Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with popup malware


  • This topic is locked This topic is locked
15 replies to this topic

#1 rlgosselin

rlgosselin

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 25 April 2009 - 03:45 PM

I randomly get popup ads that I can't always get rid of. They show up on my desktop and when I use the Windows task manager to end task it often closes Internet Explorer as well. The one I have on my desktop now is "Contectual ads by Snappyads - Windows Internet Explorer". I have Mcafee Security Center installed and running but it doesn't show any problems. I have my popup blocker turned on. My CPU usage is often at 100% with nothing open except Internet Explorer and the popup ad. My kids use AIM IM and various internet video games. I'm guessing something's gotten in through one of those things. I think it's malware but I'm a novice when it comes to these things.

DDS (Ver_09-03-16.01) - NTFSx86
Run by user at 15:18:44.45 on Sat 04/25/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1051 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Documents and Settings\user\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://roadrunner.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: snappyads browser enhancer: {5ed9e5c0-63f7-0dc8-9723-6e6409d41e3d} - c:\windows\system32\ugimrhzlkzqb.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: snappyads: {b2de9406-b3c0-ba8b-5a42-2ce4f435dac7} - c:\windows\system32\nsdC67.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: mysidesearch search enhancer: {dea14e43-511f-c547-0ef2-d462000ef2ad} - c:\windows\system32\dncjwrqaar.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ayjhpgsnkc] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\ugimrhzlkzqb.dll"
StartupFolder: c:\docume~1\user\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5588/mcfscan.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 214024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-1 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-1-1 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-1-1 144704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-3 24652]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-1-1 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-1 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-1 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-1 34216]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-1 40552]
S3 04b3b6e8-e017-4697-aa32-956f5d894ce9;04b3b6e8-e017-4697-aa32-956f5d894ce9;\??\e:\cds300\cds300.dll --> e:\cds300\cds300.dll [?]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-12-10 33752]

=============== Created Last 30 ================

2009-04-21 20:37 <DIR> --d----- c:\windows\system32\NtmsData
2009-04-18 16:20 <DIR> --d----- c:\windows\McAfee.com
2009-04-18 13:10 <DIR> --d----- c:\windows\system32\scripting
2009-04-18 13:10 <DIR> --d----- c:\windows\l2schemas
2009-04-18 13:10 <DIR> --d----- c:\windows\system32\en
2009-04-18 13:10 <DIR> --d----- c:\windows\system32\bits
2009-04-18 13:05 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-18 13:00 1,677,824 a------- c:\windows\system32\chsbrkr.dll
2009-04-18 13:00 1,158,818 a------- c:\windows\system32\korwbrkr.lex
2009-04-18 13:00 838,144 a------- c:\windows\system32\chtbrkr.dll
2009-04-18 13:00 1,486 a------- c:\windows\system32\noise.kor
2009-04-18 13:00 1,875,968 a------- c:\windows\system32\msir3jp.lex
2009-04-18 13:00 98,304 a------- c:\windows\system32\msir3jp.dll
2009-04-18 13:00 70,656 a------- c:\windows\system32\korwbrkr.dll
2009-04-18 13:00 2,060 a------- c:\windows\system32\noise.jpn
2009-04-18 12:58 6,656 a------- c:\windows\system32\c_is2022.dll
2009-04-18 12:57 156,672 a------- c:\windows\system32\WINZM.IME
2009-04-18 12:57 156,672 a------- c:\windows\system32\WINSP.IME
2009-04-18 12:57 156,672 a------- c:\windows\system32\WINPY.IME
2009-04-18 12:57 94,720 a------- c:\windows\system32\imekr61.ime
2009-04-18 12:57 811,064 a------- c:\windows\system32\imjp81k.dll
2009-04-18 12:57 340,023 a------- c:\windows\system32\imjp81.ime
2009-04-18 12:57 8,704 a------- c:\windows\system32\kbdjpn.dll
2009-04-18 12:57 8,192 a------- c:\windows\system32\kbdkor.dll
2009-04-18 12:57 6,144 a------- c:\windows\system32\kbd106.dll
2009-04-18 12:57 6,144 a------- c:\windows\system32\kbd101c.dll
2009-04-18 12:57 5,632 a------- c:\windows\system32\kbd103.dll
2009-04-18 12:57 6,144 a------- c:\windows\system32\kbd101b.dll
2009-04-18 12:56 <DIR> --d----- c:\windows\network diagnostic
2009-04-18 12:45 <DIR> --d----- c:\windows\EHome
2009-04-17 00:20 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-12 17:20 <DIR> --d----- c:\program files\City Interactive
2009-04-10 16:49 494,557 a------- c:\windows\system32\dxgi.dll
2009-04-10 16:49 25,037 a------- c:\windows\system32\Nucleus.dll
2009-04-10 16:49 566,624 a------- c:\windows\system32\d3d10.dll
2009-04-10 16:49 519,912 a------- c:\windows\system32\d3dx10.dll
2009-04-10 16:44 <DIR> --d----- c:\windows\Logs
2009-04-10 16:35 69,194 a------- c:\windows\system32\dncjwrqaar.dll-uninst.exe
2009-04-10 16:35 <DIR> --d----- c:\program files\Snappyads Games Collection
2009-04-10 16:35 85,665 a------- c:\windows\system32\60322311-ee73-f792-a8e4-9de2b6fcbc8f.exe
2009-04-10 16:35 48,281 a------- c:\windows\system32\uzecugvfik.exe
2009-04-10 16:27 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-04-10 16:26 <DIR> --d----- c:\program files\Best Buy Games
2009-04-10 16:16 <DIR> --d----- c:\program files\OpenAL
2009-04-10 16:16 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-04-10 16:16 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-04-10 14:56 <DIR> --d----- c:\program files\WildGames
2009-04-10 13:56 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-04-10 09:29 664 a------- c:\windows\system32\d3d9caps.dat
2009-04-09 16:30 <DIR> --d----- c:\program files\Yahoo!
2009-04-08 11:25 714,240 a------- c:\windows\system32\nsdC67.dll
2009-04-06 18:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Musicnotes
2009-04-06 04:33 479,232 a------- c:\windows\system32\ugimrhzlkzqb.dll
2009-04-06 04:33 398,848 a------- c:\windows\system32\_ugimrhzlkzqb.dll
2009-04-03 11:45 555,520 a------- c:\windows\system32\dncjwrqaar.dll
2009-03-31 16:23 107,832 a------- c:\windows\system32\PnkBstrB.exe
2009-03-31 16:23 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-03-31 16:19 <DIR> --d----- c:\windows\.jagex_cache_32

==================== Find3M ====================

2009-04-19 17:46 1,140 -------- c:\docume~1\user\applic~1\wklnhst.dat
2009-04-18 13:21 77,939 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-16 16:09 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-03-25 11:06 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 11:06 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
2009-03-25 11:06 79,880 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 11:06 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-03-25 11:05 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
2009-03-21 09:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-18 07:18 348,160 a------- c:\windows\system32\msvcr71.dll
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 09:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 19:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 19:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 23:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 05:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 00:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-09 07:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 07:10 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 07:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 07:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 07:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:10 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-02-09 07:10 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-02-09 07:10 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-02-09 07:10 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-09 07:10 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 06:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 06:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 06:11 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-02-06 06:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 06:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 05:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 05:39 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-02-06 05:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 05:10 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-02-03 14:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 14:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-01-01 15:38 61,224 -------- c:\documents and settings\user\GoToAssistDownloadHelper.exe

============= FINISH: 15:20:16.12 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 28 April 2009 - 02:14 AM

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....



