Hijackthislog

lashaun84 · May 10, 2009

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:08:33 PM, on 10/05/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe

C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe

C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\1522232968.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,

O2 - BHO: C:\WINDOWS\system32\kjsdiowq8oikf.dll - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\kjsdiowq8oikf.dll

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions

O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache

O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [nidle] "C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

O4 - HKCU\..\Run: [igfxSys] rundll32.exe "C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll",StartProtector

O4 - HKCU\..\Run: [DigiFast] C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe

O4 - HKCU\..\Run: [sfKg6wIPuSpdc] C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe

O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Owner\LOCALS~1\Temp\1522232968.exe

O4 - HKCU\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe

O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\j1icns6s.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\j1icns6s.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\3119620228.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\mvtmymxi.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\j1icns6s.exe (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\The Hidden Object Show Season 2\Images\stg_drm.ocx

O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatieControl Object) - http://zone.msn.com/bingame/choc/default/C...eb.1.0.0.15.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213917412731

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213962550419

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Elizabeth Find, MD - Diagnosis Mystery\Images\armhelper.ocx

O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} (CPlayFirstWeddingDasControl Object) - http://zone.msn.com/bingame/wedd/default/W...sh.1.0.0.50.cab

O20 - AppInit_DLLs: bvqtzn.dll

O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\kjsdiowq8oikf.dll

O22 - SharedTaskScheduler: sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\sdrgfcvbf.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--

End of file - 7561 bytes

Andro1d · May 10, 2009

Hello and Welcome to the forums.

I am MoNsTeReNeRgY22 and I will be assisting you with your computer problem today.

Looking at your system now, one or more of the identified infections is a backdoor application which can allow attackers to access your computer, stealing passwords and personal data.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

With that said, please do the following.

Step 1

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Step 2

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

lashaun84 · May 12, 2009

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-12 18:45:56

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\system32\ntos.exe 191488 bytes executable

C:\WINDOWS\system32\wsnpoem

C:\WINDOWS\system32\wsnpoem\audio.dll 0 bytes

C:\WINDOWS\system32\wsnpoem\video.dll 36086 bytes

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 4

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

Files with Hidden Attributes :

Mon 16 Jun 2008 5,237 A..H. --- "C:\TEMP\t4.bak"

Tue 17 Jun 2008 8,941 A..H. --- "C:\TEMP\t4.bak1"

Tue 17 Jun 2008 9,458 A..H. --- "C:\TEMP\t4.bak2"

Sat 23 Aug 2008 6,464 A..H. --- "C:\TEMP\t4.bak3"

Mon 20 Apr 2009 15,001 ...H. --- "C:\WINDOWS\temp\d4dhv2gu.exe"

Fri 1 May 2009 15,001 ...H. --- "C:\WINDOWS\temp\j1icns6s.exe"

Thu 30 Apr 2009 15,001 ...H. --- "C:\WINDOWS\temp\kscs4o5ayb.exe"

Thu 23 Apr 2009 15,001 ...H. --- "C:\WINDOWS\temp\ml2i872r.exe"

Mon 4 May 2009 15,001 ...H. --- "C:\WINDOWS\temp\mvtmymxi.exe"

Sun 3 May 2009 15,001 ...H. --- "C:\WINDOWS\temp\ur40dz.exe"

Fri 11 Jul 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Thu 12 Mar 2009 158,426 ...H. --- "C:\Program Files\Yahoo! Games\Finders Keepers\Uninstall.exe"

Tue 5 May 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Sat 20 Dec 2008 7,478,208 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\351c39c58af1240d8e8a02f54010533a\BIT32.tmp"

Fri 20 Jun 2008 8,723,064 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5addd6f775e0368f244f62c739d66dd4\BIT58.tmp"

Fri 17 Oct 2008 7,281,784 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7ab777f7de3e6e633438f06ba30269aa\BIT46.tmp"

Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"

Finished!

Andro1d · May 13, 2009

Hey,

Download GMER from here:

http://www.gmer.net/gmer.zip

Unzip it to the desktop.

Please close any open programs/windows!

Open the program and click on the Rootkit/Malware tab.

Make sure all the boxes on the right of the screen are checked, EXCEPT for "Show all".

Click on Scan.

