Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Logs and Virus/Trojan/Spyware/Malware Removal


  • Please log in to reply
17 replies to this topic

#1 yolas

yolas

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 25 November 2009 - 07:58 AM

when using my computer I hear a commercial in the background and no windows are open. I really need help to see what the problem is with my computer.

Thank you in advance

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:02 PM

Posted 25 November 2009 - 09:17 AM

Hello yolas

Welcome to BleepingComputer :(
==========================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 yolas

yolas
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 25 November 2009 - 02:20 PM

OTL logfile created on: 11/25/2009 12:27:30 PM - Run 1
OTL by OldTimer - Version 3.1.10.1 Folder = C:\Documents and Settings\yolanda\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.23 Mb Total Physical Memory | 259.68 Mb Available Physical Memory | 29.01% Memory free
2.12 Gb Paging File | 1.45 Gb Available in Paging File | 68.67% Paging File free
Paging file location(s): c:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.29 Gb Total Space | 115.22 Gb Free Space | 80.41% Space Free | Partition Type: NTFS
Drive D: | 5.76 Gb Total Space | 0.99 Gb Free Space | 17.17% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOLANDA-4A4E18F
Current User Name: yolanda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\yolanda\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Common Files\AOL\1192500886\EE\aolsoftware.exe (America Online, Inc.)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\America Online 9.0a\shellmon.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online)
PRC - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
PRC - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe (America Online Inc)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\yolanda\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - C:\Program Files\Norton 360\Engine\3.5.2.11\asOEHook.dll (Symantec Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\exibesidaci.dll ()
MOD - C:\WINDOWS\system32\mslbui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (RoxLiveShare9) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe (Symantec Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
SRV - (FontCache3.0.0.0) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (McciCMService) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (nmraapache) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (America Online)
SRV - (AOL TopSpeedMonitor) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (ATWPKT2) -- File not found
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys (Symantec Corporation)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.004\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.004\NAVENG.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\System32\Drivers\N360\0305020.00B\ccHPx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\N360\0305020.00B\SRTSP.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\WINDOWS\System32\Drivers\N360\0305020.00B\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\N360\0305020.00B\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\N360\0305020.00B\SYMFW.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\N360\0305020.00B\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\N360\0305020.00B\SYMIDS.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola)
DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola)
DRV - (RimUsb) -- C:\WINDOWS\system32\drivers\RimUsb.sys (Research In Motion Limited)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) -- C:\WINDOWS\system32\drivers\sscdserd.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Pure Networks, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Pure Networks, Inc.)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (motport) -- C:\WINDOWS\system32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (RT2500USB) -- C:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (RimVSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd)
DRV - (StarOpen) -- C:\WINDOWS\system32\drivers\StarOpen.sys ()
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/?AcquisitionID=a4a82f...amp;s=&ipc=
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\FireFox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/22 18:24:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\FireFox\Extensions\\{C6BCBEC4-440C-4D9A-9EAC-55A2B4235E99}: C:\Documents and Settings\yolanda\Local Settings\Application Data\{C6BCBEC4-440C-4D9A-9EAC-55A2B4235E99} [2009/11/13 16:03:40 | 00,000,000 | ---D | M]