Please download The Comedian.exe to your desktop
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
If you see "random" name, just leave it.. If you see "GMER", please rename GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 03 May 2009 - 05:47 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 05 May 2009 - 06:55 PM

reopen per user request.. post the log here..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 rlgosselin

rlgosselin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 05 May 2009 - 07:07 PM

Malwarebytes' Anti-Malware 1.36
Database version: 2067
Windows 5.1.2600 Service Pack 3

5/3/2009 10:50:58 AM
mbam-log-2009-05-03 (10-50-58).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 219655
Time elapsed: 4 hour(s), 14 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uzecugvfik (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\60322311-ee73-f792-a8e4-9de2b6fcbc8f (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{197e8460-ee74-7380-9746-c552aecd1036} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ed9e5c0-63f7-0dc8-9723-6e6409d41e3d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5ed9e5c0-63f7-0dc8-9723-6e6409d41e3d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2de9406-b3c0-ba8b-5a42-2ce4f435dac7} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b2de9406-b3c0-ba8b-5a42-2ce4f435dac7} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dea14e43-511f-c547-0ef2-d462000ef2ad} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dea14e43-511f-c547-0ef2-d462000ef2ad} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ayjhpgsnkc (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP150\A0025678.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP155\A0025853.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uzecugvfik.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\60322311-ee73-f792-a8e4-9de2b6fcbc8f.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dncjwrqaar.dll-uninst.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ugimrhzlkzqb.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\nsdC67.dll (Adware.BHO) -> Delete on reboot.
C:\WINDOWS\system32\dncjwrqaar.dll (Adware.BHO) -> Delete on reboot.

#6 rlgosselin

rlgosselin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 05 May 2009 - 07:11 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2009-05-03 11:10:27
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 14 GB (25%) free of 54 GB
Total RAM: 2046 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:07 AM, on 5/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Palm\HOTSYNC.EXE
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\J9GH1VFT\RSIT[1].exe
C:\Program Files\trend micro\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://roadrunner.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...588/mcfscan.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10582 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\backup.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-03-18 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-03-25 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-16 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-17 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-16 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-07-26 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-16 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-04-05 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-05 77824]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-04-05 114688]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"ISUSPM Startup"=c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
""= []
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-07-12 1117184]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-01-08 645328]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-03-18 198160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-14 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\user\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-05 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Disabled:AIM"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Disabled:McAfee Network Agent"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Nicholas\My Documents\BitDownload\BitDownload.exe"="C:\Documents and Settings\Nicholas\My Documents\BitDownload\BitDownload.exe:*:Disabled:Warez3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-05-03 11:10:28 ----D---- C:\Program Files\trend micro
2009-05-03 11:10:27 ----D---- C:\rsit
2009-05-03 10:58:15 ----D---- C:\WINDOWS\LastGood
2009-05-02 13:41:12 ----D---- C:\Documents and Settings\user\Application Data\Malwarebytes
2009-05-02 13:40:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-02 13:40:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-02 13:32:46 ----D---- C:\WINDOWS\ERDNT
2009-05-02 13:30:26 ----D---- C:\Program Files\ERUNT
2009-04-21 20:37:45 ----D---- C:\WINDOWS\system32\NtmsData
2009-04-19 03:01:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-04-19 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-04-19 03:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-04-18 16:20:49 ----D---- C:\WINDOWS\McAfee.com
2009-04-18 14:34:31 ----D---- C:\WINDOWS\Prefetch
2009-04-18 13:41:45 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-04-18 13:41:12 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-18 13:40:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-18 13:40:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-04-18 13:39:37 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-18 13:39:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-18 13:38:48 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-04-18 13:38:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-04-18 13:37:47 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-04-18 13:37:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-04-18 13:36:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-04-18 13:36:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-04-18 13:35:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-04-18 13:34:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-18 13:33:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-04-18 13:32:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-04-18 13:32:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-04-18 13:31:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-04-18 13:31:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-04-18 13:30:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-18 13:30:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-04-18 13:29:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-04-18 13:29:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-04-18 13:29:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-04-18 13:28:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-04-18 13:28:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-04-18 13:28:04 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-04-18 13:27:48 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-04-18 13:27:22 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-18 13:10:11 ----D---- C:\WINDOWS\system32\scripting
2009-04-18 13:10:10 ----D---- C:\WINDOWS\l2schemas
2009-04-18 13:10:09 ----D---- C:\WINDOWS\system32\en
2009-04-18 13:10:08 ----D---- C:\WINDOWS\system32\bits
2009-04-18 13:05:05 ----D---- C:\WINDOWS\ServicePackFiles
2009-04-18 13:00:14 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2009-04-18 13:00:13 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2009-04-18 13:00:12 ----A---- C:\WINDOWS\system32\msir3jp.dll
2009-04-18 13:00:12 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2009-04-18 12:59:36 ----A---- C:\WINDOWS\system32\c_g18030.dll
2009-04-18 12:59:35 ----A---- C:\WINDOWS\system32\kbd101a.dll
2009-04-18 12:59:19 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2009-04-18 12:59:19 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2009-04-18 12:59:19 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2009-04-18 12:59:19 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2009-04-18 12:59:18 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2009-04-18 12:59:18 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2009-04-18 12:59:18 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2009-04-18 12:59:17 ----A---- C:\WINDOWS\system32\kbdax2.dll
2009-04-18 12:59:17 ----A---- C:\WINDOWS\system32\kbd106n.dll
2009-04-18 12:59:17 ----A---- C:\WINDOWS\system32\kbd101.dll
2009-04-18 12:58:21 ----A---- C:\WINDOWS\system32\c_is2022.dll
2009-04-18 12:58:13 ----A---- C:\WINDOWS\system32\uniime.dll
2009-04-18 12:57:58 ----A---- C:\WINDOWS\system32\imjp81k.dll
2009-04-18 12:57:54 ----A---- C:\WINDOWS\system32\kbdkor.dll
2009-04-18 12:57:54 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2009-04-18 12:57:54 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-04-18 12:57:54 ----A---- C:\WINDOWS\system32\kbd103.dll
2009-04-18 12:57:54 ----A---- C:\WINDOWS\system32\kbd101c.dll
2009-04-18 12:57:31 ----A---- C:\WINDOWS\system32\kbd101b.dll
2009-04-18 12:56:43 ----D---- C:\WINDOWS\network diagnostic
2009-04-18 12:45:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-04-18 12:45:13 ----D---- C:\WINDOWS\EHome
2009-04-18 12:32:14 ----D---- C:\Documents and Settings\user\Application Data\Google
2009-04-17 03:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-04-17 03:04:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961373_0$
2009-04-17 03:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-04-17 03:01:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-04-17 03:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-04-17 03:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-04-17 00:21:00 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-12 17:20:22 ----D---- C:\Program Files\City Interactive
2009-04-10 16:49:53 ----A---- C:\WINDOWS\system32\Nucleus.dll
2009-04-10 16:49:53 ----A---- C:\WINDOWS\system32\dxgi.dll
2009-04-10 16:49:51 ----A---- C:\WINDOWS\system32\d3dx10.dll
2009-04-10 16:49:51 ----A---- C:\WINDOWS\system32\d3d10.dll
2009-04-10 16:44:51 ----D---- C:\WINDOWS\Logs
2009-04-10 16:35:10 ----D---- C:\Program Files\Snappyads Games Collection
2009-04-10 16:28:28 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-04-10 16:28:27 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-04-10 16:28:27 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-04-10 16:28:26 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-04-10 16:28:26 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-04-10 16:28:25 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-04-10 16:28:25 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-04-10 16:28:24 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-04-10 16:28:23 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-04-10 16:28:23 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-04-10 16:28:23 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-04-10 16:28:23 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-04-10 16:28:22 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-04-10 16:28:22 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-04-10 16:28:21 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-04-10 16:28:17 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-04-10 16:28:17 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-04-10 16:28:05 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-04-10 16:28:05 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-04-10 16:28:04 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-04-10 16:28:03 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-04-10 16:28:03 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-04-10 16:28:03 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-04-10 16:28:02 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-04-10 16:28:01 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-04-10 16:28:01 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-04-10 16:28:00 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-04-10 16:28:00 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-04-10 16:27:59 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-04-10 16:27:45 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-04-10 16:27:44 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-04-10 16:27:44 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-04-10 16:27:43 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-04-10 16:27:43 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-04-10 16:27:42 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-04-10 16:27:41 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-04-10 16:27:40 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-04-10 16:27:40 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-04-10 16:27:37 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-04-10 16:26:42 ----D---- C:\Program Files\Best Buy Games
2009-04-10 16:16:29 ----D---- C:\Program Files\OpenAL
2009-04-10 16:16:28 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-04-10 16:16:28 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-04-10 14:56:23 ----D---- C:\Program Files\WildGames
2009-04-10 14:50:43 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-04-10 13:56:48 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-04-09 20:21:52 ----D---- C:\Documents and Settings\user\Application Data\Yahoo!
2009-04-09 16:31:32 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-04-09 16:30:12 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-04-09 16:30:10 ----D---- C:\Program Files\Yahoo!
2009-04-06 18:28:20 ----D---- C:\Documents and Settings\All Users\Application Data\Musicnotes
2009-03-31 16:23:42 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-03-31 16:23:25 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-03-31 16:19:31 ----D---- C:\WINDOWS\.jagex_cache_32
2009-03-23 05:17:10 ----D---- C:\Documents and Settings\user\Application Data\Real
2009-03-18 07:19:09 ----D---- C:\Program Files\Common Files\xing shared
2009-03-15 15:53:31 ----D---- C:\WINDOWS\system32\Adobe
2009-03-12 20:22:54 ----D---- C:\Program Files\EclipseCrossword
2009-03-11 03:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-03-11 03:01:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2009-03-11 03:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-05 21:16:45 ----D---- C:\Documents and Settings\user\Application Data\WinRAR
2009-02-26 04:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-02-25 08:38:41 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent
2009-02-12 04:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-09 18:56:28 ----D---- C:\Program Files\Palm

