Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan SPM/LX


  • This topic is locked This topic is locked
20 replies to this topic

#1 Erinkoiso

Erinkoiso

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 11 July 2009 - 11:47 PM

My son had some malware/virus on his computer - he ran several things and we thought we had it removed -
but it deleted exe files from my windows registry - I got that working - and here is my log -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:52 PM, on 7/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1161908616\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol toolbar\AolTbServer.exe
C:\PROGRA~1\AOL9~1.0\waol.exe
C:\PROGRA~1\AOL9~1.0\shellmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\msqdj.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\mszzp.exe
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AOL9~1.0\AOL.EXE" -b
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\system32\mswpdwq.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AOL Desktop.lnk = ?
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.6.0.6.cab
O16 - DPF: {3527C5BD-4A46-4362-94B6-12341D087A4B} - http://echospin.com/wizard/files/esWizard.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fb.familylink.com/we_are_related/st...geUploader5.cab
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-469942a7d30abf3e.spaces.live.co...ad/MsnPUpld.cab
O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://erinkoiso.myphotoalbum.com/ImageUploader4.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/pog...ameLauncher.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12692 bytes

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:47 PM

Posted 11 July 2009 - 11:51 PM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Next

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Then please post back here with the following:
  • MBAM log
  • Gmer log
  • OTListIt.txt
  • Extra.txt
Thanks

unite.jpg


#3 Erinkoiso

Erinkoiso
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 12 July 2009 - 08:49 AM

Syler -
Thank you for your help it is much appreciated....

I already had malware bytes - so I did the update -
here is the file log:

Malwarebytes' Anti-Malware 1.38
Database version: 2411
Windows 5.1.2600 Service Pack 2

7/12/2009 6:37:56 AM
mbam-log-2009-07-12 (06-37-56).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 232882
Time elapsed: 2 hour(s), 8 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 350

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcmstub (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\pcmstub (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\pcmstub (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcmstub (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\exec (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\.bat\(default) (Hijacked.BatFile) -> Bad: (csfile) Good: (batfile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.com\(default) (Hijacked.ComFile) -> Bad: (csfile) Good: (comfile) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\rp215\A0095111.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP215\A0095112.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP215\A0097117.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP215\A0098144.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP215\A0098145.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP215\A0098193.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP215\A0098211.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP216\A0098270.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP216\A0098271.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP216\A0098272.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP216\A0098273.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscjdc.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msencp.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfrwe.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqlftqw.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msujww.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswlji.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msymkm.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msprt.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspsk.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspsski.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msptco.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspth.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspuh.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspxe.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspxyoih.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspxyti.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqbmfon.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqdzxs.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqee.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqeud.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqhjybn.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqho.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqhvb.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqkkb.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\pcmstub.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msisrxoh.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msiuc.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msivso.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msixd.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjawr.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjeh.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjfay.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjgxri.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjibjim.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjickt.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjim.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjiozbc.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjiqou.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjoafus.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjosvxx.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjpfihn.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjpz.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjqk.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjri.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjrmhs.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjrtu.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjszyo.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msddsk.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdfzv.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdga.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdgfnp.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdgypet.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdhlm.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdho.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdqrut.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\tpsaxyd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgsxhg.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgupnv.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msguurf.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgxho.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgxlmb.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshczqn.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshfu.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshkbnm.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshkk.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshko.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshlfzmn.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshll.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshlyiw.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshmnroj.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshnbgeq.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshoow.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshrq.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msalrsw.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msbgr.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscdxsv.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msceu.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscgbr.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mschbpnn.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msciiis.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msvitkt.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msvlpcgn.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msvowei.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msvpew.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msvqeef.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msvqywb.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msvregf.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msvszcvq.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msvtc.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msvutj.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswbahv.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswbk.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msweqwgf.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswfif.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswfxopy.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswgfs.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswhej.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msted.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstfpu.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msthn.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msthwyv.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstjdfgy.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstjiwe.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstjkm.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstkq.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstpdz.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msttlws.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msttwds.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstwv.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstysr.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstyv.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstzbj.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstzw.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msuaein.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msuai.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msuaqhm.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msubggl.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msuco.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msucqo.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msucswn.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msujay.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msltxw.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msluss.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msluxy.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslwglia.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslwil.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslyo.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmfbfw.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmfr.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmhxqnu.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmif.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmkmcp.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmlkw.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmvj.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmxmz.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmyz.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmzsnxm.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msngm.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnrwqas.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnsnps.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnvaf.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnxhhwj.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnxsqjg.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnxtz.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnzdfv.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msoalqxq.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msodurtw.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msoegw.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mseoyi.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mseqsg.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msevab.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msevkmp.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msewyvn.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfck.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfht.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msflq.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msflu.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfrusbv.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrdktu.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrdrqti.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrealu.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrgf.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrgugy.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrhyif.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msroi.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrquvyg.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrtah.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrwdnw.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrwmt.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrxcofe.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msryny.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssaesu.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxnzv.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxoah.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxoz.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxpbuow.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxuvt.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxvlez.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxwxpxe.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyahbj.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyarha.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msydsn.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msykxoan.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msutclu.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msuuw.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msuye.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msvco.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msveqaln.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshylk.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msietfel.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msifrspi.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msihqqnk.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msiiql.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msijk.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msimt.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msiobzeg.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msipkvb.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msipzxb.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msiqr.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msokg.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msomioq.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msomqjz.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msooc.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msoqr.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msoszz.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msowe.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msoys.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msoztv.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspbr.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspbtgzk.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspjmieh.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspjogo.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspjqk.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspjysk.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspoa.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspqg.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspqopfl.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msprdiif.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswotfx.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswpjud.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswqgfv.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswqz.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswras.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswrr.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswua.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswwfe.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswxk.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswxkyyb.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxaqlxt.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxco.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxfllw.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxjhylt.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxlr.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxlvian.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjtja.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjtjval.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjtloq.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjwfaj.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjzkd.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskas.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskgth.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskgxvak.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskouwju.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskpdn.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskpmgl.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskuez.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskvjgeb.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslccry.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslfjgq.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msliyc.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslje.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslke.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msllcvm.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslnck.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslpffzq.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslqrlj.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msltpj.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfsbibs.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfslku.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfsn.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msftbxw.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msftff.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfwmig.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgahk.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgal.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgash.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgby.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgclu.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgdj.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgdke.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgfehzb.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgghc.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msglzf.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgotax.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgroalw.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgsejlv.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssicc.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssjuzrp.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msslqeax.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssmpb.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssrjj.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssstc.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msstt.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msstvbid.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssvcb.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssvd.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msswp.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstaq.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqplno.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqqj.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqrslcz.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqxlng.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqyfcra.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqyjdx.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqywsyv.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqzpmph.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrbc.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msynjt.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyrp.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyvet.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyvuksl.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyxdnts.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyxht.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyxyinz.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyyj.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszfr.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msziarsy.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszkgg.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszru.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msckiox.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscpf.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscvlo.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscvn.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscztiko.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdtxg.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdunh.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdvu.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdxme.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdzjz.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mseau.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msebcq.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msebrtk.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msedci.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msefacw.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msefrnin.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msegqtc.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mseikrod.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msemh.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msemm.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msemo.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\logcde.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\windef.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\windows\fonts\windef.Log (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\winpaged.ocx (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\windows\fonts\cooecp.tlb (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wiawow32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

Will now run GMER and will post when completed -
again thank you for your help....

Erin

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:47 PM

Posted 12 July 2009 - 06:00 PM

Erin,

Do you have the other logs? are you having trouble running them?

unite.jpg


#5 Erinkoiso

Erinkoiso
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 12 July 2009 - 07:11 PM

I ran the gmer one this am and when it was done I did not save it and so I am in the process of running it again it should be done a y moment... Thanks for your patience...
Erin

#6 Erinkoiso

Erinkoiso
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 12 July 2009 - 07:53 PM