[2008/11/20 22:21:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\Mozilla\Firefox\Profiles\hk7mo35d.default\extensions
[2008/11/20 22:21:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\Mozilla\Firefox\Profiles\hk7mo35d.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008/04/11 16:32:22 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/03/16 19:02:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (moneycharger browser enhancer) - {9CD2C770-A60B-0F1A-6780-C6BE6C1B321A} - C:\WINDOWS\system32\gzpkhesypudau.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {F45F4E88-288F-4AC4-8C95-9659403A05CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Cdejunaviqe] C:\WINDOWS\exibesidaci.DLL ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\America Online 9.0a\AOL.EXE (America Online, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMFUprogramsList = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} http://www.newhomebasedccr.com/test/PlaNetSysInfo.cab (PlaNet SysInfo Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1193450508046 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www.gotomeeting.com/default/applets/g2mdlax.cab (GoToMeeting/GoToWebinar Web Starter)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} https://mycampus.phoenix.edu/secure/PhxStudent15.CAB (PhxStudent.OeSetup15)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://aimprods01.webex.com/client/v_myweb...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/15 19:04:36 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ed06769e-b057-11dd-a4c7-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{ed06769e-b057-11dd-a4c7-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ed06769e-b057-11dd-a4c7-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/25 12:26:11 | 00,531,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\yolanda\Desktop\OTL.exe
[2009/11/25 09:12:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\yolanda\Application Data\Malwarebytes
[2009/11/25 09:12:46 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/25 09:12:44 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/25 09:12:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/25 09:12:43 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/25 09:11:20 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\yolanda\Desktop\mbam-setup.exe
[2009/11/25 07:41:53 | 00,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2009/11/24 23:02:50 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/11/24 18:21:15 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/15 17:15:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\yolanda\Local Settings\Application Data\Temp
[2009/11/13 16:03:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\yolanda\Local Settings\Application Data\{C6BCBEC4-440C-4D9A-9EAC-55A2B4235E99}
[2009/11/10 22:54:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\yolanda\My Documents\dump04
[2009/11/10 19:21:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\yolanda\My Documents\Downloads
[2009/11/10 19:07:41 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/11/10 19:07:10 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/11/10 19:00:27 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/11/10 18:59:39 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/11/10 18:59:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/11/06 16:53:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\yolanda\Local Settings\Application Data\ICS
[2009/11/06 13:18:53 | 00,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2009/11/06 08:02:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/11/06 08:02:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/11/05 21:33:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\yolanda\Local Settings\Application Data\Threat Expert
[2009/11/05 21:22:31 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2009/11/05 21:22:30 | 01,636,304 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2009/11/05 21:22:30 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2009/11/05 21:19:51 | 00,229,304 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/11/05 21:19:45 | 00,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/11/05 21:19:44 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/11/05 21:18:34 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/11/05 21:18:00 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/11/05 21:18:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/11/05 21:18:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\yolanda\Application Data\PC Tools
[2009/11/05 21:18:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/11/05 21:17:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/02 17:49:43 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009/11/02 17:35:50 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/11/02 17:35:26 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/11/01 18:20:22 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[7 C:\Documents and Settings\yolanda\My Documents\*.tmp files -> C:\Documents and Settings\yolanda\My Documents\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/25 12:27:48 | 00,000,776 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/25 12:26:14 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\yolanda\Desktop\OTL.exe
[2009/11/25 09:35:03 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/25 09:33:15 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Mjayuwibiqo.dat
[2009/11/25 09:32:38 | 00,002,644 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/25 09:29:47 | 00,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2009/11/25 09:29:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/25 09:29:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/25 09:27:27 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\yolanda\ntuser.ini
[2009/11/25 09:27:26 | 05,242,880 | -H-- | M] () -- C:\Documents and Settings\yolanda\NTUSER.DAT
[2009/11/25 09:12:50 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/25 09:11:24 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\yolanda\Desktop\mbam-setup.exe
[2009/11/25 09:03:32 | 00,002,841 | ---- | M] () -- C:\Documents and Settings\yolanda\My Documents\EVALUATIONJOB.htm
[2009/11/25 07:51:40 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\yolanda\Desktop\settings.dat
[2009/11/25 07:41:57 | 00,000,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2009/11/25 07:18:00 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Xxiqu.bin
[2009/11/24 23:00:00 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2009/11/23 21:05:54 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/23 21:05:54 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/11/23 17:24:27 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/23 05:44:32 | 00,393,728 | ---- | M] () -- C:\WINDOWS\System32\gzpkhesypudau.dll
[2009/11/17 18:57:42 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\fahebada
[2009/11/15 16:36:17 | 00,000,003 | ---- | M] () -- C:\WINDOWS\System32\zesigema.dll
[2009/11/10 22:57:13 | 00,054,166 | ---- | M] () -- C:\Documents and Settings\yolanda\My Documents\11100133.jpeg
[2009/11/10 22:54:32 | 02,802,701 | ---- | M] () -- C:\Documents and Settings\yolanda\My Documents\dump04.zip
[2009/11/10 19:06:58 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/11/10 19:00:23 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/11/10 15:15:15 | 00,000,000 | -HS- | M] () -- C:\1351469820
[2009/11/05 21:18:55 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/11/02 17:50:04 | 00,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/11/02 17:37:27 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/01 18:21:05 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2009/11/01 16:05:17 | 00,456,634 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 16:05:17 | 00,075,414 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 16:05:16 | 00,542,182 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/30 15:20:43 | 00,302,508 | ---- | M] () -- C:\Documents and Settings\yolanda\My Documents\10300140.jpeg