======List of files/folders modified in the last 3 months======

2009-05-03 11:10:28 ----D---- C:\Program Files
2009-05-03 11:02:31 ----HD---- C:\Config.Msi
2009-05-03 10:58:25 ----HD---- C:\WINDOWS\inf
2009-05-03 10:58:15 ----D---- C:\WINDOWS
2009-05-03 10:58:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-03 10:57:47 ----SHD---- C:\WINDOWS\Installer
2009-05-03 10:55:52 ----D---- C:\WINDOWS\Temp
2009-05-03 10:54:02 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-05-03 10:53:27 ----D---- C:\WINDOWS\system32
2009-05-03 10:53:20 ----D---- C:\WINDOWS\system32\drivers
2009-05-03 10:52:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-25 03:11:48 ----D---- C:\WINDOWS\pchealth
2009-04-21 20:50:46 ----SD---- C:\WINDOWS\Tasks
2009-04-21 20:47:52 ----D---- C:\WINDOWS\repair
2009-04-21 20:47:33 ----D---- C:\WINDOWS\Registration
2009-04-21 03:02:29 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-20 07:05:58 ----A---- C:\WINDOWS\OEWABLog.txt
2009-04-19 03:01:40 ----D---- C:\WINDOWS\system32\dllcache
2009-04-19 03:01:28 ----A---- C:\WINDOWS\imsins.BAK
2009-04-19 03:01:26 ----D---- C:\WINDOWS\WinSxS
2009-04-19 02:16:35 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-18 16:21:07 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-18 14:40:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-18 14:34:40 ----A---- C:\WINDOWS\setuplog.txt
2009-04-18 14:33:56 ----D---- C:\WINDOWS\AppPatch
2009-04-18 14:33:55 ----D---- C:\WINDOWS\system32\Setup
2009-04-18 14:33:54 ----D---- C:\WINDOWS\system32\wbem
2009-04-18 14:33:52 ----RSD---- C:\WINDOWS\Fonts
2009-04-18 13:51:49 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
2009-04-18 13:32:09 ----D---- C:\WINDOWS\security
2009-04-18 13:28:07 ----D---- C:\Program Files\Messenger
2009-04-18 13:10:51 ----D---- C:\WINDOWS\ime
2009-04-18 13:10:48 ----D---- C:\WINDOWS\Help
2009-04-18 13:10:13 ----D---- C:\WINDOWS\system32\usmt
2009-04-18 13:10:13 ----D---- C:\WINDOWS\system32\en-US
2009-04-18 13:10:08 ----D---- C:\WINDOWS\PeerNet
2009-04-18 13:10:08 ----D---- C:\Program Files\Movie Maker
2009-04-18 13:04:56 ----D---- C:\WINDOWS\system32\Restore
2009-04-18 13:04:56 ----D---- C:\WINDOWS\system32\npp
2009-04-18 13:04:51 ----D---- C:\WINDOWS\msagent
2009-04-18 13:04:48 ----D---- C:\WINDOWS\srchasst
2009-04-18 13:04:46 ----D---- C:\Program Files\NetMeeting
2009-04-18 13:04:43 ----D---- C:\WINDOWS\system32\Com
2009-04-18 13:04:38 ----D---- C:\Program Files\Windows Media Player
2009-04-18 13:04:37 ----D---- C:\Program Files\Windows NT
2009-04-18 13:04:37 ----D---- C:\Program Files\Outlook Express
2009-04-18 13:04:31 ----D---- C:\Program Files\Common Files\System
2009-04-18 13:04:00 ----D---- C:\WINDOWS\system32\oobe
2009-04-18 13:03:51 ----D---- C:\WINDOWS\system
2009-04-18 12:53:13 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-18 08:07:28 ----D---- C:\Program Files\Google
2009-04-17 03:13:05 ----D---- C:\Program Files\McAfee
2009-04-17 03:04:15 ----D---- C:\Program Files\Internet Explorer
2009-04-12 17:24:50 ----D---- C:\WINDOWS\system32\DirectX
2009-04-10 16:27:49 ----D---- C:\WINDOWS\Microsoft.NET
2009-04-10 16:26:35 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-10 14:54:44 ----D---- C:\Program Files\WildTangent
2009-04-10 14:48:21 ----D---- C:\Program Files\MUSICMATCH
2009-04-09 16:30:07 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-06 09:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-02 20:20:15 ----SHD---- C:\RECYCLER
2009-03-31 16:23:22 ----D---- C:\WINDOWS\system32\LogFiles
2009-03-29 19:22:30 ----D---- C:\Program Files\AIM6
2009-03-23 15:49:06 ----D---- C:\Program Files\Microsoft Games
2009-03-21 09:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-18 07:19:09 ----D---- C:\Program Files\Common Files
2009-03-18 07:19:01 ----D---- C:\Program Files\Common Files\Real
2009-03-18 07:18:51 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-03-18 07:18:31 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-03-18 07:18:31 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-03-18 07:18:28 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-03-18 07:18:28 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-03-12 21:35:26 ----D---- C:\WINDOWS\system32\FxsTmp
2009-03-11 21:02:34 ----D---- C:\Program Files\LimeWire
2009-03-06 09:22:18 ----A---- C:\WINDOWS\system32\pdh.dll
2009-03-02 19:18:25 ----A---- C:\WINDOWS\system32\wininet.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\url.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\occache.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\mstime.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\msrating.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-02-20 13:09:37 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-02-20 13:09:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-02-20 13:09:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-02-20 13:09:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-02-20 13:09:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-02-20 13:09:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\icardie.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-02-20 13:09:35 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-02-20 13:09:35 ----A---- C:\WINDOWS\system32\advpack.dll
2009-02-20 05:20:49 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-02-20 05:20:49 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-02-20 00:14:12 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-02-09 07:10:49 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-02-09 07:10:48 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-02-09 07:10:48 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-02-09 07:10:48 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-02-07 19:02:58 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-02-06 13:22:14 ----D---- C:\Documents and Settings\user\Application Data\Adobe
2009-02-06 12:35:56 ----A---- C:\WINDOWS\system32\LegitCheckControl.DLL
2009-02-06 06:11:05 ----A---- C:\WINDOWS\system32\services.exe
2009-02-06 06:08:19 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-02-06 05:39:08 ----A---- C:\WINDOWS\system32\sc.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]
R1 sdcplh;sdcplh; C:\WINDOWS\System32\drivers\sdcplh.sys [2005-09-20 40576]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-05 830684]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 04b3b6e8-e017-4697-aa32-956f5d894ce9;04b3b6e8-e017-4697-aa32-956f5d894ce9; \??\E:\CDS300\cds300.dll []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2003-07-29 16509]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-17 182768]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#7 rlgosselin

rlgosselin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 05 May 2009 - 07:13 PM