When the scan has run click Copy and paste the results (if any) into this thread.

lashaun84 · May 13, 2009

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-05-13 15:04:34

Windows 5.1.2600 Service Pack 2

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

? C:\WINDOWS\System32\svchost.exe[3896] image checksum mismatch; time/date stamp mismatch; unknown module: urlmon.dllunknown module: OLEAUT32.dll

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00814416

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 008143A8

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0081436A

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00814337

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00814A7E

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00814A23

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0081471E

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 008149F7

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00814A23

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00814A4F

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00814A7E

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0081471E

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00814A23

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00814A7E

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00814416

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 007B4416

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 007B43A8

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 007B436A

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 007B4337

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 007B471E

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 007B4A23

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 007B4A7E

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 007B4416

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 007B4A7E

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 007B4A23

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 007B471E

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 007B49F7

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 007B4A23

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 007B4A4F

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 007B4A7E

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00F14416

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00F14416

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00F143A8

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00F1436A

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00F14337

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00F1471E

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00F14A23

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00F14A7E

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00F14A7E

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00F14A23

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00F1471E

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 00F149F7

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00F14A23

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00F14A4F

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00F14A7E

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00F14416

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00C24416

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00C243A8

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00C2436A

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00C24337

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00C243A8

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00C24416

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00C243A8

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00C2436A

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00C2471E

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00C24A23

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00C24A7E

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00C24A7E

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00C24A23

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00C2471E

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 00C249F7

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00C24A23

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00C24A4F

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00C24A7E

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00B94337

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00764416

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 007643A8

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0076436A

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00764337

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0076471E

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00764A23

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00764A7E

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00764A7E

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00764A23

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0076471E

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 007649F7

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00764A23

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00764A4F

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00764A7E

IAT C:\WINDOWS\system32\svchost.exe[904] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00764416

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 012D4416

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 012D43A8

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 012D436A

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 012D4337

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 012D471E

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 012D4A23

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 012D4A7E

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 012D4A7E

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 012D4A23

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 012D471E

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 012D49F7

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 012D4A23

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 012D4A4F

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 012D4A7E

IAT C:\WINDOWS\System32\svchost.exe[944] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 012D4416

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 009E4416

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 009E43A8

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 009E436A

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 009E4337

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 009E471E

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 009E4A23

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 009E4A7E

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 009E4A7E

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 009E4A23

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 009E471E

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 009E49F7

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 009E4A23

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 009E4A4F

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 009E4A7E

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 009E4416

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00624416

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 006243A8

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0062436A

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00624337

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0062471E

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00624A23

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00624A7E

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00624A7E

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00624A23

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0062471E

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 006249F7

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00624A23

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00624A4F

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00624A7E

IAT C:\WINDOWS\System32\svchost.exe[1104] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00624416

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404416

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004043A8

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040436A

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404337

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040471E

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00404A23

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00404A7E

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00404A7E

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00404A23

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040471E

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 004049F7

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00404A23

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00404A4F

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00404A7E

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404416

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 006A4416

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 006A43A8

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 006A436A

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 006A4337

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 006A471E

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 006A4A23

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 006A4A7E

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 006A4A7E

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 006A4A23

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 006A471E

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 006A49F7

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 006A4A23

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 006A4A4F

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 006A4A7E

IAT C:\WINDOWS\system32\svchost.exe[1160] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 006A4416

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00084416

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000843A8

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0008436A

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00084337

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0008471E

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00084A23

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00084A7E

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 000849F7

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00084A23

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00084A4F

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00084A7E

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00084A7E

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00084A23

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0008471E

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00084416

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 009E4416

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 009E43A8

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 009E436A

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 009E4337

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 009E471E

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 009E4A23

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 009E4A7E

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 009E4A7E

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 009E4A23

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 009E471E

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 009E49F7

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 009E4A23

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 009E4A4F

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 009E4A7E

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 009E4416

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00084416

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000843A8

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0008436A

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00084337

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0008471E

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00084A23

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00084A7E

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00084A7E

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00084A23

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0008471E

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 000849F7

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00084A23

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00084A4F

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00084A7E

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00084416

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00624416

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 006243A8

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0062436A

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00624337

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0062471E

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00624A23

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00624A7E

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00624A7E

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00624A23

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0062471E

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 006249F7

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00624A23

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00624A4F

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00624A7E

IAT C:\WINDOWS\System32\svchost.exe[1484] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00624416