[2009/10/26 18:09:37 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\yolanda\My Documents\cover letter.doc
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[7 C:\Documents and Settings\yolanda\My Documents\*.tmp files -> C:\Documents and Settings\yolanda\My Documents\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/25 09:12:49 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/25 09:03:32 | 00,002,841 | ---- | C] () -- C:\Documents and Settings\yolanda\My Documents\EVALUATIONJOB.htm
[2009/11/25 07:51:40 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\yolanda\Desktop\settings.dat
[2009/11/25 07:41:57 | 00,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2009/11/15 16:36:17 | 00,000,003 | ---- | C] () -- C:\WINDOWS\System32\zesigema.dll
[2009/11/13 16:03:42 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Mjayuwibiqo.dat
[2009/11/13 16:03:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Xxiqu.bin
[2009/11/10 22:57:12 | 00,054,166 | ---- | C] () -- C:\Documents and Settings\yolanda\My Documents\11100133.jpeg
[2009/11/10 22:54:18 | 02,802,701 | ---- | C] () -- C:\Documents and Settings\yolanda\My Documents\dump04.zip
[2009/11/10 19:11:27 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/10 19:00:23 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/11/10 15:15:15 | 00,000,000 | -HS- | C] () -- C:\1351469820
[2009/11/05 21:22:31 | 01,152,470 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2009/11/05 21:22:31 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/11/05 21:22:31 | 00,000,883 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2009/11/05 21:22:31 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2009/11/05 21:22:31 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2009/11/05 21:19:51 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2009/11/05 21:19:45 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009/11/05 21:19:45 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/11/05 21:18:55 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/11/05 21:18:34 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2009/11/02 17:50:04 | 00,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/11/02 17:37:26 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/01 18:21:05 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2009/10/30 15:20:39 | 00,302,508 | ---- | C] () -- C:\Documents and Settings\yolanda\My Documents\10300140.jpeg
[2009/10/26 18:09:36 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\yolanda\My Documents\cover letter.doc
[2009/09/29 08:31:46 | 00,393,728 | ---- | C] () -- C:\WINDOWS\System32\gzpkhesypudau.dll
[2009/07/31 18:52:39 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/03 23:55:02 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/12/03 23:51:13 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/04/10 20:45:47 | 00,054,134 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2008/03/22 10:31:42 | 00,001,417 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/02/16 16:12:38 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/02/06 15:15:47 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2008/01/04 17:48:41 | 00,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/11/03 21:36:19 | 00,007,168 | ---- | C] () -- C:\Documents and Settings\yolanda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/15 22:30:35 | 00,037,632 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/10/15 22:30:18 | 00,028,536 | ---- | C] () -- C:\Documents and Settings\yolanda\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/10/15 22:10:02 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/15 19:28:09 | 04,814,756 | -H-- | C] () -- C:\Documents and Settings\yolanda\Local Settings\Application Data\IconCache.db
[2007/10/15 19:10:37 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\yolanda\Application Data\desktop.ini
[2007/10/15 19:04:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2007/10/15 19:01:56 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2007/10/15 19:01:56 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2007/10/15 19:01:05 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2007/10/15 19:01:04 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2007/10/15 11:53:06 | 00,542,182 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2007/10/15 11:53:05 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/10/15 11:52:36 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/10/02 15:45:54 | 00,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/02/28 07:00:00 | 01,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2006/02/28 07:00:00 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2006/02/28 07:00:00 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2006/02/28 07:00:00 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2006/02/28 07:00:00 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2006/02/28 07:00:00 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2006/02/28 07:00:00 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2006/02/28 07:00:00 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2006/02/28 07:00:00 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2006/02/28 07:00:00 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2006/02/28 07:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2006/02/28 07:00:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2006/02/28 07:00:00 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2006/02/28 07:00:00 | 00,174,592 | ---- | C] () -- C:\WINDOWS\exibesidaci.dll
[2006/02/28 07:00:00 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2006/02/28 07:00:00 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2006/02/28 07:00:00 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2006/02/28 07:00:00 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2006/02/28 07:00:00 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2006/02/28 07:00:00 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2006/02/28 07:00:00 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2006/02/28 07:00:00 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2006/02/28 07:00:00 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2006/02/28 07:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2006/02/28 07:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2006/02/28 07:00:00 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2006/02/28 07:00:00 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2006/02/28 07:00:00 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2006/02/28 07:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2006/02/28 07:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2006/02/28 07:00:00 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2006/02/28 07:00:00 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2006/02/28 07:00:00 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2006/02/28 07:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2006/02/28 07:00:00 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2006/02/28 07:00:00 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2006/02/28 07:00:00 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2006/02/28 07:00:00 | 00,010,110 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2006/02/28 07:00:00 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2006/02/28 07:00:00 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2006/02/28 07:00:00 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2006/02/28 07:00:00 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2006/02/28 07:00:00 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2006/02/28 07:00:00 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2006/02/28 07:00:00 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2006/02/28 07:00:00 | 00,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2006/02/28 07:00:00 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2006/02/28 07:00:00 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2006/02/28 