergys.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.convergys.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = img.convergys.com,cmg.convergys.com,oz.convergys.com,convergys.com,na.convergys.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.convergys.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = img.convergys.com,cmg.convergys.com,oz.convergys.com,convergys.com,na.convergys.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = img.convergys.com,cmg.convergys.com,oz.convergys.com,convergys.com,na.convergys.com
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Usage History Scanning Service (DGScan) - Unknown owner - C:\Program Files\DGAgent\DgScan.exe
O23 - Service: Usage History Monitor (DGService) - Unknown owner - C:\Program Files\DGAgent\DgService.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 9477 bytes
  • 0

#10
fenzodahl512
Posted 13 July 2009 - 01:27 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Does the computer use DGAgent program? What does DGAgent do? :)
  • 0

#11
sfratian
Posted 13 July 2009 - 06:58 AM

sfratian

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Yes I use DGAgent. It is an ecryption program that secures all the information on my computer.
  • 0

#12
fenzodahl512
Posted 13 July 2009 - 07:25 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :)
  • 0

#13
fenzodahl512
Posted 20 July 2009 - 02:56 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP