Thread: CPU usage @ 100%
View Single Post
Old 11-01-2008, 03:53 AM   #1 (permalink)
Molmeister
Registered User
 
Join Date: Dec 2007
Posts: 11
OS: XP


CPU usage @ 100%
*** REDIRECTED FROM WINXP SUPPORT INDICATING MALWARE ISSUE***

Hi -

Theres plenty to be said about CPU usage at 100% but it all seems pretty specific to the user and mine is no exception - by the way its taken a good 15 mins and a few IE crashes to get this far!

Some background
OS XP - SP3
3.4GHZ P4
1GB RAM
200GB HDD

No apps open apart from IE

CPU Usage 100% PF Usage 502MB (not sure what this is)

Top 3 processess eatting CPU usage (give or take)

ULCDRSvr.exe. - 45% (I do have Ulead installed & have had for a year or so)
WKUFind.exe. - 35% (Seems MS related- so not sure if I should kill it)
CSRSS.exe - 21% (Most sites indicate MS related but a few indicate a virus!)

I've bought and run a registry cleaner, which took over 24 hours to run and a further 12 to clean, I use Kaspersky Internet Security v8 - all up to date and run Ad-Aware 08

Any thoughts - coz I'm at my wits end (albeit glad this post didn't crash my PC!)

Many thanks in advance

The GMER text is pasted below as I can't attach it. Info is attached

Can't thank anyone enough 4 any assistance

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-31 18:02:33
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xAA60481A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xAA604DC6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xAA60682A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xAA6061E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xAA603F90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xAA60818C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xAA604BC2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xAA6043D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xAA6045D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xAA6064EC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xAA608698]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xAA6046E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xAA604750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xAA6063A2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xAA607C50]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xAA60603C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xAA6040F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xAA6049E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xAA6081B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xAA60493E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xAA6047B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xAA6044BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xAA60429A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xAA607EB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xAA603C12]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xAA6070B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xAA603D74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xAA608568]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xAA603A10]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xAA6066CC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xAA604CC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xAA607D4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xAA6081E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xAA604148]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xAA6082C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xAA6083F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xAA607B7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xAA604A92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xAA604B04]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwYieldExecution + 46A 804E4CA4 12 Bytes [ C4, 82, 60, AA, F0, 83, 60, ... ]
.text ntoskrnl.exe!IoIsOperationSynchronous 804EAFAE 5 Bytes JMP AA61B3D6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804F4593 5 Bytes JMP AA61B01C \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)

---- User code sections - GMER 1.0.14 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[964] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[964] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [ 70, 11, 41, 6D ]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1828] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1828] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [ 70, 11, 41, 6D ]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[2672] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[2672] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [ 70, 11, 41, 6D ]