gmer log:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-12 17:38:41
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA8A289AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA8A28958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA8A2896C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA8A289EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA8A28930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA8A28944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA8A289BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA8A28996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA8A28982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA8A28A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA8A28A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA8A289D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AB0 7 Bytes JMP A8A289D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80577F8E 5 Bytes JMP A8A289AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B0E36 7 Bytes JMP A8A289EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B1C44 5 Bytes JMP A8A28A04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B7216 7 Bytes JMP A8A289C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CA154 5 Bytes JMP A8A28934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CA3E0 5 Bytes JMP A8A28948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CCB9E 5 Bytes JMP A8A28986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CFE74 7 Bytes JMP A8A28970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805CFF2A 5 Bytes JMP A8A2895C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D0434 5 Bytes JMP A8A2899A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D167E 5 Bytes JMP A8A28A1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[496] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[496] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0007005B
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070F70
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00070F81
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00070F9E
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00070091
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00070080
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000700D8
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 000700BD
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00070F24
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00070040
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00070F55
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 000700AC
.text C:\WINDOWS\system32\services.exe[680] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060FE5
.text C:\WINDOWS\system32\services.exe[680] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060F9E
.text C:\WINDOWS\system32\services.exe[680] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0006002C
.text C:\WINDOWS\system32\services.exe[680] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0006001B
.text C:\WINDOWS\system32\services.exe[680] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00060FB9
.text C:\WINDOWS\system32\services.exe[680] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[680] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00060FCA
.text C:\WINDOWS\system32\services.exe[680] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [26, 88]
.text C:\WINDOWS\system32\services.exe[680] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00060051
.text C:\WINDOWS\system32\services.exe[680] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050FB2
.text C:\WINDOWS\system32\services.exe[680] msvcrt.dll!system 77C293C7 5 Bytes JMP 0005003D
.text C:\WINDOWS\system32\services.exe[680] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050011
.text C:\WINDOWS\system32\services.exe[680] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[680] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0005002C
.text C:\WINDOWS\system32\services.exe[680] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[680] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 010D0FEF
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 010D0F63
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 010D004E
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 010D0F74
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 010D003D
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 010D002C
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 010D0F2B
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 010D0073
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 010D00C4
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 010D00A9
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 010D00DF
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 010D0FA5
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateFileW 7C810770 3 Bytes JMP 010D0000
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateFileW + 4 7C810774 1 Byte [84]
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreatePipe 7C81E0D7 3 Bytes JMP 010D0F48
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreatePipe + 4 7C81E0DB 1 Byte [84]
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 010D0FC0
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 010D0011
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 010D008E
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FF0040
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FF006C
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FF0025
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00FF0FAF
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00FF000A
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [1F, 89]
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00FF0051
.text C:\WINDOWS\system32\lsass.exe[716] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FE0042
.text C:\WINDOWS\system32\lsass.exe[716] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FE0FC1
.text C:\WINDOWS\system32\lsass.exe[716] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FE001D
.text C:\WINDOWS\system32\lsass.exe[716] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\lsass.exe[716] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FE0FD2
.text C:\WINDOWS\system32\lsass.exe[716] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FE000C
.text C:\WINDOWS\system32\lsass.exe[716] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00D60FEF
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CF0F90
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CF0085
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00CF0FA1
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00CF0FB2
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00CF0FD4
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00CF0F58
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00CF0F69
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreateProcessW 7C802332 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CF0F36
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CF00CF
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00CF00E0
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00CF0FC3
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00CF000A
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00CF00A0
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00CF0040
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00CF0025
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00CF0F47
.text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CE0FC3
.text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CE0F75
.text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CE0FD4
.text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CE000A
.text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00CE0F86
.text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00CE0F97
.text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [EE, 88]
.text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00CE0FA8
.text C:\WINDOWS\system32\svchost.exe[824] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CD0053
.text C:\WINDOWS\system32\svchost.exe[824] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CD0038
.text C:\WINDOWS\system32\svchost.exe[824] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CD001D
.text C:\WINDOWS\system32\svchost.exe[824] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\svchost.exe[824] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CD0FC8
.text C:\WINDOWS\system32\svchost.exe[824] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CD000C
.text C:\WINDOWS\system32\svchost.exe[824] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E00000
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E000AE
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E00093
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E00FB9
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E0006C
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E00047
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E00F8D
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E000C9
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E0010B
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E000F0
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00E00F4D
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00E00FCA
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E0001B
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00E00FA8
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00E00036
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00E00FE5
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00E00F72
.text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DF004A
.text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DF0FAF
.text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DF0FEF
.text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DF001B
.text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00DF0076
.text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00DF0000
.text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00DF0065
.text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00DF0FD4
.text C:\WINDOWS\system32\svchost.exe[896] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DE0FB7
.text C:\WINDOWS\system32\svchost.exe[896] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DE0FC8
.text C:\WINDOWS\system32\svchost.exe[896] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DE0FE3
.text C:\WINDOWS\system32\svchost.exe[896] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DE0000
.text C:\WINDOWS\system32\svchost.exe[896] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DE0038
.text C:\WINDOWS\system32\svchost.exe[896] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DE001D
.text C:\WINDOWS\system32\svchost.exe[896] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00DD0000
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00AB0FE5
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00AB007F
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00AB0F8A
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00AB0058
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00AB0047
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00AB001B
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00AB00B7
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00AB009A
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00AB0F25
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00AB0F4A
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00AB00E3
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00AB0036
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00AB0000
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00AB0F6F
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00AB0FA5
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00AB0FCA
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00AB00C8
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AA0FC3
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AA004A
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AA0FD4
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AA0FEF
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00AA0F8D
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00AA0000
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00AA002F
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00AA0FA8
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A9005A
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A9003F
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A9002E
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A90000
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A90FD9
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A9001D
.text C:\WINDOWS\system32\svchost.exe[940] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A80000
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 030E000A
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 030E0F3F
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 030E0F50
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 030E0F61
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 030E0F72
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 030E0F94
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 030E0EF6
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 030E0F13
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 030E0ED4
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 030E0EE5
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 030E0EC3
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 030E0F83
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 030E0FE5
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 030E0F24
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!CreateNamedPipeW 7C82F0EF 3 Bytes JMP 030E0FAF
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!CreateNamedPipeW + 4 7C82F0F3 1 Byte [86]
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 030E0FCA
.text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 030E0059
.text C:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 029D0FD1
.text C:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 029D0069
.text C:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 029D0022
.text C:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 029D0011
.text C:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 029D0058
.text C:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 029D0000
.text C:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 029D003D
.text C:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 029D0FC0
.text C:\WINDOWS\System32\svchost.exe[1036] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 028B0F9C
.text C:\WINDOWS\System32\svchost.exe[1036] msvcrt.dll!system 77C293C7 5 Bytes JMP 028B0FB7
.text C:\WINDOWS\System32\svchost.exe[1036] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 028B001D
.text C:\WINDOWS\System32\svchost.exe[1036] msvcrt.dll!_open 77C2F566 5 Bytes JMP 028B0FEF
.text C:\WINDOWS\System32\svchost.exe[1036] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 028B0FC8
.text C:\WINDOWS\System32\svchost.exe[1036] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 028B000C
.text C:\WINDOWS\System32\svchost.exe[1036] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 028A0FE5
.text C:\WINDOWS\System32\svchost.exe[1036] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 03040000
.text C:\WINDOWS\System32\svchost.exe[1036] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 03040FEF
.text C:\WINDOWS\System32\svchost.exe[1036] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 03040025
.text C:\WINDOWS\System32\svchost.exe[1036] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 03040FD4
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008B0000
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008B005B
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008B0F70
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008B0F81
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008B004A
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008B0FC3
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008B0076
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008B0F30
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008B00B3
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008B0098
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 008B00C4
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 008B0FA8
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 008B001B
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 008B0F4B
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 008B0FD4
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 008B0FE5
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 008B0087
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008A0F94
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008A0F46
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008A0FB9
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008A0FCA
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 008A0F57
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 008A0FEF
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 008A0F68
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [AA, 88]
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 008A0F79
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00890FAD
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!system 77C293C7 5 Bytes JMP 00890FBE
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00890FE3
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00890000
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00890038
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0089001D
.text C:\WINDOWS\system32\svchost.exe[1148] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 007B0FEF
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A00F5F
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A00F70
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A00F8D
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A00040
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A00FA8
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A00065
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A00F1D
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A00EDD
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A00076
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A00ECC
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A0002F
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A00FDE
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A00F3A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A0000A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A00FC3
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A00F02
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009F0FB9
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009F0F61
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009F0FD4
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009F0000
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 009F0F7C
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 009F0FE5
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 009F0F8D
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [BF, 88]
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 009F0FA8
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009E0F92
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!system 77C293C7 5 Bytes JMP 009E0027
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009E0FC1
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009E000C
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009E0FD2
.text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009D000A
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A00F92
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A0007D
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A00FA3
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A0006C
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A00040
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A00F66
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A00F81
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A00F1F
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A00F3A
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A00F0E
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A0005B
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A0000A
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A000AC
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A00FCA
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A0001B
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A00F55
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00740036
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00740065
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00740025
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00740FE5
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00740FA8
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00740000
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00740FB9
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [94, 88]
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00740FCA
.text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00730FBC
.text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!system 77C293C7 5 Bytes JMP 00730FCD
.text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00730FDE
.text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00730FEF
.text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0073003D
.text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0073000C
.text C:\WINDOWS\system32\svchost.exe[1684] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 00750FEF
.text C:\WINDOWS\system32\svchost.exe[1684] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 00750000
.text C:\WINDOWS\system32\svchost.exe[1684] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 00750FCA
.text C:\WINDOWS\system32\svchost.exe[1684] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 0075001B
.text C:\WINDOWS\system32\svchost.exe[1684] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00720000
.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01B30FEF
.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01B30F72
.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01B3005D
.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01B30040
.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01B30025
.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01B30F9E
.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01B300A4
.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01B30093
.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01B300D0
.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01B30F37
.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 01B30F1C
.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 01B30F83
.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01B30FDE
.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 01B30082
.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 01B3000A
.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 01B30FC3
.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 01B300B5
.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01B10FE5
.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01B10FAF
.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01B1002C
.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01B10011
.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 01B10062
.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 01B10000
.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 01B10FC0
.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [D1, 89]
.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 01B10051
.text C:\WINDOWS\Explorer.EXE[1812] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01B00FA6
.text C:\WINDOWS\Explorer.EXE[1812] msvcrt.dll!system 77C293C7 5 Bytes JMP 01B00FC1
.text C:\WINDOWS\Explorer.EXE[1812] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01B00FE3
.text C:\WINDOWS\Explorer.EXE[1812] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01B00000
.text C:\WINDOWS\Explorer.EXE[1812] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01B00FD2
.text C:\WINDOWS\Explorer.EXE[1812] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01B0001D
.text C:\WINDOWS\Explorer.EXE[1812] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 01B20000
.text C:\WINDOWS\Explorer.EXE[1812] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 01B20FE5
.text C:\WINDOWS\Explorer.EXE[1812] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 01B20FCA
.text C:\WINDOWS\Explorer.EXE[1812] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 01B2001B
.text C:\WINDOWS\Explorer.EXE[1812] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01590000
.text C:\WINDOWS\system32\wuauclt.exe[2376] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\wuauclt.exe[2376] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B0F99
.text C:\WINDOWS\system32\wuauclt.exe[2376] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0FAA
.text C:\WINDOWS\system32\wuauclt.exe[2376] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B008E
.text C:\WINDOWS\system32\wuauclt.exe[2376] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0073
.text C:\WINDOWS\system32\wuauclt.exe[2376] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B003D
.text C:\WINDOWS\system32\wuauclt.exe[2376] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B00C4
.text C:\WINDOWS\system32\wuauclt.exe[2376] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B0F7E
.text C:\WINDOWS\system32\wuauclt.exe[2376] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B010B
.text C:\WINDOWS\system32\wuauclt.exe[2376] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B00F0
.text C:\WINDOWS\system32\wuauclt.exe[2376] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001B011C
.text C:\WINDOWS\system32\wuauclt.exe[2376] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001B0062
.text C:\WINDOWS\system32\wuauclt.exe[2376] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2376] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001B00A9
.text C:\WINDOWS\system32\wuauclt.exe[2376] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001B002C
.text C:\WINDOWS\system32\wuauclt.exe[2376] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\wuauclt.exe[2376] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001B00DF
.text C:\WINDOWS\system32\wuauclt.exe[2376] msvcrt.dll!_wsystem 77C2931E 1 Byte [E9]
.text C:\WINDOWS\system32\wuauclt.exe[2376] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290022
.text C:\WINDOWS\system32\wuauclt.exe[2376] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290011
.text C:\WINDOWS\system32\wuauclt.exe[2376] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00290000
.text C:\WINDOWS\system32\wuauclt.exe[2376] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\wuauclt.exe[2376] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00290FA1
.text C:\WINDOWS\system32\wuauclt.exe[2376] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00290FD2
.text C:\WINDOWS\system32\wuauclt.exe[2376] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0FCA
.text C:\WINDOWS\system32\wuauclt.exe[2376] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0F94
.text C:\WINDOWS\system32\wuauclt.exe[2376] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A001B
.text C:\WINDOWS\system32\wuauclt.exe[2376] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A000A
.text C:\WINDOWS\system32\wuauclt.exe[2376] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 002A0051
.text C:\WINDOWS\system32\wuauclt.exe[2376] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2376] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 002A0040
.text C:\WINDOWS\system32\wuauclt.exe[2376] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 002A0FAF
.text C:\WINDOWS\system32\wuauclt.exe[2376] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A40FEF

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[904] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\AOL9~1.0\waol.exe[1692] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe[2972] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3048] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4128] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A695DC8A

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Services - GMER 1.0.15 ----

Service system32\drivers\UACrstnayvvfwdtqbpyd.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACrstnayvvfwdtqbpyd.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACrstnayvvfwdtqbpyd.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACrmbcqiostmxlradru.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACemucfonejgeqoxijq.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACweuumhcrikvvmrgof.dat
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACtuildudlocqyghtuy.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACmnbfufgnbdfgrenox.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACrltejaddqbhdjqahe.db
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACxmrjjmvuuskirreil.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACrstnayvvfwdtqbpyd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACrstnayvvfwdtqbpyd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACrmbcqiostmxlradru.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACemucfonejgeqoxijq.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACweuumhcrikvvmrgof.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACtuildudlocqyghtuy.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACmnbfufgnbdfgrenox.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACrltejaddqbhdjqahe.db
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACxmrjjmvuuskirreil.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACrstnayvvfwdtqbpyd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACrstnayvvfwdtqbpyd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACrmbcqiostmxlradru.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACemucfonejgeqoxijq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACweuumhcrikvvmrgof.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACtuildudlocqyghtuy.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACmnbfufgnbdfgrenox.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACrltejaddqbhdjqahe.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACxmrjjmvuuskirreil.dll

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\Temp\818fe68c-0ce5-4eb3-885e-91c52ca32ee8.tmp 0 bytes

---- EOF - GMER 1.0.15 ----

#7 Erinkoiso

Erinkoiso
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 12 July 2009 - 07:59 PM

OTListIT.txt:

OTL logfile created on: 7/12/2009 5:39:40 PM - Run 2
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\Erin0716\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.21% Memory free
3.84 Gb Paging File | 3.20 Gb Available in Paging File | 83.38% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.30 Gb Total Space | 7.82 Gb Free Space | 10.97% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 232.81 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERIN
Current User Name: Erin0716
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/10/23 05:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/11 22:11:04 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\McShield.exe
PRC - [2009/07/11 22:11:11 | 00,833,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2005/10/14 11:46:34 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/10/14 11:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2009/07/11 22:11:14 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2005/03/22 14:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/05 01:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2006/06/01 11:45:13 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\RealPlay.exe
PRC - [2009/07/11 22:11:14 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2007/11/01 19:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2005/01/28 11:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2005/09/08 03:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2003/08/27 08:29:46 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2003/06/25 11:24:48 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd.exe
PRC - [2004/05/12 16:18:56 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2009/07/11 22:11:16 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2006/11/07 15:11:50 | 02,500,096 | ---- | M] (AOL LLC) -- C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
PRC - [2006/10/03 08:15:35 | 03,723,264 | ---- | M] (FilmLoop Inc.) -- C:\Program Files\FilmLoop Player\FilmLoop.exe
PRC - [2008/06/24 11:34:50 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe
PRC - [2006/05/16 08:58:18 | 00,213,936 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
PRC - [2006/07/12 11:44:02 | 00,020,480 | ---- | M] (Fisher-Price, Inc.) -- C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
PRC - [2009/07/11 22:11:13 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2007/03/09 11:09:58 | 00,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/02/09 15:34:54 | 00,106,496 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
PRC - [2006/11/03 11:01:16 | 00,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe
PRC - [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2009/01/05 17:18:48 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/01/06 14:06:36 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/07/11 22:11:18 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2008/10/21 10:09:59 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2007/04/17 23:49:07 | 00,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\waol.exe
PRC - [2009/02/06 02:41:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2003/07/07 01:20:40 | 00,233,472 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2005/04/15 13:32:16 | 00,110,592 | ---- | M] (Arcsoft, Inc.) -- C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
PRC - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2003/08/11 01:07:38 | 00,065,795 | R--- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2008/11/06 10:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2007/11/01 18:12:38 | 00,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/04/17 23:49:05 | 00,054,832 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\shellmon.exe
PRC - [2009/07/11 22:42:45 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erin0716\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/10/23 05:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/14 23:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/07/11 22:11:16 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/07/11 22:11:04 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2007/01/26 11:39:43 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 03:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\McShield.exe -- (McShield [Unknown | Running])
SRV - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [Disabled | Stopped])
SRV - [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [On_Demand | Running])
SRV - [2004/11/19 09:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2003/08/11 01:07:38 | 00,065,795 | R--- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Running])
SRV - [2005/01/28 11:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - File not found -- -- (Viewpoint Manager Service [Auto | Stopped])
SRV - [2003/08/27 08:29:46 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/02/01 08:14:55 | 00,043,672 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
DRV - [2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004/08/03 21:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 11:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 11:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2006/06/01 11:45:16 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
DRV - [2009/07/11 22:12:37 | 00,335,752 | ---- | M] (AVG TechnologiHqew i\Uy7d;Sh`^vwdLSϫ,RZiKGy%C?iA%
OP1ߖ)D%^KS|f@LCr<cmѽAވ1Y+8jr  M&5|C)hh_,꭭AEB@&Cp#0Cb͊bxIJ7}'!6X
H)
2SgFrz[ h2? qXҹj5ߓ/
ǃD*{nYc\IB]7u)}8n2n>~gKp܍Եd:K}? IlNژX<>1bV:Kj}wbW#R(R8q
:UDzߚ-gfLYW7,h0 <‹8 yɼ)խIܵc|38%_uQ${y4(<@\1JX>:oB:sNMSDʼne~Z*
\oPwܘYWrtPQ2lcKG8^~e'JN#kKdjSqxU9P{A]whO<7g N%ao8)]1=]:=^B䖉n^DW=8g-}4orel Photo Album 6\MediaDetect.exe
PRC - [2006/11/03 11:01:16 | 00,\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005/09/08 03:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 10:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/09/08 03:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/09/08 03:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/09/08 03:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/09/08 03:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 10:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/09/08 03:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/09/08 03:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 01:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 03:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2004/10/14 12:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2004/08/04 03:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fsvga.sys -- (FsVga [System | Running])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/08/12 15:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2003/08/11 01:07:38 | 00,051,056 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2003/08/11 01:07:38 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2003/08/11 01:07:38 | 00,021,488 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2005/10/14 12:15:18 | 01,302,812 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2007/10/12 03:00:44 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Stopped])
DRV - [2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2001/08/17 11:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/08/03 20:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2007/04/12 16:50:16 | 00,507,264 | ---- | M] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\DRIVERS\PFC027.SYS -- (PAC207 [On_Demand | Stopped])
DRV - [2007/10/12 02:56:22 | 00,490,776 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\LV561AV.SYS -- (PID_0928 [On_Demand | Stopped])
DRV - [2004/08/04 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/20 12:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/04/04 21:53:41 | 00,015,172 | ---- | M] (Prassi Technology) -- C:\WINDOWS\System32\Drivers\PzWDM.sys -- (PzWDM [Boot | Running])
DRV - [2001/08/17 11:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 11:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 11:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/03 21:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2001/08/17 12:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2005/11/16 12:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 12:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 12:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 12:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 12:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 11:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/11/07 15:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2003/01/10 14:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - URLSearchHook: *{03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found
IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: *{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found
IE - URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-3831677407-969346918-836458217-1006\S-1-5-21-3831677407-969346918-836458217-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3831677407-969346918-836458217-1006\S-1-5-21-3831677407-969346918-836458217-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