info.txt logfile of random's system information tool 1.06 2009-05-03 11:11:12

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Media Player-->MsiExec.exe /X{9455959E-D588-EFAE-329C-F66CC797F32A}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Beauty Factory (1.0)-->"C:\Program Files\City Interactive\Beauty Factory EN\unins000.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Corel Photo Album 6-->MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
EarthLink setup files-->MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EclipseCrossword-->MsiExec.exe /I{C61177FD-37C4-4C5F-BE6C-E04A8AC399B6}
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
FATE Undiscovered Realms-->"C:\Program Files\WildGames\FATE Undiscovered Realms\Uninstall.exe"
getPlus® for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Standard 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=11
Microsoft Encarta Encyclopedia Standard 2006-->MsiExec.exe /I{06040048-3E21-46D6-9A91-D927BA08F41D}
Microsoft Halo Trial-->"C:\Program Files\Microsoft Games\Halo Trial\UNINSTAL.EXE" /runtemp /addremove
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Streets & Trips 2006-->MsiExec.exe /I{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works Suite 2006 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP E:\
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Palm Desktop-->MsiExec.exe /X{D30F886A-8CFB-4515-AFEC-A34C3E7D2CA8}
Paws and Claws Pampered Pets-->"C:\Program Files\InstallShield Installation Information\{F60DEDB8-474D-42CB-AC64-9040B8EE3DF0}\Setup.exe" -runfromtemp -l0x0009 -removeonly
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Search Assist-->MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sibelius Scorch (ActiveX Only)-->MsiExec.exe /I{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}
Snappyads Games Collection-->C:\Program Files\Snappyads Games Collection\uninstall.exe
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: D7DS1PB1
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
IntelIde

Record Number: 571683
Source Name: Service Control Manager
Time Written: 20090503105431.000000-300
Event Type: error
User:

Computer Name: D7DS1PB1
Event Code: 1
Message: The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

Record Number: 571681
Source Name: sr
Time Written: 20090503105349.000000-300
Event Type: error
User:

Computer Name: D7DS1PB1
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 571671
Source Name: W32Time
Time Written: 20090502214947.000000-300
Event Type: warning
User:

Computer Name: D7DS1PB1
Event Code: 10010
Message: The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register with DCOM within the required timeout.

Record Number: 571670
Source Name: DCOM
Time Written: 20090502155751.000000-300
Event Type: error
User: D7DS1PB1\Abigail

Computer Name: D7DS1PB1
Event Code: 10001
Message: Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /.
The error:
"%233"
Happened while starting this command:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding

Record Number: 571655
Source Name: DCOM
Time Written: 20090502155645.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: D7DS1PB1
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 920
Source Name: Microsoft Fax
Time Written: 20090329141956.000000-300
Event Type: warning
User:

Computer Name: D7DS1PB1
Event Code: 1001
Message: Fault bucket 1110235319.

Record Number: 914
Source Name: Application Hang
Time Written: 20090327200256.000000-300
Event Type: error
User:

Computer Name: D7DS1PB1
Event Code: 1001
Message: Fault bucket 1110235319.

Record Number: 913
Source Name: Application Hang
Time Written: 20090327200253.000000-300
Event Type: error
User:

Computer Name: D7DS1PB1
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16791, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 912
Source Name: Application Hang
Time Written: 20090327200248.000000-300
Event Type: error
User:

Computer Name: D7DS1PB1
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16791, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 911
Source Name: Application Hang
Time Written: 20090327200246.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

#8 rlgosselin

rlgosselin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 05 May 2009 - 07:16 PM