07:00:00 | 00,000,776 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 07:00:00 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2006/02/28 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 17:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/17 17:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[1997/06/13 20:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/10/19 19:50:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/07/31 22:02:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/02/16 16:12:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2007/10/15 21:39:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2009/06/23 19:00:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/06/23 19:06:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/04/10 20:42:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2008/11/20 22:21:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007/12/13 19:11:01 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007/12/05 16:45:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2008/08/11 16:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2007/10/15 21:29:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CounterPath
[2008/01/04 17:46:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Datatel
[2009/11/01 18:34:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/11/17 16:16:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/01/29 02:28:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2009/08/08 18:36:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/08/08 18:36:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2009/01/29 02:40:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
[2008/01/04 17:46:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
[2008/04/25 21:13:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/11/06 08:02:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/11/06 08:16:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KwinzySrch
[2009/11/10 19:07:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/11/25 09:12:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/19 16:14:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2009/07/31 18:09:18 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/04/10 20:35:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2009/04/01 14:46:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/04/01 14:41:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/10/19 22:23:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/11/05 21:18:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/04/01 14:27:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2007/12/03 09:25:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2008/11/22 19:47:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2008/08/18 14:46:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2009/09/16 09:31:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2008/04/25 21:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2008/05/30 15:57:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/04/01 14:41:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/11/25 09:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/09/06 18:52:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2008/04/10 19:46:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/01/29 02:44:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2007/10/27 01:58:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2007/10/28 17:04:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2008/09/03 19:31:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2008/10/06 19:00:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/08/08 18:24:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2009/11/01 18:21:09 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2009/09/14 16:58:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/20 15:57:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/06/23 19:07:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/10 19:00:37 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/05/26 20:20:32 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
[2008/11/24 20:28:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\Adobe
[2009/10/21 17:48:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\Aim
[2008/04/05 19:42:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\AOL
[2009/09/28 19:25:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\Apple Computer
[2008/04/10 20:42:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\AT&T
[2009/10/21 18:05:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\Azureus
[2008/11/22 19:48:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/11/22 19:49:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\dvdcss
[2009/11/17 00:42:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\FrostWire
[2007/10/16 19:16:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\Google
[2008/01/24 19:27:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\Help
[2008/01/02 18:07:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\HP
[2009/02/13 19:29:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\HPAppData
[2009/07/06 16:43:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\ICAClient
[2007/10/15 19:10:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\Identities
[2007/10/31 18:26:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\Image Zone Express
[2008/03/25 21:15:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\Leadertech
[2009/03/12 20:16:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\LimeWire
[2007/10/15 21:48:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\Macromedia
[2009/11/25 09:12:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\Malwarebytes
[2009/07/23 15:55:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\yolanda\Application Data\Microsoft
[2008/04/05 19:35:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\Mozilla
[2009/11/05 21:18:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\PC Tools
[2007/10/31 18:26:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\Printer Info Cache
[2008/08/14 17:53:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\Research In Motion
[2008/12/14 20:52:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\Samsung
[2008/11/16 15:28:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\Skype
[2008/10/19 15:09:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\skypePM
[2008/03/16 19:01:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\Sun
[2009/04/01 14:31:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\Symantec
[2009/05/21 20:39:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\System Tweaker
[2009/05/15 20:52:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\U3
[2009/10/18 18:05:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\uniblue
[2007/10/15 22:11:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\Viewpoint
[2007/10/15 21:12:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\vlc
[2008/05/23 11:17:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\WeatherBug
[2007/10/15 20:08:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\WinBatch
[2008/04/11 21:49:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\Windows Desktop Search
[2008/04/29 18:44:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\Windows Search
[2008/09/03 20:16:52 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\yolanda\Application Data\yahoo!
[2007/10/15 21:16:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\yolanda\Application Data\You've Got Pictures Screensaver
[2009/11/25 09:35:03 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/11/23 17:24:27 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2006/02/28 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/24 23:00:00 | 00,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
[2009/11/25 09:29:47 | 00,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\PCConfidential.job
[2009/11/25 09:29:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >