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00DB4416

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00DB43A8

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00DB436A

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00DB4337

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00DB4416

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00DB471E

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00DB4A23

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00DB4A7E

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 00DB49F7

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00DB4A23

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00DB4A4F

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00DB4A7E

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00DB4A7E

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00DB4A23

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00DB471E

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 003C4416

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003C43A8

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 003C436A

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 003C4337

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 003C471E

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 003C4A23

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 003C4A7E

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 003C4A7E

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 003C4A23

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 003C471E

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 003C49F7

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 003C4A23

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 003C4A4F

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 003C4A7E

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 003C4416

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404416

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004043A8

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040436A

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404337

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040471E

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00404A23

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00404A7E

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00404A7E

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00404A23

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040471E

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 004049F7

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00404A23

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00404A4F

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00404A7E

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404416

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404416

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004043A8

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040436A

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404337

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404416

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040471E

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00404A23

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00404A7E

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 004049F7

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00404A23

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00404A4F

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00404A7E

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00404A7E

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00404A23

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040471E

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\Explorer.EXE [uSER32.dll!GetMessageW] 00D54A23

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\Explorer.EXE [uSER32.dll!PeekMessageW] 00D54A7E

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00D54416

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00D543A8

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00D5436A

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00D54337

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 00D549F7

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00D54A23

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00D54A4F

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00D54A7E

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00D54A7E

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00D54A23

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00D5471E

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00D5471E

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00D54A23

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00D54A7E

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00D54416

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD6C07] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD7832] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DDE927] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 00000000

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [7C80E94F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [7C90FF2D] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [7C9174E9] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [7C80EA2B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [7C80C068] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [7C80978A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [7C80A0E4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [7C809A19] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [7C809C08] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [7C810647] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C80BDC6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C830D94] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C809B57] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C80180E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C810B9E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C801A24] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C90FE21] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C831EF5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C860B1F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C835E12] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C802442] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C801E16] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C802520] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C830A01] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C8092B8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C80BE11] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C9010E0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C901000] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C809F01] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C809740] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C8098FB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C81CE13] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C91137A] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C801625] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C834D89] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C80ABD1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C809E11] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C809E89] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C9100C4] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C809776] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 00000000

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [771248C0] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7712503F] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [77125010] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [771250DE] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [77124920] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [77124B59] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7714C780] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 00000000

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [77F72240] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [77F8C41E] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [77F6818C] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 00000000

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [77D6FE82] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [77D4EEF7] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [77D4DB62] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [77D4BD8E] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [77D48A58] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [77D4D935] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [77D6F7A8] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [77D6E083] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [77D85B10] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [77D6EDC3] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [77D4B7DB] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [77D4FDAE] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [77D48F75] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [77D4EEE5] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [77D6FCB2] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 00000000

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [771B7138] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\NDIS \Device\Ndis [81A8D982] NDIS.sys[.reloc]

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys (size mismatch) 182656/182912 bytes executable

File C:\WINDOWS\system32\dllcache\ndis.sys (size mismatch) 213376/182912 bytes executable

File C:\WINDOWS\system32\drivers\ndis.sys (size mismatch) 213376/182912 bytes executable

File C:\WINDOWS\system32\ntos.exe 191488 bytes executable

File C:\WINDOWS\system32\wsnpoem 0 bytes

File C:\WINDOWS\system32\wsnpoem\audio.dll 0 bytes

File C:\WINDOWS\system32\wsnpoem\video.dll 36086 bytes

File C:\WINDOWS\$NtServicePackUninstall$\ndis.sys (size mismatch) 161536/182912 bytes executable

---- EOF - GMER 1.0.15 ----

Andro1d · May 13, 2009

Hi again,

Please download the OTMoveIt3 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")

Copy the fix below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:processes
explorer.exe

:registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\nidle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IgfxSys
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DigiFast
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Diagnostic Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{B2BA40A2-74F0-42BD-F434-12345A2C8953}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{C2BA40A1-74F3-42BD-F434-12345A2C8953}