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-03 19:50:47
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB18954EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB1895581]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB1895498]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB18954AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB1895595]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB18955C1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB189562F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB1895619]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB189552A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB189565B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB189556D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB1895470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB1895484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB18954FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB1895697]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB1895603]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB18955ED]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB18955AB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB1895683]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB189566F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB18954D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB18954C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB18955D7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB1895559]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB1895645]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB1895540]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB1895514]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP B1895518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D59 5 Bytes JMP B1895571 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F2 7 Bytes JMP B18955F1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CDC0 5 Bytes JMP B18954EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DC01 5 Bytes JMP B18954C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057065D 5 Bytes JMP B1895585 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570A6D 7 Bytes JMP B189569B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 7 Bytes JMP B1895633 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805717C7 5 Bytes JMP B1895474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571CB1 7 Bytes JMP B1895502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80572889 7 Bytes JMP B18955DB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805736E6 5 Bytes JMP B1895544 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573B61 7 Bytes JMP B189552E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC6C 7 Bytes JMP B18954B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805822EC 5 Bytes JMP B189555D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058A1C9 5 Bytes JMP B1895488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058A699 5 Bytes JMP B189565F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590677 7 Bytes JMP B189561D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D5C 7 Bytes JMP B18955C5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805952CA 7 Bytes JMP B1895599 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B136A 5 Bytes JMP B189549C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DD17 5 Bytes JMP B18954DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064D9DA 7 Bytes JMP B1895649 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E300 7 Bytes JMP B1895607 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E77C 7 Bytes JMP B18955AF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064EC71 5 Bytes JMP B1895673 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F0DC 5 Bytes JMP B1895687 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? mlnwycr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CF0000
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CF0F79
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CF006E
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CF0F94
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CF0FA5
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CF0FB6
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CF0F57
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CF0093
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CF0F1A
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CF0F2B
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CF00C4
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CF0047
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CF001B
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CF0F68
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CF0FD1
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CF002C
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CF0F46
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CE0FC0
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CE0051
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CE0011
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CE0F94
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CE002C
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CE0FAF
.text C:\WINDOWS\system32\svchost.exe[200] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CD0F92
.text C:\WINDOWS\system32\svchost.exe[200] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CD0FAD
.text C:\WINDOWS\system32\svchost.exe[200] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CD0FD2
.text C:\WINDOWS\system32\svchost.exe[200] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\svchost.exe[200] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CD001D
.text C:\WINDOWS\system32\svchost.exe[200] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CD000C
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010A000A
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010A0F7C
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 010A0071
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010A0F8D
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 010A004A
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 010A0FC3
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010A009D
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010A008C
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010A00C2
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010A0F29
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010A00D3
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 010A0FA8
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 010A0FEF
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 010A0F61
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 010A002F
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 010A0FDE
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010A0F3A
.text C:\WINDOWS\system32\services.exe[684] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DB0FC3
.text C:\WINDOWS\system32\services.exe[684] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DB004A
.text C:\WINDOWS\system32\services.exe[684] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DB0014
.text C:\WINDOWS\system32\services.exe[684] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DB0FDE
.text C:\WINDOWS\system32\services.exe[684] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DB0F8D
.text C:\WINDOWS\system32\services.exe[684] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\services.exe[684] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DB0039
.text C:\WINDOWS\system32\services.exe[684] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DB0FA8
.text C:\WINDOWS\system32\services.exe[684] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DA0038
.text C:\WINDOWS\system32\services.exe[684] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DA0027
.text C:\WINDOWS\system32\services.exe[684] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DA0FC8
.text C:\WINDOWS\system32\services.exe[684] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\services.exe[684] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DA0FB7
.text C:\WINDOWS\system32\services.exe[684] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DA000C
.text C:\WINDOWS\system32\services.exe[684] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D90000
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00ED0FEF
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00ED0098
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00ED007D
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00ED0FA5
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00ED0062
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ED0040
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00ED00C4
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00ED00B3
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00ED0F49
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00ED0F5A
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00ED00FD
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00ED0051
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00ED000A
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00ED0F88
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00ED0FD4
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00ED001B
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00ED0F6B
.text C:\WINDOWS\system32\lsass.exe[696] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EC0FD4
.text C:\WINDOWS\system32\lsass.exe[696] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EC0FA8
.text C:\WINDOWS\system32\lsass.exe[696] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EC001B
.text C:\WINDOWS\system32\lsass.exe[696] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EC0FE5
.text C:\WINDOWS\system32\lsass.exe[696] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EC0FC3
.text C:\WINDOWS\system32\lsass.exe[696] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EC000A
.text C:\WINDOWS\system32\lsass.exe[696] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EC0065
.text C:\WINDOWS\system32\lsass.exe[696] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EC0040
.text C:\WINDOWS\system32\lsass.exe[696] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EB0F97
.text C:\WINDOWS\system32\lsass.exe[696] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EB0FA8
.text C:\WINDOWS\system32\lsass.exe[696] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EB0018
.text C:\WINDOWS\system32\lsass.exe[696] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EB0FEF
.text C:\WINDOWS\system32\lsass.exe[696] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EB0FC3
.text C:\WINDOWS\system32\lsass.exe[696] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EB0FDE
.text C:\WINDOWS\system32\lsass.exe[696] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D40000
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D40087
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D40076
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D40FA8
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D40FB9
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D4004A
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D400B5
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D40F6D
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D40F26
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D40F41
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D40F0B
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D4005B
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D4001B
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D40098
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D40FDE
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D40FEF
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D40F52
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D30FD1
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D30F80
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D3002C
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D3001B
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D3003D
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D3000A
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D30F9B
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F3, 88]
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D30FB6
.text C:\WINDOWS\system32\svchost.exe[872] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D20F95
.text C:\WINDOWS\system32\svchost.exe[872] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D20FA6
.text C:\WINDOWS\system32\svchost.exe[872] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D20FC8
.text C:\WINDOWS\system32\svchost.exe[872] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D20FEF
.text C:\WINDOWS\system32\svchost.exe[872] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D20FB7
.text C:\WINDOWS\system32\svchost.exe[872] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D2000C
.text C:\WINDOWS\system32\svchost.exe[872] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D1000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C60000
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C60094
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C60F9F
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C60FB0
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C60079
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C60043
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C60F67
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C600AF
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C60F3B
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C60F4C
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C600EF
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C60054
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C60FEF
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C60F8E
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C60FCD
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C60FDE
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C600CA
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C50FB9
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C50047
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C5000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C50FD4
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C50036
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C50FEF
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C50F94
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E5, 88] {IN EAX, 0x88}
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C50025
.text C:\WINDOWS\system32\svchost.exe[936] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C40020
.text C:\WINDOWS\system32\svchost.exe[936] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C40F9F
.text C:\WINDOWS\system32\svchost.exe[936] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C40FC1
.text C:\WINDOWS\system32\svchost.exe[936] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\svchost.exe[936] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C40FB0
.text C:\WINDOWS\system32\svchost.exe[936] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C40FD2
.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02BA0FEF
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02BA0076
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02BA005B
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02BA0F8D
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02BA0F9E
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02BA0FB9
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02BA0F3F
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02BA0F50
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02BA0F24
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02BA00BD
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02BA0F09
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02BA0040
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02BA0FD4
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02BA0087
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02BA001B
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02BA000A
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02BA00A2
.text C:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02B80FD4
.text C:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02B80076
.text C:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02B80025
.text C:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02B80FEF
.text C:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02B80FB9
.text C:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02B8000A
.text C:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02B8005B
.text C:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02B8004A
.text C:\WINDOWS\System32\svchost.exe[1036] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02B70FA8
.text C:\WINDOWS\System32\svchost.exe[1036] msvcrt.dll!system 77C293C7 5 Bytes JMP 02B70FB9
.text C:\WINDOWS\System32\svchost.exe[1036] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02B70FDE
.text C:\WINDOWS\System32\svchost.exe[1036] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02B70FEF
.text C:\WINDOWS\System32\svchost.exe[1036] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02B70033
.text C:\WINDOWS\System32\svchost.exe[1036] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02B7000C
.text C:\WINDOWS\System32\svchost.exe[1036] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02780FE5
.text C:\WINDOWS\System32\svchost.exe[1036] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02B90FE5
.text C:\WINDOWS\System32\svchost.exe[1036] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 02B90FD4
.text C:\WINDOWS\System32\svchost.exe[1036] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 02B90FC3
.text C:\WINDOWS\System32\svchost.exe[1036] WININET.dll!InternetOpenUrlW 780BAF69 5 Bytes JMP 02B90FB2
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00780FEF
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0078007F
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00780F94
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00780062
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00780047
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00780036
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007800C8
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007800AB
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00780F51
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007800EA
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00780105
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00780FAF
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0078000A
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0078009A
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00780FCA
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0078001B
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007800D9
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00770036
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00770F9E
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00770011
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00770000
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00770FAF
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00770FE5
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00770051
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00770FCA
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00760FCA
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!system 77C293C7 5 Bytes JMP 00760055
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00760029
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00760FEF
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00760044
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00760018
.text C:\WINDOWS\system32\svchost.exe[1084] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AD009D
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AD008C
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD0065
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AD0FA8
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AD002F
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AD00AE
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD0F66
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD0F1F
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD0F30
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AD00D3
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AD004A
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AD0FE5
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AD0F83
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AD0FC3
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AD0FD4
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AD0F4B
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AC0FCA
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AC005B
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AC0FDB
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AC0011
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AC004A
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AC0000
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00AC0FA8
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CC, 88]
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AC0FB9
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AB0FC3
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AB004E
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AB0FDE
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AB0000
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AB0029
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C000A
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0F59
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0058
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0047
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0F8A
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0FB6
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA007F
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0F37
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA00A4
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA0F0B
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA0EFA
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0FA5
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0011
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0F48
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0022
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0FD1
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA0F1C
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00650011
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00650F54
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00650FCA
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00650F6F
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00650F8A
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [85, 88]
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00650F9B
.text C:\WINDOWS\system32\svchost.exe[1512] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00640F97
.text C:\WINDOWS\system32\svchost.exe[1512] msvcrt.dll!system 77C293C7 5 Bytes JMP 00640FB2
.text C:\WINDOWS\system32\svchost.exe[1512] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00640FCD
.text C:\WINDOWS\system32\svchost.exe[1512] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1512] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00640022
.text C:\WINDOWS\system32\svchost.exe[1512] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00640FDE
.text C:\WINDOWS\system32\svchost.exe[1512] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00660000
.text C:\WINDOWS\system32\svchost.exe[1512] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00660011
.text C:\WINDOWS\system32\svchost.exe[1512] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00660FDB
.text C:\WINDOWS\system32\svchost.exe[1512] WININET.dll!InternetOpenUrlW 780BAF69 5 Bytes JMP 00660022
.text C:\WINDOWS\system32\svchost.exe[1512] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0063000A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1848] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1848] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[2224] MSVCRT.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A93C080 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[2224] MSVCRT.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[2224] MSVCRT.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A93C110 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[2224] MSVCRT.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A93BFE0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[2224] MSVCRT.dll!_aligned_free 77C29E33 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[2224] MSVCRT.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A93BFC0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[2224] MSVCRT.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A93C020 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[2224] MSVCRT.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A93C000 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[2224] MSVCRT.dll!_expand 77C29FE5 5 Bytes JMP 0A93BFA0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[2224] MSVCRT.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A93C160 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[2224] MSVCRT.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A93C170 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[2224] MSVCRT.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A93C191 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[2224] MSVCRT.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A93C260 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[2224] MSVCRT.dll!_heapused 77C2BE3A 5 Bytes JMP 0A93C230 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[2224] MSVCRT.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A93C1A0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[2224] MSVCRT.dll!_msize 77C2BF6C 5 Bytes JMP 0A93BEB0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[2224] MSVCRT.dll!calloc 77C2C0C3 5 Bytes JMP 0A93BE50 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[2224] MSVCRT.dll!free 77C2C21B 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[2224] MSVCRT.dll!malloc 77C2C407 5 Bytes JMP 0A93BE10 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[2224] MSVCRT.dll!realloc 77C2C437 5 Bytes JMP 0A93BE90 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\WINDOWS\Explorer.EXE[2232] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EF0FEF
.text C:\WINDOWS\Explorer.EXE[2232] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EF0064
.text C:\WINDOWS\Explorer.EXE[2232] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EF0049
.text C:\WINDOWS\Explorer.EXE[2232] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EF0038
.text C:\WINDOWS\Explorer.EXE[2232] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EF0F6F
.text C:\WINDOWS\Explorer.EXE[2232] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EF0F94
.text C:\WINDOWS\Explorer.EXE[2232] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EF0F43
.text C:\WINDOWS\Explorer.EXE[2232] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EF007F
.text C:\WINDOWS\Explorer.EXE[2232] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EF00CB
.text C:\WINDOWS\Explorer.EXE[2232] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EF0F32
.text C:\WINDOWS\Explorer.EXE[2232] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EF00E6
.text C:\WINDOWS\Explorer.EXE[2232] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EF001B
.text C:\WINDOWS\Explorer.EXE[2232] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EF0FD4
.text C:\WINDOWS\Explorer.EXE[2232] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EF0F54
.text C:\WINDOWS\Explorer.EXE[2232] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EF0FB9
.text C:\WINDOWS\Explorer.EXE[2232] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EF000A
.text C:\WINDOWS\Explorer.EXE[2232] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EF00A6
.text C:\WINDOWS\Explorer.EXE[2232] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00ED0FC3
.text C:\WINDOWS\Explorer.EXE[2232] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00ED0F94
.text C:\WINDOWS\Explorer.EXE[2232] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00ED0FDE
.text C:\WINDOWS\Explorer.EXE[2232] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00ED000A
.text C:\WINDOWS\Explorer.EXE[2232] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00ED0051
.text C:\WINDOWS\Explorer.EXE[2232] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00ED0FEF
.text C:\WINDOWS\Explorer.EXE[2232] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00ED0040
.text C:\WINDOWS\Explorer.EXE[2232] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00ED002F
.text C:\WINDOWS\Explorer.EXE[2232] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EC0066
.text C:\WINDOWS\Explorer.EXE[2232] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EC004B
.text C:\WINDOWS\Explorer.EXE[2232] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EC0029
.text C:\WINDOWS\Explorer.EXE[2232] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EC000C
.text C:\WINDOWS\Explorer.EXE[2232] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EC003A
.text C:\WINDOWS\Explorer.EXE[2232] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EC0FEF
.text C:\WINDOWS\Explorer.EXE[2232] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00EE0FEF
.text C:\WINDOWS\Explorer.EXE[2232] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00EE0000
.text C:\WINDOWS\Explorer.EXE[2232] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00EE001B
.text C:\WINDOWS\Explorer.EXE[2232] WININET.dll!InternetOpenUrlW 780BAF69 5 Bytes JMP 00EE0FCA
.text C:\WINDOWS\Explorer.EXE[2232] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01A00FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00250FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00250F3C
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0025003B
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00250F61
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00250F7C
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00250FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00250F0B
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0025005D
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00250EF0
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0025007F
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002500A4
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00250F97
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00250FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0025004C
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00250014
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00250FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0025006E
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00340FBC
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00340F9A
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00340FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00340FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00340057
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00340FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00340FAB
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [54, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00340028
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00350049
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] msvcrt.dll!system 77C293C7 5 Bytes JMP 00350038
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00350FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00350000
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00350FC8
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0035001D
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01DA0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01DA0000
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01DA001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] WININET.dll!InternetOpenUrlW 780BAF69 5 Bytes JMP 01DA002C
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] ws2_32.dll!socket 71AB4211 5 Bytes JMP 026A0FEF