Hosts file not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O3 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ASM] C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe (AOL LLC)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BuildBU] c:\dell\bldbubg.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DXDllRegExe] File not found
O4 - HKLM..\Run: [FilmLoop] C:\Program Files\FilmLoop Player\FilmLoop.exe (FilmLoop Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [MSKDetectorExe] \Program Files\McAfee\SpamKiller\MSKDetct.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe (Fisher-Price, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-3831677407-969346918-836458217-1006..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\S-1-5-21-3831677407-969346918-836458217-1006..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.)
O4 - HKU\S-1-5-21-3831677407-969346918-836458217-1006..\Run: [DellSupport] File not found
O4 - HKU\S-1-5-21-3831677407-969346918-836458217-1006..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe (Arcsoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\Erin0716\Start Menu\Programs\Startup\AOL Desktop.lnk = File not found
O4 - Startup: C:\Documents and Settings\Erin0716\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (Leader Technologies/Logitech)
F3 - HKU\.DEFAULT WinNT: Load - (C:\WINDOWS\system32\msalrsw.exe) - C:\WINDOWS\System32\msalrsw.exe File not found
F3 - HKU\.DEFAULT WinNT: Run - (C:\WINDOWS\system32\mseau.exe) - C:\WINDOWS\System32\mseau.exe File not found
F3 - HKU\S-1-5-18 WinNT: Load - (C:\WINDOWS\system32\msalrsw.exe) - C:\WINDOWS\System32\msalrsw.exe File not found
F3 - HKU\S-1-5-18 WinNT: Run - (C:\WINDOWS\system32\mseau.exe) - C:\WINDOWS\System32\mseau.exe File not found
F3 - HKU\S-1-5-21-3831677407-969346918-836458217-1006 WinNT: Run - (C:\WINDOWS\system32\mszzp.exe) - C:\WINDOWS\System32\mszzp.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-3831677407-969346918-836458217-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html File not found
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} http://o.aolcdn.com/pictures/ap/Resources/...ns.10.6.0.6.cab (AOL Pictures Uploader Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3527C5BD-4A46-4362-94B6-12341D087A4B} http://echospin.com/wizard/files/esWizard.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related/st...geUploader5.cab (Image Uploader Control)
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab (PlayerOCX Control)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cid-469942a7d30abf3e.spaces.live.co...ad/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} http://erinkoiso.myphotoalbum.com/ImageUploader4.cab (MyPhotoAlbum Easy Upload Tool Combo Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} http://download-games.pogo.com/online2/pog...ameLauncher.cab (Playtime Games Launcher)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {38101905-D80F-4788-96F6-986A8186178A} - C:\WINDOWS\System32\flashd32.dll ()
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\xxywtQJY) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/21 20:18:04 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e8a445c1-9332-11dc-87b0-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{e8a445c1-9332-11dc-87b0-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e8a445c1-9332-11dc-87b0-00038a000015}\Shell\AutoRun\command - "" = G:\Imageviewer.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/11 22:42:35 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Erin0716\Desktop\OTL.exe
[2009/07/11 22:39:03 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Erin0716\Desktop\jgh904gd.exe
[2009/07/11 22:36:40 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Erin0716\My Documents\jtqxympm.exe
[2009/07/11 22:12:46 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.5.lnk
[2009/07/11 22:12:45 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/07/11 22:12:44 | 00,012,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/07/11 22:12:43 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/07/11 22:12:37 | 00,335,752 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/07/11 22:12:35 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/07/11 22:12:10 | 38,089,105 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/07/11 22:12:08 | 00,025,283 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/07/11 22:12:06 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/07/11 22:12:04 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/07/11 22:12:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/07/11 22:11:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/07/11 22:10:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/07/11 21:25:30 | 00,000,745 | ---- | C] () -- C:\xp_exe_fix.zip
[2009/07/11 21:24:39 | 00,849,800 | ---- | C] (AVG Technologies) -- C:\avg_avwt_stb_all_8_26.exe
[2009/07/11 20:46:06 | 00,234,966 | ---- | C] () -- C:\Restoration.EXE
[2009/07/11 20:44:59 | 00,234,966 | ---- | C] () -- C:\Documents and Settings\Erin0716\My Documents\REST2514.EXE
[2009/07/11 19:18:49 | 21,371,49440 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/11 15:34:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Erin0716\Application Data\AVG8
[2009/07/11 15:12:30 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/07/11 13:40:29 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/07/11 13:40:29 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/07/11 13:40:29 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/07/11 13:40:29 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/07/11 13:40:29 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/07/11 13:40:29 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/07/11 13:40:29 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/07/11 13:40:29 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/07/11 13:40:29 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/07/11 13:40:29 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/07/11 13:40:29 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/07/11 13:40:29 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/07/11 13:40:29 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/07/11 13:40:29 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/07/11 13:38:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Erin0716\My Documents\SmitfraudFix
[2009/07/11 13:36:03 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/11 13:31:36 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Erin0716\Desktop\HijackThis.lnk
[2009/07/11 11:52:50 | 03,976,714 | ---- | C] () -- C:\WINDOWS\System32\uactmp.db
[2009/07/11 10:25:00 | 00,040,960 | RHS- | C] () -- C:\WINDOWS\System32\flashd32.dll
[2009/07/11 10:24:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\18839684
[2009/07/11 10:24:26 | 01,110,399 | ---- | C] () -- C:\WINDOWS\System32\UACrltejaddqbhdjqahe.db
[2009/07/11 10:24:20 | 00,000,310 | ---- | C] () -- C:\WINDOWS\System32\UACweuumhcrikvvmrgof.dat
[2009/07/01 23:27:46 | 00,414,361 | ---- | C] () -- C:\Documents and Settings\Erin0716\My Documents\You_Cant_Fix_Stupid.wmv
[2009/07/01 23:26:20 | 00,085,149 | ---- | C] () -- C:\Documents and Settings\Erin0716\My Documents\Image.jpg
[2009/07/01 20:45:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Erin0716\My Documents\book
[2009/06/30 23:48:00 | 00,000,907 | ---- | C] () -- C:\Documents and Settings\Erin0716\Desktop\Shortcut to DSC04273.lnk
[2009/06/30 23:46:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Erin0716\Desktop\reunion
[2009/06/30 23:41:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Erin0716\My Documents\Reunion book
[2009/06/30 23:11:57 | 00,000,548 | ---- | C] () -- C:\Documents and Settings\Erin0716\Desktop\Shortcut to Wike Family.lnk
[2009/06/29 20:32:02 | 01,901,272 | ---- | C] () -- C:\Documents and Settings\Erin0716\My Documents\interview.wmv
[2009/06/23 06:56:50 | 00,411,645 | ---- | C] () -- C:\Documents and Settings\Erin0716\My Documents\Cassie's cake.jpg
[2009/06/13 09:08:13 | 00,000,316 | ---- | C] () -- C:\Documents and Settings\Erin0716\My Documents\Eri double dutch.SONIC
[2008/11/06 09:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 09:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 09:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 09:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/09/18 20:53:48 | 00,990,384 | -HS- | C] () -- C:\WINDOWS\System32\ewfjyfyp.ini
[2008/09/17 15:01:36 | 00,990,324 | -HS- | C] () -- C:\WINDOWS\System32\vymlucdi.ini
[2008/09/17 14:56:52 | 00,963,482 | -HS- | C] () -- C:\WINDOWS\System32\YJQtwyxx.ini2
[2008/09/17 14:56:52 | 00,963,482 | -HS- | C] () -- C:\WINDOWS\System32\YJQtwyxx.ini
[2008/08/31 15:27:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2008/08/31 15:25:15 | 00,000,408 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2008/07/26 09:25:02 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/06/14 21:14:48 | 00,000,248 | ---- | C] () -- C:\WINDOWS\NED.INI
[2008/06/14 21:14:48 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\NED.INI
[2008/06/14 20:49:06 | 00,001,895 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/03/12 03:02:17 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/03/09 00:20:40 | 00,929,183 | -HS- | C] () -- C:\WINDOWS\System32\becufrbu.ini
[2008/03/08 00:21:41 | 00,917,984 | -HS- | C] () -- C:\WINDOWS\System32\yosfpjva.ini
[2008/03/07 00:21:41 | 00,917,644 | -HS- | C] () -- C:\WINDOWS\System32\swmjdgiw.ini
[2008/03/06 00:20:45 | 00,986,804 | -HS- | C] () -- C:\WINDOWS\System32\xbbwhpnc.ini
[2008/03/05 00:20:43 | 01,013,695 | -HS- | C] () -- C:\WINDOWS\System32\gttbclsv.ini
[2008/03/04 00:23:44 | 01,008,084 | -HS- | C] () -- C:\WINDOWS\System32\gidegvjo.ini
[2008/03/03 00:19:45 | 01,122,858 | -HS- | C] () -- C:\WINDOWS\System32\hvuvmenq.ini
[2008/03/02 00:19:45 | 01,040,542 | -HS- | C] () -- C:\WINDOWS\System32\fdwjpjny.ini
[2008/03/01 00:18:28 | 01,040,446 | -HS- | C] () -- C:\WINDOWS\System32\tlhcexgu.ini
[2008/02/29 00:18:26 | 01,069,309 | -HS- | C] () -- C:\WINDOWS\System32\lpovaajc.ini
[2008/02/28 00:03:46 | 01,096,710 | -HS- | C] () -- C:\WINDOWS\System32\upfmwbof.ini
[2008/02/27 08:18:46 | 01,036,653 | -HS- | C] () -- C:\WINDOWS\System32\egdnbhij.ini
[2008/02/26 00:05:55 | 01,042,440 | -HS- | C] () -- C:\WINDOWS\System32\ftdecvux.ini
[2008/02/25 00:03:43 | 01,096,711 | -HS- | C] () -- C:\WINDOWS\System32\ovrbtlds.ini
[2008/02/24 00:01:27 | 01,060,413 | -HS- | C] () -- C:\WINDOWS\System32\oengorqr.ini
[2008/02/23 00:04:16 | 01,062,039 | -HS- | C] () -- C:\WINDOWS\System32\tmrmxccb.ini
[2008/02/22 00:04:15 | 01,061,803 | -HS- | C] () -- C:\WINDOWS\System32\ggltmkfv.ini
[2008/02/21 20:13:14 | 01,178,452 | -HS- | C] () -- C:\WINDOWS\System32\dkyyqjxr.ini
[2008/02/20 00:01:47 | 01,203,656 | -HS- | C] () -- C:\WINDOWS\System32\nirnxbov.ini
[2008/02/18 23:58:12 | 01,216,341 | -HS- | C] () -- C:\WINDOWS\System32\rgwrukpb.ini
[2008/02/17 23:55:36 | 01,210,739 | -HS- | C] () -- C:\WINDOWS\System32\toovmsxj.ini
[2008/02/16 23:55:29 | 01,216,971 | -HS- | C] () -- C:\WINDOWS\System32\yeyxamgb.ini
[2008/02/15 23:58:29 | 01,216,911 | -HS- | C] () -- C:\WINDOWS\System32\dfksyvtb.ini
[2008/02/14 23:55:29 | 01,248,339 | -HS- | C] () -- C:\WINDOWS\System32\oycultnn.ini
[2008/02/14 00:00:33 | 01,241,028 | -HS- | C] () -- C:\WINDOWS\System32\njggpwbi.ini
[2008/02/12 23:57:47 | 01,207,240 | -HS- | C] () -- C:\WINDOWS\System32\iqdosivi.ini
[2008/02/12 00:00:47 | 01,191,389 | -HS- | C] () -- C:\WINDOWS\System32\tfbxuqyj.ini
[2008/02/10 23:51:54 | 01,209,962 | -HS- | C] () -- C:\WINDOWS\System32\nrjyxqpu.ini
[2008/02/10 00:01:41 | 01,202,538 | -HS- | C] () -- C:\WINDOWS\System32\ofbmahko.ini
[2008/02/08 23:58:42 | 01,202,340 | -HS- | C] () -- C:\WINDOWS\System32\lfcwdbct.ini
[2008/02/08 00:01:41 | 01,204,091 | -HS- | C] () -- C:\WINDOWS\System32\tmqtloxl.ini
[2008/02/06 23:58:29 | 01,207,467 | -HS- | C] () -- C:\WINDOWS\System32\tdcebgjj.ini
[2008/02/06 00:01:18 | 01,194,522 | -HS- | C] () -- C:\WINDOWS\System32\jtlietwl.ini
[2008/02/04 23:58:50 | 01,194,435 | -HS- | C] () -- C:\WINDOWS\System32\nuaaedsl.ini
[2008/02/03 19:19:24 | 01,192,298 | -HS- | C] () -- C:\WINDOWS\System32\jxtkhsnr.ini
[2008/01/31 07:18:00 | 01,182,637 | -HS- | C] () -- C:\WINDOWS\System32\vmpaowlk.ini
[2008/01/30 07:16:11 | 01,166,823 | -HS- | C] () -- C:\WINDOWS\System32\bfjctpgf.ini
[2008/01/29 07:22:34 | 01,164,209 | -HS- | C] () -- C:\WINDOWS\System32\ofdyksqb.ini
[2008/01/28 07:22:48 | 01,151,686 | -HS- | C] () -- C:\WINDOWS\System32\ggjwklqf.ini
[2008/01/26 19:24:30 | 01,143,235 | -HS- | C] () -- C:\WINDOWS\System32\trhskxgt.ini
[2008/01/25 19:21:39 | 01,142,764 | -HS- | C] () -- C:\WINDOWS\System32\ybdacbya.ini
[2008/01/24 19:21:24 | 01,130,210 | -HS- | C] () -- C:\WINDOWS\System32\ihderceh.ini
[2008/01/23 19:20:36 | 01,117,554 | -HS- | C] () -- C:\WINDOWS\System32\odpenshk.ini
[2008/01/22 19:19:48 | 01,109,289 | -HS- | C] () -- C:\WINDOWS\System32\vpgygwjq.ini
[2008/01/21 19:20:14 | 01,089,316 | -HS- | C] () -- C:\WINDOWS\System32\jqbfoyut.ini
[2008/01/20 19:19:54 | 01,073,352 | -HS- | C] () -- C:\WINDOWS\System32\ckqhnrvg.ini
[2008/01/19 19:20:05 | 01,073,292 | -HS- | C] () -- C:\WINDOWS\System32\fcjgcqxy.ini
[2008/01/18 19:22:03 | 01,073,352 | -HS- | C] () -- C:\WINDOWS\System32\gifjtyrp.ini
[2008/01/17 19:21:15 | 01,076,132 | -HS- | C] () -- C:\WINDOWS\System32\oumhjruf.ini
[2008/01/16 19:39:23 | 01,066,238 | -HS- | C] () -- C:\WINDOWS\System32\fmuddauf.ini
[2008/01/15 19:20:13 | 01,066,006 | -HS- | C] () -- C:\WINDOWS\System32\lagdxbln.ini
[2008/01/14 19:18:58 | 01,057,216 | -HS- | C] () -- C:\WINDOWS\System32\vxbglyab.ini
[2008/01/13 19:19:06 | 01,060,622 | -HS- | C] () -- C:\WINDOWS\System32\anyqagcf.ini
[2008/01/12 19:19:06 | 01,060,502 | -HS- | C] () -- C:\WINDOWS\System32\imlkodul.ini
[2008/01/11 19:19:06 | 01,060,451 | -HS- | C] () -- C:\WINDOWS\System32\fncipiwg.ini
[2008/01/10 19:19:16 | 01,057,904 | -HS- | C] () -- C:\WINDOWS\System32\jpeccspc.ini
[2008/01/09 19:14:30 | 01,049,494 | -HS- | C] () -- C:\WINDOWS\System32\afrrwgya.ini
[2008/01/08 19:13:23 | 01,054,902 | -HS- | C] () -- C:\WINDOWS\System32\ncjmaryk.ini
[2008/01/07 19:16:41 | 01,044,275 | -HS- | C] () -- C:\WINDOWS\System32\jhvnubpv.ini
[2008/01/06 19:16:41 | 01,044,220 | -HS- | C] () -- C:\WINDOWS\System32\opjkjyib.ini
[2008/01/05 19:16:41 | 01,044,160 | -HS- | C] () -- C:\WINDOWS\System32\gddpwobf.ini
[2008/01/04 19:13:41 | 01,044,100 | -HS- | C] () -- C:\WINDOWS\System32\xkhvvchb.ini
[2008/01/03 19:13:42 | 01,038,604 | -HS- | C] () -- C:\WINDOWS\System32\golugjkl.ini
[2008/01/02 19:13:41 | 01,031,578 | -HS- | C] () -- C:\WINDOWS\System32\huetjwia.ini
[2008/01/01 19:10:17 | 01,031,518 | -HS- | C] () -- C:\WINDOWS\System32\vwjeocve.ini
[2007/12/31 19:10:30 | 01,031,139 | -HS- | C] () -- C:\WINDOWS\System32\gtkabxpu.ini
[2007/12/30 19:10:00 | 01,031,379 | -HS- | C] () -- C:\WINDOWS\System32\qaevpfem.ini
[2007/12/30 19:09:01 | 01,611,045 | -HS- | C] () -- C:\WINDOWS\System32\upmjumtr.ini
[2007/12/29 19:13:02 | 01,031,319 | -HS- | C] () -- C:\WINDOWS\System32\ocdpymra.ini
[2007/12/29 19:09:01 | 01,610,985 | -HS- | C] () -- C:\WINDOWS\System32\hcqctwkm.ini
[2007/12/28 19:10:02 | 01,031,259 | -HS- | C] () -- C:\WINDOWS\System32\ikaxgncl.ini
[2007/12/28 19:09:00 | 01,610,925 | -HS- | C] () -- C:\WINDOWS\System32\parvwfid.ini
[2007/12/27 19:12:02 | 01,610,865 | -HS- | C] () -- C:\WINDOWS\System32\xmujjyrd.ini
[2007/12/27 19:09:59 | 01,031,199 | -HS- | C] () -- C:\WINDOWS\System32\ywnghnon.ini
[2007/12/26 19:12:00 | 01,610,805 | -HS- | C] () -- C:\WINDOWS\System32\djcpiosd.ini
[2007/12/26 19:10:09 | 01,027,522 | -HS- | C] () -- C:\WINDOWS\System32\lywhljes.ini
[2007/12/25 07:08:41 | 01,792,555 | -HS- | C] () -- C:\WINDOWS\System32\bkewcwmx.ini
[2007/12/24 07:09:05 | 00,992,734 | -HS- | C] () -- C:\WINDOWS\System32\fhqltdmf.ini
[2007/12/23 07:10:59 | 00,990,819 | -HS- | C] () -- C:\WINDOWS\System32\abofhkor.ini
[2007/12/22 07:08:00 | 00,990,750 | -HS- | C] () -- C:\WINDOWS\System32\otfcnwxh.ini
[2007/12/21 07:07:58 | 00,987,523 | -HS- | C] () -- C:\WINDOWS\System32\rjwncvqh.ini
[2007/12/20 07:11:08 | 00,987,463 | -HS- | C] () -- C:\WINDOWS\System32\flstkidj.ini
[2007/12/19 07:05:03 | 00,983,208 | -HS- | C] () -- C:\WINDOWS\System32\yqsdcieb.ini
[2007/12/18 00:40:18 | 00,986,030 | -HS- | C] () -- C:\WINDOWS\System32\lsajdxve.ini
[2007/12/17 00:41:45 | 00,968,638 | -HS- | C] () -- C:\WINDOWS\System32\xekcstaf.ini
[2007/12/16 00:41:51 | 00,971,106 | -HS- | C] () -- C:\WINDOWS\System32\frvelatr.ini
[2007/12/15 00:44:45 | 00,952,272 | -HS- | C] () -- C:\WINDOWS\System32\opvtiodm.ini
[2007/12/14 00:41:54 | 00,952,203 | -HS- | C] () -- C:\WINDOWS\System32\kjhifiti.ini
[2007/12/13 00:43:49 | 00,896,927 | -HS- | C] () -- C:\WINDOWS\System32\gvjwacbq.ini
[2007/12/12 00:40:52 | 01,050,130 | -HS- | C] () -- C:\WINDOWS\System32\infyjotn.ini
[2007/12/10 12:43:22 | 00,913,082 | -HS- | C] () -- C:\WINDOWS\System32\aqtkdgfg.ini
[2007/12/10 09:43:11 | 00,859,165 | -HS- | C] () -- C:\WINDOWS\System32\eyavpkld.ini
[2007/12/09 09:33:58 | 00,237,671 | -HS- | C] () -- C:\WINDOWS\System32\xbeeg.ini2
[2007/12/09 09:33:58 | 00,237,671 | -HS- | C] () -- C:\WINDOWS\System32\xbeeg.ini
[2007/10/12 02:11:58 | 00,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/09/02 11:17:13 | 00,000,130 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2007/09/02 11:17:13 | 00,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2007/09/02 11:17:13 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2007/05/21 08:48:34 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/05/21 08:48:34 | 00,000,154 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2007/05/13 21:35:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/04/18 17:32:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/12/01 00:22:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2006/11/13 20:02:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/11/02 09:27:46 | 00,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2006/10/14 22:33:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\slingo5c.INI
[2006/10/14 22:21:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\slingox.INI
[2006/10/14 22:16:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\slingo.INI
[2006/09/18 22:27:46 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\imgpick.dll
[2006/09/18 22:26:35 | 00,000,028 | ---- | C] () -- C:\WINDOWS\winreg.ini
[2006/07/10 22:53:53 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/07/09 06:49:09 | 00,000,152 | RHS- | C] () -- C:\WINDOWS\System32\3A154914B1.sys
[2006/07/09 00:03:20 | 00,012,208 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/09 00:03:20 | 00,000,168 | RHS- | C] () -- C:\WINDOWS\System32\B11449153A.sys
[2006/07/05 21:56:08 | 00,565,248 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2006/06/01 11:58:29 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/01 11:53:24 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/01 11:22:15 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/09 23:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 11:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 11:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 10:51:28 | 00,001,003 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 10:51:26 | 00,000,288 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[16 C:\Documents and Settings\Erin0716\Local Settings\Application Data\*.tmp files]
[2009/07/12 17:06:08 | 00,017,243 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/07/12 13:01:16 | 00,001,003 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/12 13:00:20 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/12 12:57:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/12 12:57:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/12 12:57:45 | 21,371,49440 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/12 08:13:30 | 38,089,105 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/07/12 08:13:12 | 00,025,283 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/07/11 22:42:45 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erin0716\Desktop\OTL.exe
[2009/07/11 22:39:10 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Erin0716\Desktop\jgh904gd.exe
[2009/07/11 22:36:45 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Erin0716\My Documents\jtqxympm.exe
[2009/07/11 22:12:46 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.5.lnk
[2009/07/11 22:12:45 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/07/11 22:12:44 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/07/11 22:12:43 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/07/11 22:12:37 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/07/11 22:12:35 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/07/11 22:12:08 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/07/11 22:12:06 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/07/11 21:25:30 | 00,000,745 | ---- | M] () -- C:\xp_exe_fix.zip
[2009/07/11 21:24:43 | 00,849,800 | ---- | M] (AVG Technologies) -- C:\avg_avwt_stb_all_8_26.exe
[2009/07/11 20:46:06 | 00,234,966 | ---- | M] () -- C:\Restoration.EXE
[2009/07/11 20:45:00 | 00,234,966 | ---- | M] () -- C:\Documents and Settings\Erin0716\My Documents\REST2514.EXE
[2009/07/11 14:40:00 | 03,976,714 | ---- | M] () -- C:\WINDOWS\System32\uactmp.db
[2009/07/11 14:09:10 | 00,005,348 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/07/11 13:36:03 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/11 13:31:37 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Erin0716\Desktop\HijackThis.lnk
[2009/07/11 12:41:12 | 00,012,138 | ---- | M] () -- C:\SystemInfo.ini
[2009/07/11 10:25:00 | 00,040,960 | RHS- | M] () -- C:\WINDOWS\System32\flashd32.dll
[2009/07/11 10:24:32 | 01,110,399 | ---- | M] () -- C:\WINDOWS\System32\UACrltejaddqbhdjqahe.db
[2009/07/11 10:24:20 | 00,000,310 | ---- | M] () -- C:\WINDOWS\System32\UACweuumhcrikvvmrgof.dat
[2009/07/11 08:33:50 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/07/07 20:34:29 | 00,187,392 | ---- | M] () -- C:\Documents and Settings\Erin0716\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/07 20:07:23 | 00,012,208 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/07/07 20:07:23 | 00,000,152 | RHS- | M] () -- C:\WINDOWS\System32\3A154914B1.sys
[2009/07/06 18:36:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/05 22:13:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 2400 series#1152162304.job
[2009/07/01 23:28:23 | 00,414,361 | ---- | M] () -- C:\Documents and Settings\Erin0716\My Documents\You_Cant_Fix_Stupid.wmv
[2009/07/01 23:26:21 | 00,085,149 | ---- | M] () -- C:\Documents and Settings\Erin0716\My Documents\Image.jpg
[2009/07/01 01:00:11 | 00,000,338 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/06/30 23:48:00 | 00,000,907 | ---- | M] () -- C:\Documents and Settings\Erin0716\Desktop\Shortcut to DSC04273.lnk
[2009/06/30 23:11:57 | 00,000,548 | ---- | M] () -- C:\Documents and Settings\Erin0716\Desktop\Shortcut to Wike Family.lnk
[2009/06/29 20:32:16 | 01,901,272 | ---- | M] () -- C:\Documents and Settings\Erin0716\My Documents\interview.wmv
[2009/06/23 06:56:50 | 00,411,645 | ---- | M] () -- C:\Documents and Settings\Erin0716\My Documents\Cassie's cake.jpg
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/15 01:22:47 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/06/14 20:22:15 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/13 09:36:35 | 02,256,018 | ---- | M] () -- C:\Documents and Settings\Erin0716\My Documents\000_0023.zip
[2009/06/13 09:08:13 | 00,000,316 | ---- | M] () -- C:\Documents and Settings\Erin0716\My Documents\Eri double dutch.SONIC