:files
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\SoftwareDistribution\Download\351c39c58af1240d8e8a02f54010533a\BIT32.tmp
C:\WINDOWS\SoftwareDistribution\Download\5addd6f775e0368f244f62c739d66dd4\BIT58.tmp
C:\WINDOWS\SoftwareDistribution\Download\7ab777f7de3e6e633438f06ba30269aa\BIT46.tmp
C:\WINDOWS\temp\d4dhv2gu.exe
C:\WINDOWS\temp\j1icns6s.exe
C:\WINDOWS\temp\kscs4o5ayb.exe
C:\WINDOWS\temp\ml2i872r.exe
C:\WINDOWS\temp\mvtmymxi.exe
C:\WINDOWS\temp\ur40dz.exe
C:\Documents and Settings\Owner\Application Data\nidle
C:\WINDOWS\system32\wsnpoem
C:\Documents and Settings\Owner\Application Data\digifast
 C:\WINDOWS\system32\kjsdiowq8oikf.dll
C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll
C:\WINDOWS\system32\sdrgfcvbf.dll 
C:\WINDOWS\system32\kjsdiowq8oikf.dl

:commands
[purity]
[emptytemp]
[start explorer]

Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

lashaun84 · May 14, 2009

========== PROCESSES ==========

Process explorer.exe killed successfully.

Error: Unable to interpret <:registry> in the current context!

Error: Unable to interpret <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}> in the current context!

Error: Unable to interpret <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\nidle> in the current context!

Error: Unable to interpret <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IgfxSys> in the current context!

Error: Unable to interpret <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DigiFast> in the current context!

Error: Unable to interpret <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Diagnostic Manager> in the current context!

Error: Unable to interpret <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{B2BA40A2-74F0-42BD-F434-12345A2C8953}> in the current context!

Error: Unable to interpret <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{C2BA40A1-74F3-42BD-F434-12345A2C8953}> in the current context!

========== FILES ==========

File/Folder C:\WINDOWS\system32\ntos.exe not found.

C:\WINDOWS\SoftwareDistribution\Download\351c39c58af1240d8e8a02f54010533a\BIT32.tmp moved successfully.

C:\WINDOWS\SoftwareDistribution\Download\5addd6f775e0368f244f62c739d66dd4\BIT58.tmp moved successfully.

C:\WINDOWS\SoftwareDistribution\Download\7ab777f7de3e6e633438f06ba30269aa\BIT46.tmp moved successfully.

C:\WINDOWS\temp\d4dhv2gu.exe moved successfully.

C:\WINDOWS\temp\j1icns6s.exe moved successfully.

C:\WINDOWS\temp\kscs4o5ayb.exe moved successfully.

C:\WINDOWS\temp\ml2i872r.exe moved successfully.

C:\WINDOWS\temp\mvtmymxi.exe moved successfully.

C:\WINDOWS\temp\ur40dz.exe moved successfully.

C:\Documents and Settings\Owner\Application Data\nidle moved successfully.

File/Folder C:\WINDOWS\system32\wsnpoem not found.

Folder move failed. C:\Documents and Settings\Owner\Application Data\digifast scheduled to be moved on reboot.

C:\WINDOWS\system32\kjsdiowq8oikf.dll NOT unregistered.

C:\WINDOWS\system32\kjsdiowq8oikf.dll moved successfully.

DllUnregisterServer procedure not found in C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll

C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll NOT unregistered.

C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll moved successfully.

C:\WINDOWS\system32\sdrgfcvbf.dll NOT unregistered.

C:\WINDOWS\system32\sdrgfcvbf.dll moved successfully.

File/Folder C:\WINDOWS\system32\kjsdiowq8oikf.dl not found.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\570833324.exe scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_73qu9UsfOT7SUVkjivy9 scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\JET6613.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Internet Explorer cache folder emptied.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

User's Temporary Internet Files folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

Network Service Temp folder emptied.

File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Network Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_614.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\urlclassifier3.sqlite-journal scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05142009_185305

Files moved on Reboot...

C:\Documents and Settings\Owner\Application Data\digifast moved successfully.

C:\DOCUME~1\Owner\LOCALS~1\Temp\570833324.exe moved successfully.

File C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_73qu9UsfOT7SUVkjivy9 not found!

File C:\DOCUME~1\Owner\LOCALS~1\Temp\JET6613.tmp not found!

File C:\WINDOWS\temp\Perflib_Perfdata_614.dat not found!

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\urlclassifier3.sqlite moved successfully.

File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\urlclassifier3.sqlite-journal not found!

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\XUL.mfl moved successfully.

Andro1d · May 15, 2009

Please post a new HJT log.

lashaun84 · May 15, 2009

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:59:28 PM, on 15/05/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\TEMP\BN2.tmp

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,

O2 - BHO: C:\WINDOWS\system32\sdrgfcvbf.dll - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\sdrgfcvbf.dll (file missing)