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sdcplh.sys
Device \Driver\atapi \Device\Ide\IdePort0 sdcplh.sys
Device \Driver\atapi \Device\Ide\IdePort1 sdcplh.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sdcplh.sys

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 06 May 2009 - 11:37 AM

Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    04b3b6e8-e017-4697-aa32-956f5d894ce9
    
    :files
    E:\CDS300
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Run RSIT again.. Post me these logs in your next reply..

1. OTMoveIt3
2. ESET Online
3. RSIT log.txt
4. How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 rlgosselin

rlgosselin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 07 May 2009 - 06:49 PM

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver 04b3b6e8-e017-4697-aa32-956f5d894ce9 deleted successfully.
========== FILES ==========
File/Folder E:\CDS300 not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF76E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF92FE.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\YXC6MMOK\abui_ext[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\YXC6MMOK\blank[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\YXC6MMOK\combo[1].css scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\YXC6MMOK\folders[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\YXC6MMOK\forums[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\YXC6MMOK\search[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\YXC6MMOK\yui_ext[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\WNO5M2HZ\a_200904171107[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\WNO5M2HZ\combo[1].css scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\WNO5M2HZ\compose[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\WNO5M2HZ\favicon[4].ico scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\WNO5M2HZ\openmail_idle[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\WNO5M2HZ\y_cues[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\VA6Y5LSL\abui2[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\VA6Y5LSL\combo[1].css scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\VA6Y5LSL\fileshare_ui[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\VA6Y5LSL\ngsprt_20090306[1].png scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\VA6Y5LSL\recoverymode_ext[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\VA6Y5LSL\yui_container[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\UEHLUMRK\abui[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\UEHLUMRK\combo[1].css scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\UEHLUMRK\extnav[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\UEHLUMRK\recoverymode[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\UEHLUMRK\shxu_200903121103[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\UEHLUMRK\yui_calendar[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\THZE3VDW\ab[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\THZE3VDW\combo[1].css scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\THZE3VDW\compose_ext[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\THZE3VDW\favicon[1].ico scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\THZE3VDW\print[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\THZE3VDW\topbuttons[1].xml scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\THZE3VDW\y_msgr_ext[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\RVTXTX8C\calstrip[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\RVTXTX8C\combo[1].css scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\RVTXTX8C\im_dialog[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\RVTXTX8C\st[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\RVTXTX8C\st[3] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\RVTXTX8C\test[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\PS2SH7K6\blank[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\PS2SH7K6\bulk[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\PS2SH7K6\combo[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\PS2SH7K6\combo[1].css scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\PS2SH7K6\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\PS2SH7K6\im[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\PS2SH7K6\stationery_startup[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\PS2SH7K6\st[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\PS2SH7K6\topic222258[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\ONI5H0H5\calstrip_ext[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\ONI5H0H5\combo[1].css scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\ONI5H0H5\menu[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\ONI5H0H5\toast[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\ONI5H0H5\topbuttons[1].xml scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\J9GH1VFT\ab_dialog[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\J9GH1VFT\combo[1].css scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\J9GH1VFT\dialog[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\J9GH1VFT\main[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\J9GH1VFT\ramjet[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\J9GH1VFT\st[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\J9GH1VFT\topbuttons[1].xml scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\J9GH1VFT\y_ulm[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\FB9Y6HBD\4b6f28a5e1f87c245354f81022a3ee90_1[1].gif scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\FB9Y6HBD\combo[1].css scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\FB9Y6HBD\compose_dialog[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\FB9Y6HBD\options[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\FB9Y6HBD\y_maps[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\EDDSO91G\calrichmedia[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\EDDSO91G\combo[1].css scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\EDDSO91G\combo[2].css scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\EDDSO91G\fc[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\EDDSO91G\im_chat[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\EDDSO91G\tableview_ext[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\EDDSO91G\topbuttons[1].xml scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\6DX3SX7O\calstripedit[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\6DX3SX7O\combo[1].css scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\6DX3SX7O\fc[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\6DX3SX7O\fc[3].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\6DX3SX7O\openapi[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\6DX3SX7O\td[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\6DX3SX7O\topic222258[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\6DX3SX7O\ypc[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\3CGX2246\attachdownload[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\3CGX2246\combo[1].css scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\3CGX2246\home[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\3CGX2246\pimstrip_21[1].png scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\3CGX2246\stationery[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\3CGX2246\topbuttons[1].xml scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2JO2VLAV\adopt[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2JO2VLAV\calstrip_hover[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2JO2VLAV\combo[1].css scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2JO2VLAV\favicon[1].ico scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2JO2VLAV\iframe3.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2JO2VLAV\offline_mode[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2JO2VLAV\turing[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\21BZVMDL\calstripmini[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\21BZVMDL\combo[1].css scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\21BZVMDL\openmail[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\21BZVMDL\shaxm_200904081447[1].css scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\21BZVMDL\weather[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\21BZVMDL\_;ord=1241567175279627[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\19K063QW\83120bb34dc8db5a0f5dc9ec473092e3_1[1].css scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\19K063QW\acctswitcher[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\19K063QW\combo[1].css scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\19K063QW\helpbubbles[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\19K063QW\launch[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\19K063QW\sendsave[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\19K063QW\strings[1].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\19K063QW\yahoo_com[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcmsc_71G5e2WqHjEc5zR scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_cTRnYkjqQybibMc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_13b8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_b3Rnj4NiWgFq8Ff scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_ucfljsNuvXFbYST scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_vMFCHBqbozGbrXK scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05072009_183350