========== Files - Unicode (All) ==========
[2007/06/12 07:49:26 | 00,110,927 | ---- | C] ()(C:\Documents and Settings\Erin0716\My Documents\070531?????.zip) -- C:\Documents and Settings\Erin0716\My Documents\070531スイカ練習.zip
[2007/06/12 07:49:28 | 00,000,000 | ---D | C](C:\Documents and Settings\Erin0716\My Documents\070531?????) -- C:\Documents and Settings\Erin0716\My Documents\070531スイカ練習
[2007/06/12 07:49:28 | 00,110,927 | ---- | M] ()(C:\Documents and Settings\Erin0716\My Documents\070531?????.zip) -- C:\Documents and Settings\Erin0716\My Documents\070531スイカ練習.zip
[2007/07/21 20:21:13 | 00,000,000 | ---D | C](C:\Documents and Settings\Erin0716\My Documents\?? muvees) -- C:\Documents and Settings\Erin0716\My Documents\マイ muvees
[2007/07/21 20:21:13 | 00,000,000 | ---D | M](C:\Documents and Settings\Erin0716\My Documents\?? muvees) -- C:\Documents and Settings\Erin0716\My Documents\マイ muvees
[2007/10/31 21:55:05 | 00,204,599 | ---- | C] ()(C:\Documents and Settings\Erin0716\My Documents\071031????.zip) -- C:\Documents and Settings\Erin0716\My Documents\071031カボチャ.zip
[2007/10/31 21:55:07 | 00,000,000 | ---D | C](C:\Documents and Settings\Erin0716\My Documents\071031????) -- C:\Documents and Settings\Erin0716\My Documents\071031カボチャ
[2007/10/31 21:55:07 | 00,204,599 | ---- | M] ()(C:\Documents and Settings\Erin0716\My Documents\071031????.zip) -- C:\Documents and Settings\Erin0716\My Documents\071031カボチャ.zip
[2008/09/20 12:00:58 | 00,000,000 | ---D | M](C:\Documents and Settings\Erin0716\My Documents\070531?????) -- C:\Documents and Settings\Erin0716\My Documents\070531スイカ練習
[2008/09/20 12:01:58 | 00,000,000 | ---D | M](C:\Documents and Settings\Erin0716\My Documents\071031????) -- C:\Documents and Settings\Erin0716\My Documents\071031カボチャ
< End of report >