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F6DDEDF0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F6DDEDF0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\drivers\ws2ifsl.sys[ntoskrnl.exe!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[ntoskrnl.exe!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\HIDCLASS.SYS[ntoskrnl.exe!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\usbccgp.sys[NTOSKRNL.EXE!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\mouhid.sys[ntoskrnl.exe!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\point32.sys[ntoskrnl.exe!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\kbdhid.sys[ntoskrnl.exe!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\Fastfat.SYS[ntoskrnl.exe!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] [F6DDED40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe[528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001352EC
IAT C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe[528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135238
IAT C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe[528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351D3
IAT C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe[528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351A1
IAT C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe[528] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135877
IAT C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe[528] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135877
IAT C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe[528] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355AD
IAT C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe[528] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355AD
IAT C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe[528] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135877
IAT C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe[528] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001352EC
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004052EC
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405238
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004051D3
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004051A1
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[924] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004055AD
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[924] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405877
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[924] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405877
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[924] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00405877
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[924] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 004055AD
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[924] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004052EC
IAT C:\WINDOWS\system32\services.exe[1244] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 007A52EC
IAT C:\WINDOWS\system32\services.exe[1244] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 007A52EC
IAT C:\WINDOWS\system32\services.exe[1244] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 007A5238
IAT C:\WINDOWS\system32\services.exe[1244] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 007A51D3
IAT C:\WINDOWS\system32\services.exe[1244] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 007A51A1
IAT C:\WINDOWS\system32\services.exe[1244] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 007A5877
IAT C:\WINDOWS\system32\services.exe[1244] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 007A52EC
IAT C:\WINDOWS\system32\services.exe[1244] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 007A55AD
IAT C:\WINDOWS\system32\services.exe[1244] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 007A5877
IAT C:\WINDOWS\system32\services.exe[1244] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 007A5877
IAT C:\WINDOWS\system32\services.exe[1244] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 007A55AD
IAT C:\WINDOWS\system32\lsass.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00FD52EC
IAT C:\WINDOWS\system32\lsass.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00FD5238
IAT C:\WINDOWS\system32\lsass.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00FD51D3
IAT C:\WINDOWS\system32\lsass.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00FD51A1
IAT C:\WINDOWS\system32\lsass.exe[1256] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00FD5238
IAT C:\WINDOWS\system32\lsass.exe[1256] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00FD52EC
IAT C:\WINDOWS\system32\lsass.exe[1256] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00FD5238
IAT C:\WINDOWS\system32\lsass.exe[1256] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00FD51D3
IAT C:\WINDOWS\system32\lsass.exe[1256] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00FD55AD
IAT C:\WINDOWS\system32\lsass.exe[1256] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00FD5877
IAT C:\WINDOWS\system32\lsass.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00FD5877
IAT C:\WINDOWS\system32\lsass.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00FD55AD
IAT C:\WINDOWS\system32\lsass.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00FD5877
IAT C:\WINDOWS\system32\svchost.exe[1440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00F951A1
IAT C:\WINDOWS\system32\svchost.exe[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00BD52EC
IAT C:\WINDOWS\system32\svchost.exe[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00BD5238
IAT C:\WINDOWS\system32\svchost.exe[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00BD51D3
IAT C:\WINDOWS\system32\svchost.exe[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00BD51A1
IAT C:\WINDOWS\system32\svchost.exe[1508] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00BD55AD
IAT C:\WINDOWS\system32\svchost.exe[1508] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00BD5877
IAT C:\WINDOWS\system32\svchost.exe[1508] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00BD5877
IAT C:\WINDOWS\system32\svchost.exe[1508] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00BD55AD
IAT C:\WINDOWS\system32\svchost.exe[1508] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00BD5877
IAT C:\WINDOWS\system32\svchost.exe[1508] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00BD52EC
IAT C:\WINDOWS\System32\svchost.exe[1620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 03C852EC
IAT C:\WINDOWS\System32\svchost.exe[1620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 03C85238
IAT C:\WINDOWS\System32\svchost.exe[1620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 03C851D3
IAT C:\WINDOWS\System32\svchost.exe[1620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 03C851A1
IAT C:\WINDOWS\System32\svchost.exe[1620] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 03C855AD