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 07 May 2009 - 11:47 PM

waiting for Eset Online..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 rlgosselin

rlgosselin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 09 May 2009 - 01:59 PM

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=4062 (20090508)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=6b9c0e4950922348924ee90e05d5d3ef
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-05-08 02:04:10
# local_time=2009-05-08 09:04:10 (-0600, Central Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=267429
# found=0
# scan_time=7268

#13 rlgosselin

rlgosselin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 09 May 2009 - 02:03 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2009-05-09 14:01:49
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 14 GB (25%) free of 54 GB
Total RAM: 2046 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:05 PM, on 5/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Documents and Settings\user\Desktop\RSIT.exe
C:\Program Files\trend micro\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://roadrunner.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-81613010-972409924-2994330223-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Lala')
O4 - HKUS\S-1-5-21-81613010-972409924-2994330223-1007\..\Run: [Aim6] (User 'Lala')
O4 - HKUS\S-1-5-21-81613010-972409924-2994330223-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Lala')
O4 - HKUS\S-1-5-21-81613010-972409924-2994330223-1008\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Mom')
O4 - HKUS\S-1-5-21-81613010-972409924-2994330223-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Nicholas')
O4 - S-1-5-21-81613010-972409924-2994330223-1007 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Lala')
O4 - S-1-5-21-81613010-972409924-2994330223-1007 User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Lala')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...588/mcfscan.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11521 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\backup.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-03-18 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-03-25 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-16 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-17 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-16 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-07-26 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-16 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-04-05 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-05 77824]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-04-05 114688]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
""= []
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-07-12 1117184]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-01-08 645328]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-03-18 198160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-14 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\user\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-05 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Disabled:AIM"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Disabled:McAfee Network Agent"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Nicholas\My Documents\BitDownload\BitDownload.exe"="C:\Documents and Settings\Nicholas\My Documents\BitDownload\BitDownload.exe:*:Disabled:Warez3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{395cf9c0-0e7c-11de-8904-001676936fa2}]
shell\AutoRun\command - H:\LaunchU3.exe -a


======List of files/folders created in the last 3 months======

2009-05-08 06:54:22 ----D---- C:\WINDOWS\LastGood
2009-05-07 18:52:29 ----D---- C:\Program Files\EsetOnlineScanner
2009-05-07 18:30:01 ----D---- C:\_OTMoveIt
2009-05-03 11:10:28 ----D---- C:\Program Files\trend micro
2009-05-03 11:10:27 ----D---- C:\rsit
2009-05-02 13:41:12 ----D---- C:\Documents and Settings\user\Application Data\Malwarebytes
2009-05-02 13:40:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-02 13:40:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-02 13:32:46 ----D---- C:\WINDOWS\ERDNT
2009-05-02 13:30:26 ----D---- C:\Program Files\ERUNT
2009-04-21 20:37:45 ----D---- C:\WINDOWS\system32\NtmsData
2009-04-19 03:01:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-04-19 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-04-19 03:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-04-18 16:20:49 ----D---- C:\WINDOWS\McAfee.com
2009-04-18 14:34:31 ----D---- C:\WINDOWS\Prefetch
2009-04-18 13:41:45 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-04-18 13:41:12 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-18 13:40:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-18 13:40:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-04-18 13:39:37 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-18 13:39:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-18 13:38:48 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-04-18 13:38:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-04-18 13:37:47 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-04-18 13:37:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-04-18 13:36:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-04-18 13:36:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-04-18 13:35:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-04-18 13:34:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-18 13:33:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-04-18 13:32:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-04-18 13:32:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-04-18 13:31:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-04-18 13:31:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-04-18 13:30:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-18 13:30:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-04-18 13:29:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-04-18 13:29:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-04-18 13:29:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-04-18 13:28:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-04-18 13:28:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-04-18 13:28:04 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-04-18 13:27:48 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-04-18 13:27:22 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-18 13:10:11 ----D---- C:\WINDOWS\system32\scripting
2009-04-18 13:10:10 ----D---- C:\WINDOWS\l2schemas
2009-04-18 13:10:09 ----D---- C:\WINDOWS\system32\en
2009-04-18 13:10:08 ----D---- C:\WINDOWS\system32\bits
2009-04-18 13:05:05 ----D---- C:\WINDOWS\ServicePackFiles
2009-04-18 13:00:14 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2009-04-18 13:00:13 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2009-04-18 13:00:12 ----A---- C:\WINDOWS\system32\msir3jp.dll
2009-04-18 13:00:12 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2009-04-18 12:59:36 ----A---- C:\WINDOWS\system32\c_g18030.dll
2009-04-18 12:59:35 ----A---- C:\WINDOWS\system32\kbd101a.dll
2009-04-18 12:59:19 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2009-04-18 12:59:19 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2009-04-18 12:59:19 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2009-04-18 12:59:19 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2009-04-18 12:59:18 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2009-04-18 12:59:18 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2009-04-18 12:59:18 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2009-04-18 12:59:17 ----A---- C:\WINDOWS\system32\kbdax2.dll
2009-04-18 12:59:17 ----A---- C:\WINDOWS\system32\kbd106n.dll
2009-04-18 12:59:17 ----A---- C:\WINDOWS\system32\kbd101.dll
2009-04-18 12:58:21 ----A---- C:\WINDOWS\system32\c_is2022.dll
2009-04-18 12:58:13 ----A---- C:\WINDOWS\system32\uniime.dll
2009-04-18 12:57:58 ----A---- C:\WINDOWS\system32\imjp81k.dll
2009-04-18 12:57:54 ----A---- C:\WINDOWS\system32\kbdkor.dll
2009-04-18 12:57:54 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2009-04-18 12:57:54 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-04-18 12:57:54 ----A---- C:\WINDOWS\system32\kbd103.dll
2009-04-18 12:57:54 ----A---- C:\WINDOWS\system32\kbd101c.dll
2009-04-18 12:57:31 ----A---- C:\WINDOWS\system32\kbd101b.dll
2009-04-18 12:56:43 ----D---- C:\WINDOWS\network diagnostic
2009-04-18 12:45:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-04-18 12:45:13 ----D---- C:\WINDOWS\EHome
2009-04-18 12:32:14 ----D---- C:\Documents and Settings\user\Application Data\Google
2009-04-17 03:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-04-17 03:04:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961373_0$
2009-04-17 03:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-04-17 03:01:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-04-17 03:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-04-17 03:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-04-17 00:21:00 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-12 17:20:22 ----D---- C:\Program Files\City Interactive
2009-04-10 16:49:53 ----A---- C:\WINDOWS\system32\Nucleus.dll
2009-04-10 16:49:53 ----A---- C:\WINDOWS\system32\dxgi.dll
2009-04-10 16:49:51 ----A---- C:\WINDOWS\system32\d3dx10.dll
2009-04-10 16:49:51 ----A---- C:\WINDOWS\system32\d3d10.dll
2009-04-10 16:44:51 ----D---- C:\WINDOWS\Logs
2009-04-10 16:35:10 ----D---- C:\Program Files\Snappyads Games Collection
2009-04-10 16:28:28 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-04-10 16:28:27 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-04-10 16:28:27 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-04-10 16:28:26 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-04-10 16:28:26 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-04-10 16:28:25 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-04-10 16:28:25 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-04-10 16:28:24 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-04-10 16:28:23 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-04-10 16:28:23 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-04-10 16:28:23 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-04-10 16:28:23 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-04-10 16:28:22 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-04-10 16:28:22 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-04-10 16:28:21 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-04-10 16:28:17 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-04-10 16:28:17 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-04-10 16:28:05 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-04-10 16:28:05 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-04-10 16:28:04 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-04-10 16:28:03 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-04-10 16:28:03 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-04-10 16:28:03 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-04-10 16:28:02 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-04-10 16:28:01 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-04-10 16:28:01 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-04-10 16:28:00 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-04-10 16:28:00 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-04-10 16:27:59 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-04-10 16:27:45 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-04-10 16:27:44 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-04-10 16:27:44 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-04-10 16:27:43 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-04-10 16:27:43 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-04-10 16:27:42 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-04-10 16:27:41 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-04-10 16:27:40 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-04-10 16:27:40 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-04-10 16:27:37 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-04-10 16:26:42 ----D---- C:\Program Files\Best Buy Games
2009-04-10 16:16:29 ----D---- C:\Program Files\OpenAL
2009-04-10 16:16:28 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-04-10 16:16:28 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-04-10 14:56:23 ----D---- C:\Program Files\WildGames
2009-04-10 14:50:43 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-04-10 13:56:48 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-04-09 20:21:52 ----D---- C:\Documents and Settings\user\Application Data\Yahoo!
2009-04-09 16:31:32 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-04-09 16:30:12 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-04-09 16:30:10 ----D---- C:\Program Files\Yahoo!
2009-04-06 18:28:20 ----D---- C:\Documents and Settings\All Users\Application Data\Musicnotes
2009-03-31 16:23:42 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-03-31 16:23:25 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-03-31 16:19:31 ----D---- C:\WINDOWS\.jagex_cache_32
2009-03-23 05:17:10 ----D---- C:\Documents and Settings\user\Application Data\Real
2009-03-18 07:19:09 ----D---- C:\Program Files\Common Files\xing shared
2009-03-15 15:53:31 ----D---- C:\WINDOWS\system32\Adobe
2009-03-12 20:22:54 ----D---- C:\Program Files\EclipseCrossword
2009-03-11 03:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-03-11 03:01:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2009-03-11 03:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-05 21:16:45 ----D---- C:\Documents and Settings\user\Application Data\WinRAR
2009-02-26 04:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-02-25 08:38:41 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent
2009-02-12 04:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