OTL logfile created on: 7/12/2009 5:55:52 PM - Run 2
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\Erin0716\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.98% Memory free
3.84 Gb Paging File | 3.08 Gb Available in Paging File | 80.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.30 Gb Total Space | 7.81 Gb Free Space | 10.96% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 232.81 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERIN
Current User Name: Erin0716
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/10/23 05:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/11 22:11:04 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\McShield.exe
PRC - [2009/07/11 22:11:11 | 00,833,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2005/10/14 11:46:34 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/10/14 11:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2009/07/11 22:11:14 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2005/03/22 14:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/05 01:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2006/06/01 11:45:13 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\RealPlay.exe
PRC - [2009/07/11 22:11:14 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2007/11/01 19:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2005/01/28 11:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2005/09/08 03:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2003/08/27 08:29:46 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2003/06/25 11:24:48 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd.exe
PRC - [2004/05/12 16:18:56 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2009/07/11 22:11:16 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2006/11/07 15:11:50 | 02,500,096 | ---- | M] (AOL LLC) -- C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
PRC - [2006/10/03 08:15:35 | 03,723,264 | ---- | M] (FilmLoop Inc.) -- C:\Program Files\FilmLoop Player\FilmLoop.exe
PRC - [2008/06/24 11:34:50 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe
PRC - [2006/05/16 08:58:18 | 00,213,936 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
PRC - [2006/07/12 11:44:02 | 00,020,480 | ---- | M] (Fisher-Price, Inc.) -- C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
PRC - [2009/07/11 22:11:13 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2007/03/09 11:09:58 | 00,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/02/09 15:34:54 | 00,106,496 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
PRC - [2006/11/03 11:01:16 | 00,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe
PRC - [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2009/01/05 17:18:48 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/01/06 14:06:36 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/07/11 22:11:18 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2008/10/21 10:09:59 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/02/06 02:41:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2003/07/07 01:20:40 | 00,233,472 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2005/04/15 13:32:16 | 00,110,592 | ---- | M] (Arcsoft, Inc.) -- C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
PRC - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2003/08/11 01:07:38 | 00,065,795 | R--- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2008/11/06 10:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2009/07/11 22:42:45 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erin0716\Desktop\OTL.exe
PRC - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/04/17 23:49:07 | 00,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\waol.exe
PRC - [2007/04/17 23:49:05 | 00,054,832 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\shellmon.exe
PRC - [2006/10/13 16:18:24 | 00,063,120 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/10/23 05:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/14 23:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/07/11 22:11:16 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/07/11 22:11:04 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2007/01/26 11:39:43 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 03:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\McShield.exe -- (McShield [Unknown | Running])
SRV - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [On_Demand | Running])
SRV - [2004/11/19 09:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2003/08/11 01:07:38 | 00,065,795 | R--- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Running])
SRV - [2005/01/28 11:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - File not found -- -- (Viewpoint Manager Service [Auto | Stopped])
SRV - [2003/08/27 08:29:46 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/02/01 08:14:55 | 00,043,672 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
DRV - [2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004/08/03 21:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 11:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 11:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2006/06/01 11:45:16 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
DRV - [2009/07/11 22:12:37 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/07/11 22:12:35 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/07/11 22:12:44 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86 [Boot | Running])
DRV - [2009/07/11 22:12:43 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2001/08/17 11:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 11:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005/09/08 03:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 10:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/09/08 03:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/09/08 03:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/09/08 03:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/09/08 03:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 10:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/09/08 03:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/09/08 03:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 01:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 03:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2004/10/14 12:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2004/08/04 03:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fsvga.sys -- (FsVga [System | Running])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/08/12 15:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2003/08/11 01:07:38 | 00,051,056 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2003/08/11 01:07:38 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2003/08/11 01:07:38 | 00,021,488 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2005/10/14 12:15:18 | 01,302,812 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2007/10/12 03:00:44 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2001/08/17 11:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/08/03 20:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2007/04/12 16:50:16 | 00,507,264 | ---- | M] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\DRIVERS\PFC027.SYS -- (PAC207 [On_Demand | Stopped])
DRV - [2007/10/12 02:56:22 | 00,490,776 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\LV561AV.SYS -- (PID_0928 [On_Demand | Stopped])
DRV - [2004/08/04 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/20 12:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/04/04 21:53:41 | 00,015,172 | ---- | M] (Prassi Technology) -- C:\WINDOWS\System32\Drivers\PzWDM.sys -- (PzWDM [Boot | Running])
DRV - [2001/08/17 11:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 11:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 11:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/03 21:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2001/08/17 12:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2005/11/16 12:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 12:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 12:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 12:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 12:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 11:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/11/07 15:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2003/01/10 14:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - URLSearchHook: *{03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found
IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: *{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found
IE - URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-3831677407-969346918-836458217-1006\S-1-5-21-3831677407-969346918-836458217-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3831677407-969346918-836458217-1006\S-1-5-21-3831677407-969346918-836458217-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