IAT C:\WINDOWS\System32\svchost.exe[1620] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 03C85877
IAT C:\WINDOWS\System32\svchost.exe[1620] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 03C85877
IAT C:\WINDOWS\System32\svchost.exe[1620] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 03C855AD
IAT C:\WINDOWS\System32\svchost.exe[1620] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 03C85877
IAT C:\WINDOWS\System32\svchost.exe[1620] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 03C852EC
IAT C:\WINDOWS\system32\svchost.exe[1652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 006852EC
IAT C:\WINDOWS\system32\svchost.exe[1652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00685238
IAT C:\WINDOWS\system32\svchost.exe[1652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 006851D3
IAT C:\WINDOWS\system32\svchost.exe[1652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 006851A1
IAT C:\WINDOWS\system32\svchost.exe[1652] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 006855AD
IAT C:\WINDOWS\system32\svchost.exe[1652] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00685877
IAT C:\WINDOWS\system32\svchost.exe[1652] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00685877
IAT C:\WINDOWS\system32\svchost.exe[1652] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 006855AD
IAT C:\WINDOWS\system32\svchost.exe[1652] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00685877
IAT C:\WINDOWS\system32\svchost.exe[1652] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 006852EC
IAT C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe[2244] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001352EC
IAT C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe[2244] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135238
IAT C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe[2244] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351D3
IAT C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe[2244] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351A1
IAT C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe[2244] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135877
IAT C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe[2244] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355AD
IAT C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe[2244] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135877
IAT C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe[2244] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355AD
IAT C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe[2244] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135877
IAT C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe[2244] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001352EC
IAT C:\WINDOWS\System32\alg.exe[2312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00B852EC
IAT C:\WINDOWS\System32\alg.exe[2312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00B85238
IAT C:\WINDOWS\System32\alg.exe[2312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00B851D3
IAT C:\WINDOWS\System32\alg.exe[2312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00B851A1
IAT C:\WINDOWS\System32\alg.exe[2312] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00B855AD
IAT C:\WINDOWS\System32\alg.exe[2312] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00B85877
IAT C:\WINDOWS\System32\alg.exe[2312] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00B852EC
IAT C:\WINDOWS\System32\alg.exe[2312] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00B85877
IAT C:\WINDOWS\System32\alg.exe[2312] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00B855AD
IAT C:\WINDOWS\System32\alg.exe[2312] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00B85877
IAT C:\WINDOWS\System32\svchost.exe[2608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004052EC
IAT C:\WINDOWS\System32\svchost.exe[2608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405238
IAT C:\WINDOWS\System32\svchost.exe[2608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004051D3
IAT C:\WINDOWS\System32\svchost.exe[2608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004051A1
IAT C:\WINDOWS\System32\svchost.exe[2608] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004055AD
IAT C:\WINDOWS\System32\svchost.exe[2608] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405877
IAT C:\WINDOWS\System32\svchost.exe[2608] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405877
IAT C:\WINDOWS\System32\svchost.exe[2608] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004055AD
IAT C:\WINDOWS\System32\svchost.exe[2608] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405877
IAT C:\WINDOWS\System32\svchost.exe[2608] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004052EC
IAT C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe[2620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001352EC
IAT C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe[2620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135238
IAT C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe[2620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351D3
IAT C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe[2620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351A1
IAT C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe[2620] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355AD
IAT C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe[2620] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135877
IAT C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe[2620] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135877
IAT C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe[2620] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355AD
IAT C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe[2620] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135877
IAT C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe[2620] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001352EC
IAT C:\Program Files\Messenger\msmsgs.exe[3000] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004052EC
IAT C:\Program Files\Messenger\msmsgs.exe[3000] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405238
IAT C:\Program Files\Messenger\msmsgs.exe[3000] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004051D3
IAT C:\Program Files\Messenger\msmsgs.exe[3000] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004051A1
IAT C:\Program Files\Messenger\msmsgs.exe[3000] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004052EC
IAT C:\Program Files\Messenger\msmsgs.exe[3000] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004055AD
IAT C:\Program Files\Messenger\msmsgs.exe[3000] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405877
IAT C:\Program Files\Messenger\msmsgs.exe[3000] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405877
IAT C:\Program Files\Messenger\msmsgs.exe[3000] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405877