======List of files/folders modified in the last 3 months======

2009-05-09 14:01:50 ----D---- C:\WINDOWS\Temp
2009-05-09 13:53:46 ----HD---- C:\Config.Msi
2009-05-09 03:01:06 ----HD---- C:\WINDOWS\inf
2009-05-09 03:01:05 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-09 03:01:05 ----D---- C:\WINDOWS\system32
2009-05-09 03:01:05 ----D---- C:\WINDOWS
2009-05-08 06:54:26 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-08 06:53:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-08 06:45:44 ----SHD---- C:\WINDOWS\Installer
2009-05-08 06:42:21 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-05-07 18:52:29 ----D---- C:\Program Files
2009-05-03 10:53:20 ----D---- C:\WINDOWS\system32\drivers
2009-05-03 10:52:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-25 03:11:48 ----D---- C:\WINDOWS\pchealth
2009-04-21 20:50:46 ----SD---- C:\WINDOWS\Tasks
2009-04-21 20:47:52 ----D---- C:\WINDOWS\repair
2009-04-21 20:47:33 ----D---- C:\WINDOWS\Registration
2009-04-20 07:05:58 ----A---- C:\WINDOWS\OEWABLog.txt
2009-04-19 03:01:40 ----D---- C:\WINDOWS\system32\dllcache
2009-04-19 03:01:28 ----A---- C:\WINDOWS\imsins.BAK
2009-04-19 03:01:26 ----D---- C:\WINDOWS\WinSxS
2009-04-19 02:16:35 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-18 14:40:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-18 14:34:40 ----A---- C:\WINDOWS\setuplog.txt
2009-04-18 14:33:56 ----D---- C:\WINDOWS\AppPatch
2009-04-18 14:33:55 ----D---- C:\WINDOWS\system32\Setup
2009-04-18 14:33:54 ----D---- C:\WINDOWS\system32\wbem
2009-04-18 14:33:52 ----RSD---- C:\WINDOWS\Fonts
2009-04-18 13:51:49 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
2009-04-18 13:32:09 ----D---- C:\WINDOWS\security
2009-04-18 13:28:07 ----D---- C:\Program Files\Messenger
2009-04-18 13:10:51 ----D---- C:\WINDOWS\ime
2009-04-18 13:10:48 ----D---- C:\WINDOWS\Help
2009-04-18 13:10:13 ----D---- C:\WINDOWS\system32\usmt
2009-04-18 13:10:13 ----D---- C:\WINDOWS\system32\en-US
2009-04-18 13:10:08 ----D---- C:\WINDOWS\PeerNet
2009-04-18 13:10:08 ----D---- C:\Program Files\Movie Maker
2009-04-18 13:04:56 ----D---- C:\WINDOWS\system32\Restore
2009-04-18 13:04:56 ----D---- C:\WINDOWS\system32\npp
2009-04-18 13:04:51 ----D---- C:\WINDOWS\msagent
2009-04-18 13:04:48 ----D---- C:\WINDOWS\srchasst
2009-04-18 13:04:46 ----D---- C:\Program Files\NetMeeting
2009-04-18 13:04:43 ----D---- C:\WINDOWS\system32\Com
2009-04-18 13:04:38 ----D---- C:\Program Files\Windows Media Player
2009-04-18 13:04:37 ----D---- C:\Program Files\Windows NT
2009-04-18 13:04:37 ----D---- C:\Program Files\Outlook Express
2009-04-18 13:04:31 ----D---- C:\Program Files\Common Files\System
2009-04-18 13:04:00 ----D---- C:\WINDOWS\system32\oobe
2009-04-18 13:03:51 ----D---- C:\WINDOWS\system
2009-04-18 12:53:13 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-18 08:07:28 ----D---- C:\Program Files\Google
2009-04-17 03:13:05 ----D---- C:\Program Files\McAfee
2009-04-17 03:04:15 ----D---- C:\Program Files\Internet Explorer
2009-04-12 17:24:50 ----D---- C:\WINDOWS\system32\DirectX
2009-04-10 16:27:49 ----D---- C:\WINDOWS\Microsoft.NET
2009-04-10 16:26:35 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-10 14:54:44 ----D---- C:\Program Files\WildTangent
2009-04-10 14:48:21 ----D---- C:\Program Files\MUSICMATCH
2009-04-09 16:30:07 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-06 09:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-02 20:20:15 ----SHD---- C:\RECYCLER
2009-03-31 16:23:22 ----D---- C:\WINDOWS\system32\LogFiles
2009-03-29 19:22:30 ----D---- C:\Program Files\AIM6
2009-03-23 15:49:06 ----D---- C:\Program Files\Microsoft Games
2009-03-21 09:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-18 07:19:09 ----D---- C:\Program Files\Common Files
2009-03-18 07:19:01 ----D---- C:\Program Files\Common Files\Real
2009-03-18 07:18:51 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-03-18 07:18:31 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-03-18 07:18:31 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-03-18 07:18:28 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-03-18 07:18:28 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-03-12 21:35:26 ----D---- C:\WINDOWS\system32\FxsTmp
2009-03-11 21:02:34 ----D---- C:\Program Files\LimeWire
2009-03-06 09:22:18 ----A---- C:\WINDOWS\system32\pdh.dll
2009-03-02 19:18:25 ----A---- C:\WINDOWS\system32\wininet.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\url.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\occache.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\mstime.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\msrating.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-02-20 13:09:37 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-02-20 13:09:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-02-20 13:09:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-02-20 13:09:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-02-20 13:09:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-02-20 13:09:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\icardie.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-02-20 13:09:35 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-02-20 13:09:35 ----A---- C:\WINDOWS\system32\advpack.dll
2009-02-20 05:20:49 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-02-20 05:20:49 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-02-20 00:14:12 ----A---- C:\WINDOWS\system32\ieakui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]
R1 sdcplh;sdcplh; C:\WINDOWS\System32\drivers\sdcplh.sys [2005-09-20 40576]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-05 830684]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2003-07-29 16509]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-17 182768]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 09 May 2009 - 02:37 PM

Looks good.. How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 rlgosselin

rlgosselin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 11 May 2009 - 06:46 PM

I think the malware's gone. Thanks. :thumbup2:

At the beginning I turned on the firewall. Should I leave it on? :)

Also, about the same time I started having the popup problem I also started having another problem. When I boot up I get a message that Microsort Word 2000 is trying to install but can't find the file. I cancel out and Word works fine but every time I reboot I get the same error.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users