Hosts file not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O3 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ASM] C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe (AOL LLC)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BuildBU] c:\dell\bldbubg.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DXDllRegExe] File not found
O4 - HKLM..\Run: [FilmLoop] C:\Program Files\FilmLoop Player\FilmLoop.exe (FilmLoop Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1161908616\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [MSKDetectorExe] \Program Files\McAfee\SpamKiller\MSKDetct.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe (Fisher-Price, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-3831677407-969346918-836458217-1006..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\S-1-5-21-3831677407-969346918-836458217-1006..\Run: [DellSupport] File not found
O4 - HKU\S-1-5-21-3831677407-969346918-836458217-1006..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe (Arcsoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\Erin0716\Start Menu\Programs\Startup\AOL Desktop.lnk = File not found
O4 - Startup: C:\Documents and Settings\Erin0716\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (Leader Technologies/Logitech)
F3 - HKU\.DEFAULT WinNT: Load - (C:\WINDOWS\system32\msalrsw.exe) - C:\WINDOWS\System32\msalrsw.exe File not found
F3 - HKU\.DEFAULT WinNT: Run - (C:\WINDOWS\system32\mseau.exe) - C:\WINDOWS\System32\mseau.exe File not found
F3 - HKU\S-1-5-18 WinNT: Load - (C:\WINDOWS\system32\msalrsw.exe) - C:\WINDOWS\System32\msalrsw.exe File not found
F3 - HKU\S-1-5-18 WinNT: Run - (C:\WINDOWS\system32\mseau.exe) - C:\WINDOWS\System32\mseau.exe File not found
F3 - HKU\S-1-5-21-3831677407-969346918-836458217-1006 WinNT: Run - (C:\WINDOWS\system32\mszzp.exe) - C:\WINDOWS\System32\mszzp.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-3831677407-969346918-836458217-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html File not found
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3831677407-969346918-836458217-1006\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} http://o.aolcdn.com/pictures/ap/Resources/...ns.10.6.0.6.cab (AOL Pictures Uploader Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3527C5BD-4A46-4362-94B6-12341D087A4B} http://echospin.com/wizard/files/esWizard.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related/st...geUploader5.cab (Image Uploader Control)
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab (PlayerOCX Control)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cid-469942a7d30abf3e.spaces.live.co...ad/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} http://erinkoiso.myphotoalbum.com/ImageUploader4.cab (MyPhotoAlbum Easy Upload Tool Combo Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} http://download-games.pogo.com/online2/pog...ameLauncher.cab (Playtime Games Launcher)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {38101905-D80F-4788-96F6-986A8186178A} - C:\WINDOWS\System32\flashd32.dll ()
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\xxywtQJY) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/21 20:18:04 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e8a445c1-9332-11dc-87b0-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{e8a445c1-9332-11dc-87b0-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e8a445c1-9332-11dc-87b0-00038a000015}\Shell\AutoRun\command - "" = G:\Imageviewer.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/11 22:42:35 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Erin0716\Desktop\OTL.exe
[2009/07/11 22:39:03 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Erin0716\Desktop\jgh904gd.exe
[2009/07/11 22:36:40 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Erin0716\My Documents\jtqxympm.exe
[2009/07/11 22:12:46 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.5.lnk
[2009/07/11 22:12:45 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/07/11 22:12:44 | 00,012,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/07/11 22:12:43 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/07/11 22:12:37 | 00,335,752 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/07/11 22:12:35 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/07/11 22:12:10 | 38,089,105 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/07/11 22:12:08 | 00,025,283 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/07/11 22:12:06 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/07/11 22:12:04 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/07/11 22:12:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/07/11 22:11:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/07/11 22:10:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/07/11 21:25:30 | 00,000,745 | ---- | C] () -- C:\xp_exe_fix.zip
[2009/07/11 21:24:39 | 00,849,800 | ---- | C] (AVG Technologies) -- C:\avg_avwt_stb_all_8_26.exe
[2009/07/11 20:46:06 | 00,234,966 | ---- | C] () -- C:\Restoration.EXE
[2009/07/11 20:44:59 | 00,234,966 | ---- | C] () -- C:\Documents and Settings\Erin0716\My Documents\REST2514.EXE
[2009/07/11 19:18:49 | 21,371,49440 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/11 15:34:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Erin0716\Application Data\AVG8
[2009/07/11 15:12:30 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/07/11 13:40:29 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/07/11 13:40:29 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/07/11 13:40:29 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/07/11 13:40:29 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/07/11 13:40:29 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/07/11 13:40:29 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/07/11 13:40:29 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/07/11 13:40:29 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/07/11 13:40:29 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/07/11 13:40:29 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/07/11 13:40:29 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/07/11 13:40:29 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\Process.exe
[2009/07/11 13:40:29 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/07/11 13:40:29 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/07/11 13:38:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Erin0716\My Documents\SmitfraudFix
[2009/07/11 13:36:03 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/11 13:31:36 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Erin0716\Desktop\HijackThis.lnk
[2009/07/11 11:52:50 | 03,976,714 | ---- | C] () -- C:\WINDOWS\System32\uactmp.db
[2009/07/11 10:25:00 | 00,040,960 | RHS- | C] () -- C:\WINDOWS\System32\flashd32.dll
[2009/07/11 10:24:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\18839684
[2009/07/11 10:24:26 | 01,110,399 | ---- | C] () -- C:\WINDOWS\System32\UACrltejaddqbhdjqahe.db
[2009/07/11 10:24:20 | 00,000,310 | ---- | C] () -- C:\WINDOWS\System32\UACweuumhcrikvvmrgof.dat
[2009/07/01 23:27:46 | 00,414,361 | ---- | C] () -- C:\Documents and Settings\Erin0716\My Documents\You_Cant_Fix_Stupid.wmv
[2009/07/01 23:26:20 | 00,085,149 | ---- | C] () -- C:\Documents and Settings\Erin0716\My Documents\Image.jpg
[2009/07/01 20:45:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Erin0716\My Documents\book
[2009/06/30 23:48:00 | 00,000,907 | ---- | C] () -- C:\Documents and Settings\Erin0716\Desktop\Shortcut to DSC04273.lnk
[2009/06/30 23:46:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Erin0716\Desktop\reunion
[2009/06/30 23:41:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Erin0716\My Documents\Reunion book
[2009/06/30 23:11:57 | 00,000,548 | ---- | C] () -- C:\Documents and Settings\Erin0716\Desktop\Shortcut to Wike Family.lnk
[2009/06/29 20:32:02 | 01,901,272 | ---- | C] () -- C:\Documents and Settings\Erin0716\My Documents\interview.wmv
[2009/06/23 06:56:50 | 00,411,645 | ---- | C] () -- C:\Documents and Settings\Erin0716\My Documents\Cassie's cake.jpg
[2009/06/13 09:08:13 | 00,000,316 | ---- | C] () -- C:\Documents and Settings\Erin0716\My Documents\Eri double dutch.SONIC
[2008/11/06 09:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 09:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 09:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 09:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/09/18 20:53:48 | 00,990,384 | -HS- | C] () -- C:\WINDOWS\System32\ewfjyfyp.ini
[2008/09/17 15:01:36 | 00,990,324 | -HS- | C] () -- C:\WINDOWS\System32\vymlucdi.ini
[2008/09/17 14:56:52 | 00,963,482 | -HS- | C] () -- C:\WINDOWS\System32\YJQtwyxx.ini2
[2008/09/17 14:56:52 | 00,963,482 | -HS- | C] () -- C:\WINDOWS\System32\YJQtwyxx.ini
[2008/08/31 15:27:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2008/08/31 15:25:15 | 00,000,408 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2008/07/26 09:25:02 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/06/14 21:14:48 | 00,000,248 | ---- | C] () -- C:\WINDOWS\NED.INI
[2008/06/14 21:14:48 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\NED.INI
[2008/06/14 20:49:06 | 00,001,895 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/03/12 03:02:17 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/03/09 00:20:40 | 00,929,183 | -HS- | C] () -- C:\WINDOWS\System32\becufrbu.ini
[2008/03/08 00:21:41 | 00,917,984 | -HS- | C] () -- C:\WINDOWS\System32\yosfpjva.ini
[2008/03/07 00:21:41 | 00,917,644 | -HS- | C] () -- C:\WINDOWS\System32\swmjdgiw.ini
[2008/03/06 00:20:45 | 00,986,804 | -HS- | C] () -- C:\WINDOWS\System32\xbbwhpnc.ini
[2008/03/05 00:20:43 | 01,013,695 | -HS- | C] () -- C:\WINDOWS\System32\gttbclsv.ini
[2008/03/04 00:23:44 | 01,008,084 | -HS- | C] () -- C:\WINDOWS\System32\gidegvjo.ini
[2008/03/03 00:19:45 | 01,122,858 | -HS- | C] () -- C:\WINDOWS\System32\hvuvmenq.ini
[2008/03/02 00:19:45 | 01,040,542 | -HS- | C] () -- C:\WINDOWS\System32\fdwjpjny.ini
[2008/03/01 00:18:28 | 01,040,446 | -HS- | C] () -- C:\WINDOWS\System32\tlhcexgu.ini
[2008/02/29 00:18:26 | 01,069,309 | -HS- | C] () -- C:\WINDOWS\System32\lpovaajc.ini
[2008/02/28 00:03:46 | 01,096,710 | -HS- | C] () -- C:\WINDOWS\System32\upfmwbof.ini
[2008/02/27 08:18:46 | 01,036,653 | -HS- | C] () -- C:\WINDOWS\System32\egdnbhij.ini
[2008/02/26 00:05:55 | 01,042,440 | -HS- | C] () -- C:\WINDOWS\System32\ftdecvux.ini
[2008/02/25 00:03:43 | 01,096,711 | -HS- | C] () -- C:\WINDOWS\System32\ovrbtlds.ini
[2008/02/24 00:01:27 | 01,060,413 | -HS- | C] () -- C:\WINDOWS\System32\oengorqr.ini
[2008/02/23 00:04:16 | 01,062,039 | -HS- | C] () -- C:\WINDOWS\System32\tmrmxccb.ini
[2008/02/22 00:04:15 | 01,061,803 | -HS- | C] () -- C:\WINDOWS\System32\ggltmkfv.ini
[2008/02/21 20:13:14 | 01,178,452 | -HS- | C] () -- C:\WINDOWS\System32\dkyyqjxr.ini
[2008/02/20 00:01:47 | 01,203,656 | -HS- | C] () -- C:\WINDOWS\System32\nirnxbov.ini
[2008/02/18 23:58:12 | 01,216,341 | -HS- | C] () -- C:\WINDOWS\System32\rgwrukpb.ini
[2008/02/17 23:55:36 | 01,210,739 | -HS- | C] () -- C:\WINDOWS\System32\toovmsxj.ini
[2008/02/16 23:55:29 | 01,216,971 | -HS- | C] () -- C:\WINDOWS\System32\yeyxamgb.ini
[2008/02/15 23:58:29 | 01,216,911 | -HS- | C] () -- C:\WINDOWS\System32\dfksyvtb.ini
[2008/02/14 23:55:29 | 01,248,339 | -HS- | C] () -- C:\WINDOWS\System32\oycultnn.ini
[2008/02/14 00:00:33 | 01,241,028 | -HS- | C] () -- C:\WINDOWS\System32\njggpwbi.ini
[2008/02/12 23:57:47 | 01,207,240 | -HS- | C] () -- C:\WINDOWS\System32\iqdosivi.ini
[2008/02/12 00:00:47 | 01,191,389 | -HS- | C] () -- C:\WINDOWS\System32\tfbxuqyj.ini
[2008/02/10 23:51:54 | 01,209,962 | -HS- | C] () -- C:\WINDOWS\System32\nrjyxqpu.ini
[2008/02/10 00:01:41 | 01,202,538 | -HS- | C] () -- C:\WINDOWS\System32\ofbmahko.ini
[2008/02/08 23:58:42 | 01,202,340 | -HS- | C] () -- C:\WINDOWS\System32\lfcwdbct.ini
[2008/02/08 00:01:41 | 01,204,091 | -HS- | C] () -- C:\WINDOWS\System32\tmqtloxl.ini
[2008/02/06 23:58:29 | 01,207,467 | -HS- | C] () -- C:\WINDOWS\System32\tdcebgjj.ini
[2008/02/06 00:01:18 | 01,194,522 | -HS- | C] () -- C:\WINDOWS\System32\jtlietwl.ini
[2008/02/04 23:58:50 | 01,194,435 | -HS- | C] () -- C:\WINDOWS\System32\nuaaedsl.ini
[2008/02/03 19:19:24 | 01,192,298 | -HS- | C] () -- C:\WINDOWS\System32\jxtkhsnr.ini
[2008/01/31 07:18:00 | 01,182,637 | -HS- | C] () -- C:\WINDOWS\System32\vmpaowlk.ini
[2008/01/30 07:16:11 | 01,166,823 | -HS- | C] () -- C:\WINDOWS\System32\bfjctpgf.ini
[2008/01/29 07:22:34 | 01,164,209 | -HS- | C] () -- C:\WINDOWS\System32\ofdyksqb.ini
[2008/01/28 07:22:48 | 01,151,686 | -HS- | C] () -- C:\WINDOWS\System32\ggjwklqf.ini
[2008/01/26 19:24:30 | 01,143,235 | -HS- | C] () -- C:\WINDOWS\System32\trhskxgt.ini
[2008/01/25 19:21:39 | 01,142,764 | -HS- | C] () -- C:\WINDOWS\System32\ybdacbya.ini
[2008/01/24 19:21:24 | 01,130,210 | -HS- | C] () -- C:\WINDOWS\System32\ihderceh.ini
[2008/01/23 19:20:36 | 01,117,554 | -HS- | C] () -- C:\WINDOWS\System32\odpenshk.ini
[2008/01/22 19:19:48 | 01,109,289 | -HS- | C] () -- C:\WINDOWS\System32\vpgygwjq.ini
[2008/01/21 19:20:14 | 01,089,316 | -HS- | C] () -- C:\WINDOWS\System32\jqbfoyut.ini
[2008/01/20 19:19:54 | 01,073,352 | -HS- | C] () -- C:\WINDOWS\System32\ckqhnrvg.ini
[2008/01/19 19:20:05 | 01,073,292 | -HS- | C] () -- C:\WINDOWS\System32\fcjgcqxy.ini
[2008/01/18 19:22:03 | 01,073,352 | -HS- | C] () -- C:\WINDOWS\System32\gifjtyrp.ini
[2008/01/17 19:21:15 | 01,076,132 | -HS- | C] () -- C:\WINDOWS\System32\oumhjruf.ini
[2008/01/16 19:39:23 | 01,066,238 | -HS- | C] () -- C:\WINDOWS\System32\fmuddauf.ini
[2008/01/15 19:20:13 | 01,066,006 | -HS- | C] () -- C:\WINDOWS\System32\lagdxbln.ini
[2008/01/14 19:18:58 | 01,057,216 | -HS- | C] () -- C:\WINDOWS\System32\vxbglyab.ini
[2008/01/13 19:19:06 | 01,060,622 | -HS- | C] () -- C:\WINDOWS\System32\anyqagcf.ini
[2008/01/12 19:19:06 | 01,060,502 | -HS- | C] () -- C:\WINDOWS\System32\imlkodul.ini
[2008/01/11 19:19:06 | 01,060,451 | -HS- | C] () -- C:\WINDOWS\System32\fncipiwg.ini
[2008/01/10 19:19:16 | 01,057,904 | -HS- | C] () -- C:\WINDOWS\System32\jpeccspc.ini
[2008/01/09 19:14:30 | 01,049,494 | -HS- | C] () -- C:\WINDOWS\System32\afrrwgya.ini
[2008/01/08 19:13:23 | 01,054,902 | -HS- | C] () -- C:\WINDOWS\System32\ncjmaryk.ini
[2008/01/07 19:16:41 | 01,044,275 | -HS- | C] () -- C:\WINDOWS\System32\jhvnubpv.ini
[2008/01/06 19:16:41 | 01,044,220 | -HS- | C] () -- C:\WINDOWS\System32\opjkjyib.ini
[2008/01/05 19:16:41 | 01,044,160 | -HS- | C] () -- C:\WINDOWS\System32\gddpwobf.ini
[2008/01/04 19:13:41 | 01,044,100 | -HS- | C] () -- C:\WINDOWS\System32\xkhvvchb.ini
[2008/01/03 19:13:42 | 01,038,604 | -HS- | C] () -- C:\WINDOWS\System32\golugjkl.ini
[2008/01/02 19:13:41 | 01,031,578 | -HS- | C] () -- C:\WINDOWS\System32\huetjwia.ini
[2008/01/01 19:10:17 | 01,031,518 | -HS- | C] () -- C:\WINDOWS\System32\vwjeocve.ini
[2007/12/31 19:10:30 | 01,031,139 | -HS- | C] () -- C:\WINDOWS\System32\gtkabxpu.ini
[2007/12/30 19:10:00 | 01,031,379 | -HS- | C] () -- C:\WINDOWS\System32\qaevpfem.ini
[2007/12/30 19:09:01 | 01,611,045 | -HS- | C] () -- C:\WINDOWS\System32\upmjumtr.ini
[2007/12/29 19:13:02 | 01,031,319 | -HS- | C] () -- C:\WINDOWS\System32\ocdpymra.ini
[2007/12/29 19:09:01 | 01,610,985 | -HS- | C] () -- C:\WINDOWS\System32\hcqctwkm.ini
[2007/12/28 19:10:02 | 01,031,259 | -HS- | C] () -- C:\WINDOWS\System32\ikaxgncl.ini
[2007/12/28 19:09:00 | 01,610,925 | -HS- | C] () -- C:\WINDOWS\System32\parvwfid.ini
[2007/12/27 19:12:02 | 01,610,865 | -HS- | C] () -- C:\WINDOWS\System32\xmujjyrd.ini
[2007/12/27 19:09:59 | 01,031,199 | -HS- | C] () -- C:\WINDOWS\System32\ywnghnon.ini
[2007/12/26 19:12:00 | 01,610,805 | -HS- | C] () -- C:\WINDOWS\System32\djcpiosd.ini
[2007/12/26 19:10:09 | 01,027,522 | -HS- | C] () -- C:\WINDOWS\System32\lywhljes.ini
[2007/12/25 07:08:41 | 01,792,555 | -HS- | C] () -- C:\WINDOWS\System32\bkewcwmx.ini
[2007/12/24 07:09:05 | 00,992,734 | -HS- | C] () -- C:\WINDOWS\System32\fhqltdmf.ini
[2007/12/23 07:10:59 | 00,990,819 | -HS- | C] () -- C:\WINDOWS\System32\abofhkor.ini
[2007/12/22 07:08:00 | 00,990,750 | -HS- | C] () -- C:\WINDOWS\System32\otfcnwxh.ini
[2007/12/21 07:07:58 | 00,987,523 | -HS- | C] () -- C:\WINDOWS\System32\rjwncvqh.ini
[2007/12/20 07:11:08 | 00,987,463 | -HS- | C] () -- C:\WINDOWS\System32\flstkidj.ini
[2007/12/19 07:05:03 | 00,983,208 | -HS- | C] () -- C:\WINDOWS\System32\yqsdcieb.ini
[2007/12/18 00:40:18 | 00,986,030 | -HS- | C] () -- C:\WINDOWS\System32\lsajdxve.ini
[2007/12/17 00:41:45 | 00,968,638 | -HS- | C] () -- C:\WINDOWS\System32\xekcstaf.ini
[2007/12/16 00:41:51 | 00,971,106 | -HS- | C] () -- C:\WINDOWS\System32\frvelatr.ini
[2007/12/15 00:44:45 | 00,952,272 | -HS- | C] () -- C:\WINDOWS\System32\opvtiodm.ini
[2007/12/14 00:41:54 | 00,952,203 | -HS- | C] () -- C:\WINDOWS\System32\kjhifiti.ini
[2007/12/13 00:43:49 | 00,896,927 | -HS- | C] () -- C:\WINDOWS\System32\gvjwacbq.ini
[2007/12/12 00:40:52 | 01,050,130 | -HS- | C] () -- C:\WINDOWS\System32\infyjotn.ini
[2007/12/10 12:43:22 | 00,913,082 | -HS- | C] () -- C:\WINDOWS\System32\aqtkdgfg.ini
[2007/12/10 09:43:11 | 00,859,165 | -HS- | C] () -- C:\WINDOWS\System32\eyavpkld.ini
[2007/12/09 09:33:58 | 00,237,671 | -HS- | C] () -- C:\WINDOWS\System32\xbeeg.ini2
[2007/12/09 09:33:58 | 00,237,671 | -HS- | C] () -- C:\WINDOWS\System32\xbeeg.ini
[2007/10/12 02:11:58 | 00,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/09/02 11:17:13 | 00,000,130 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2007/09/02 11:17:13 | 00,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2007/09/02 11:17:13 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2007/05/21 08:48:34 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/05/21 08:48:34 | 00,000,154 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2007/05/13 21:35:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/04/18 17:32:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/12/01 00:22:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2006/11/13 20:02:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/11/02 09:27:46 | 00,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2006/10/14 22:33:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\slingo5c.INI
[2006/10/14 22:21:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\slingox.INI
[2006/10/14 22:16:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\slingo.INI
[2006/09/18 22:27:46 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\imgpick.dll
[2006/09/18 22:26:35 | 00,000,028 | ---- | C] () -- C:\WINDOWS\winreg.ini
[2006/07/10 22:53:53 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/07/09 06:49:09 | 00,000,152 | RHS- | C] () -- C:\WINDOWS\System32\3A154914B1.sys
[2006/07/09 00:03:20 | 00,012,208 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/09 00:03:20 | 00,000,168 | RHS- | C] () -- C:\WINDOWS\System32\B11449153A.sys
[2006/07/05 21:56:08 | 00,565,248 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2006/06/01 11:58:29 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/01 11:53:24 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/01 11:22:15 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/09 23:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 11:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 11:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 10:51:28 | 00,001,007 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 10:51:26 | 00,000,288 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[16 C:\Documents and Settings\Erin0716\Local Settings\Application Data\*.tmp files]
[2009/07/12 17:50:45 | 00,001,007 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/12 17:06:08 | 00,017,243 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/07/12 13:00:20 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/12 12:57:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/12 12:57:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/12 12:57:45 | 21,371,49440 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/12 08:13:30 | 38,089,105 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/07/12 08:13:12 | 00,025,283 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/07/11 22:42:45 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erin0716\Desktop\OTL.exe
[2009/07/11 22:39:10 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Erin0716\Desktop\jgh904gd.exe
[2009/07/11 22:36:45 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Erin0716\My Documents\jtqxympm.exe
[2009/07/11 22:12:46 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.5.lnk
[2009/07/11 22:12:45 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/07/11 22:12:44 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/07/11 22:12:43 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/07/11 22:12:37 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/07/11 22:12:35 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/07/11 22:12:08 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/07/11 22:12:06 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/07/11 21:25:30 | 00,000,745 | ---- | M] () -- C:\xp_exe_fix.zip
[2009/07/11 21:24:43 | 00,849,800 | ---- | M] (AVG Technologies) -- C:\avg_avwt_stb_all_8_26.exe
[2009/07/11 20:46:06 | 00,234,966 | ---- | M] () -- C:\Restoration.EXE
[2009/07/11 20:45:00 | 00,234,966 | ---- | M] () -- C:\Documents and Settings\Erin0716\My Documents\REST2514.EXE
[2009/07/11 14:40:00 | 03,976,714 | ---- | M] () -- C:\WINDOWS\System32\uactmp.db
[2009/07/11 14:09:10 | 00,005,348 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/07/11 13:36:03 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/11 13:31:37 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Erin0716\Desktop\HijackThis.lnk
[2009/07/11 12:41:12 | 00,012,138 | ---- | M] () -- C:\SystemInfo.ini
[2009/07/11 10:25:00 | 00,040,960 | RHS- | M] () -- C:\WINDOWS\System32\flashd32.dll
[2009/07/11 10:24:32 | 01,110,399 | ---- | M] () -- C:\WINDOWS\System32\UACrltejaddqbhdjqahe.db
[2009/07/11 10:24:20 | 00,000,310 | ---- | M] () -- C:\WINDOWS\System32\UACweuumhcrikvvmrgof.dat
[2009/07/11 08:33:50 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/07/07 20:34:29 | 00,187,392 | ---- | M] () -- C:\Documents and Settings\Erin0716\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/07 20:07:23 | 00,012,208 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/07/07 20:07:23 | 00,000,152 | RHS- | M] () -- C:\WINDOWS\System32\3A154914B1.sys
[2009/07/06 18:36:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/05 22:13:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 2400 series#1152162304.job
[2009/07/01 23:28:23 | 00,414,361 | ---- | M] () -- C:\Documents and Settings\Erin0716\My Documents\You_Cant_Fix_Stupid.wmv
[2009/07/01 23:26:21 | 00,085,149 | ---- | M] () -- C:\Documents and Settings\Erin0716\My Documents\Image.jpg
[2009/07/01 01:00:11 | 00,000,338 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/06/30 23:48:00 | 00,000,907 | ---- | M] () -- C:\Documents and Settings\Erin0716\Desktop\Shortcut to DSC04273.lnk
[2009/06/30 23:11:57 | 00,000,548 | ---- | M] () -- C:\Documents and Settings\Erin0716\Desktop\Shortcut to Wike Family.lnk
[2009/06/29 20:32:16 | 01,901,272 | ---- | M] () -- C:\Documents and Settings\Erin0716\My Documents\interview.wmv
[2009/06/23 06:56:50 | 00,411,645 | ---- | M] () -- C:\Documents and Settings\Erin0716\My Documents\Cassie's cake.jpg
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/15 01:22:47 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/06/14 20:22:15 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/13 09:36:35 | 02,256,018 | ---- | M] () -- C:\Documents and Settings\Erin0716\My Documents\000_0023.zip
[2009/06/13 09:08:13 | 00,000,316 | ---- | M] () -- C:\Documents and Settings\Erin0716\My Documents\Eri double dutch.SONIC