IAT C:\Program Files\Messenger\msmsgs.exe[3000] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004055AD
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001352EC
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135238
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351D3
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351A1
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3168] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135877
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3168] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355AD
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3168] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135877
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3168] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001352EC
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3168] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355AD
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3168] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135877
IAT C:\Program Files\iPod\bin\iPodService.exe[3220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001352EC
IAT C:\Program Files\iPod\bin\iPodService.exe[3220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135238
IAT C:\Program Files\iPod\bin\iPodService.exe[3220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351D3
IAT C:\Program Files\iPod\bin\iPodService.exe[3220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351A1
IAT C:\Program Files\iPod\bin\iPodService.exe[3220] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355AD
IAT C:\Program Files\iPod\bin\iPodService.exe[3220] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135877
IAT C:\Program Files\iPod\bin\iPodService.exe[3220] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135877
IAT C:\Program Files\iPod\bin\iPodService.exe[3220] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135877
IAT C:\Program Files\iPod\bin\iPodService.exe[3220] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355AD
IAT C:\Program Files\iPod\bin\iPodService.exe[3220] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001352EC
IAT C:\Program Files\palmOne\Hotsync.exe[3308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001352EC
IAT C:\Program Files\palmOne\Hotsync.exe[3308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135238
IAT C:\Program Files\palmOne\Hotsync.exe[3308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351D3
IAT C:\Program Files\palmOne\Hotsync.exe[3308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351A1
IAT C:\Program Files\palmOne\Hotsync.exe[3308] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135877
IAT C:\Program Files\palmOne\Hotsync.exe[3308] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355AD
IAT C:\Program Files\palmOne\Hotsync.exe[3308] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135877
IAT C:\Program Files\palmOne\Hotsync.exe[3308] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355AD
IAT C:\Program Files\palmOne\Hotsync.exe[3308] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135877
IAT C:\Program Files\palmOne\Hotsync.exe[3308] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001352EC
IAT C:\WINDOWS\Explorer.EXE[3404] @ C:\WINDOWS\Explorer.EXE [USER32.dll!TranslateMessage] 00D85877
IAT C:\WINDOWS\Explorer.EXE[3404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00D852EC
IAT C:\WINDOWS\Explorer.EXE[3404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00D85238
IAT C:\WINDOWS\Explorer.EXE[3404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00D851D3
IAT C:\WINDOWS\Explorer.EXE[3404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00D851A1
IAT C:\WINDOWS\Explorer.EXE[3404] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00D855AD
IAT C:\WINDOWS\Explorer.EXE[3404] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00D85877
IAT C:\WINDOWS\Explorer.EXE[3404] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00D85877
IAT C:\WINDOWS\Explorer.EXE[3404] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00D85877
IAT C:\WINDOWS\Explorer.EXE[3404] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00D855AD
IAT C:\WINDOWS\Explorer.EXE[3404] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00D852EC
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004052EC
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405238
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004051D3
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004051A1
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004055AD
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405877
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004052EC
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405877
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004055AD
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405877
IAT C:\DOCUME~1\Tim\LOCALS~1\Temp\Temporary Directory 1 for gmer[1].zip\gmer.exe[4060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001352EC
IAT C:\DOCUME~1\Tim\LOCALS~1\Temp\Temporary Directory 1 for gmer[1].zip\gmer.exe[4060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135238
IAT C:\DOCUME~1\Tim\LOCALS~1\Temp\Temporary Directory 1 for gmer[1].zip\gmer.exe[4060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351D3
IAT C:\DOCUME~1\Tim\LOCALS~1\Temp\Temporary Directory 1 for gmer[1].zip\gmer.exe[4060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351A1
IAT C:\DOCUME~1\Tim\LOCALS~1\Temp\Temporary Directory 1 for gmer[1].zip\gmer.exe[4060] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135877
IAT C:\DOCUME~1\Tim\LOCALS~1\Temp\Temporary Directory 1 for gmer[1].zip\gmer.exe[4060] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355AD
IAT C:\DOCUME~1\Tim\LOCALS~1\Temp\Temporary Directory 1 for gmer[1].zip\gmer.exe[4060] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135877
IAT C:\DOCUME~1\Tim\LOCALS~1\Temp\Temporary Directory 1 for gmer[1].zip\gmer.exe[4060] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001352EC
IAT C:\DOCUME~1\Tim\LOCALS~1\Temp\Temporary Directory 1 for gmer[1].zip\gmer.exe[4060] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355AD
IAT C:\DOCUME~1\Tim\LOCALS~1\Temp\Temporary Directory 1 for gmer[1].zip\gmer.exe[4060] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135877

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.14 ----

Thread 532:3864 00365125
Thread 532:3084 003A5125
Thread 532:2384 00525125
Thread 2364:3560 00405125
Thread 2364:2956 002A5125

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x6B 0x65 0x49 0x6A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- Files - GMER 1.0.14 ----

File C:\WINDOWS\system32\twain_32 0 bytes
File C:\WINDOWS\system32\twain_32\local.ds 22803 bytes
File C:\WINDOWS\system32\twain_32\user.ds 0 bytes
File C:\WINDOWS\system32\twext.exe 52224 bytes executable

---- EOF - GMER 1.0.14 ----
Attached Files
File Type: txt info.txt (17.7 KB, 1 views)
Molmeister is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here