========== Files - Unicode (All) ==========
[2007/06/12 07:49:26 | 00,110,927 | ---- | C] ()(C:\Documents and Settings\Erin0716\My Documents\070531?????.zip) -- C:\Documents and Settings\Erin0716\My Documents\070531スイカ練習.zip
[2007/06/12 07:49:28 | 00,000,000 | ---D | C](C:\Documents and Settings\Erin0716\My Documents\070531?????) -- C:\Documents and Settings\Erin0716\My Documents\070531スイカ練習
[2007/06/12 07:49:28 | 00,110,927 | ---- | M] ()(C:\Documents and Settings\Erin0716\My Documents\070531?????.zip) -- C:\Documents and Settings\Erin0716\My Documents\070531スイカ練習.zip
[2007/07/21 20:21:13 | 00,000,000 | ---D | C](C:\Documents and Settings\Erin0716\My Documents\?? muvees) -- C:\Documents and Settings\Erin0716\My Documents\マイ muvees
[2007/07/21 20:21:13 | 00,000,000 | ---D | M](C:\Documents and Settings\Erin0716\My Documents\?? muvees) -- C:\Documents and Settings\Erin0716\My Documents\マイ muvees
[2007/10/31 21:55:05 | 00,204,599 | ---- | C] ()(C:\Documents and Settings\Erin0716\My Documents\071031????.zip) -- C:\Documents and Settings\Erin0716\My Documents\071031カボチャ.zip
[2007/10/31 21:55:07 | 00,000,000 | ---D | C](C:\Documents and Settings\Erin0716\My Documents\071031????) -- C:\Documents and Settings\Erin0716\My Documents\071031カボチャ
[2007/10/31 21:55:07 | 00,204,599 | ---- | M] ()(C:\Documents and Settings\Erin0716\My Documents\071031????.zip) -- C:\Documents and Settings\Erin0716\My Documents\071031カボチャ.zip
[2008/09/20 12:00:58 | 00,000,000 | ---D | M](C:\Documents and Settings\Erin0716\My Documents\070531?????) -- C:\Documents and Settings\Erin0716\My Documents\070531スイカ練習
[2008/09/20 12:01:58 | 00,000,000 | ---D | M](C:\Documents and Settings\Erin0716\My Documents\071031????) -- C:\Documents and Settings\Erin0716\My Documents\071031カボチャ
< End of report >

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:47 PM

Posted 12 July 2009 - 08:25 PM

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


We will begin with ComboFix.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#9 Erinkoiso

Erinkoiso
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 12 July 2009 - 09:12 PM

If I proceed with this will I lose my pictures and such? I am not sure which way to proceed? Also is my iPod touch compromised also? Is there a way to get my pictures off without taking any virus with them?
Thank you
Erin

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:47 PM

Posted 12 July 2009 - 09:25 PM

Proceed with what cleaning or formatting? You should be able to saftely backup your pictures, if you are going to format.
Let me no what you want to do.

Syler

unite.jpg


#11 Erinkoiso

Erinkoiso
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 12 July 2009 - 09:31 PM

Couple more questions..
1. If I don't store my passwords on the computer can my stuff still be hacked.. Also to do a system restore do I need my recovery disk because my computer did not come with one...
2. My husband had his computer hooked to mine thru wireless Internet router is his compromised?
3. This all scares the crap out of me.... Sorry

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:47 PM

Posted 12 July 2009 - 09:50 PM

1. If I don't store my passwords on the computer can my stuff still be hacked.. Also to do a system restore do I need my recovery disk because my computer did not come with one...


Your passwords can be stolen even if not stored on the machine. If you are going to reformat and reinstall you need a copy of your OS disk,
this is not the same as a system restore.

2. My husband had his computer hooked to mine thru wireless Internet router is his compromised?


It is possible that it could have been compramised too. you could start a new topic and post the logs for his machine.

3. This all scares the crap out of me.... Sorry


Don't worry, do you have any more questions?

unite.jpg


#13 Erinkoiso

Erinkoiso
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 12 July 2009 - 10:06 PM

I am going to go look for the is disk....
I have no options if I don't have it huh?

With my computer down and possibly my husbands am I secure to use my iPod touch to change passwords via my wifi or no?

I will let you know if I find the is disk... Thank you and sorry for being pain in the backside....

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:47 PM

Posted 12 July 2009 - 10:11 PM

You should be ok to use your ipod, your not being a pain that is why we are here to help :thumbup2:
let me no how the search goes.

unite.jpg


#15 Erinkoiso

Erinkoiso
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 12 July 2009 - 10:22 PM

I found a driver and user disk? Is that it?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users