OTL Extras logfile created on: 11/25/2009 12:27:30 PM - Run 1
OTL by OldTimer - Version 3.1.10.1 Folder = C:\Documents and Settings\yolanda\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.23 Mb Total Physical Memory | 259.68 Mb Available Physical Memory | 29.01% Memory free
2.12 Gb Paging File | 1.45 Gb Available in Paging File | 68.67% Paging File free
Paging file location(s): c:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.29 Gb Total Space | 115.22 Gb Free Space | 80.41% Space Free | Partition Type: NTFS
Drive D: | 5.76 Gb Total Space | 0.99 Gb Free Space | 17.17% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOLANDA-4A4E18F
Current User Name: yolanda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1192500886\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1192500886\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe" = C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe:*:Enabled:eyeBeam -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- File not found
"C:\Program Files\Common Files\AOL\1192500886\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1192500886\EE\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Datatel\UI\wIntegSM.exe" = C:\Program Files\Datatel\UI\wIntegSM.exe:*:Enabled:wIntegrate Session Manager -- (IBM Corporation)
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD" = C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Disabled:Age of Empires II -- (Microsoft Corporation)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\WINDOWS\LMI5F9.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI5F9.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- File not found
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Disabled:Azureus -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\LMI792.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI792.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\winlogon.exe" = C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E2DAB2F-5A2F-8F65-1006-30E94506B15D}" = Skins
"{0F1649F6-F84B-41B2-980B-D2371BA389B3}" = Network Magic
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700" = Canon iP1700
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{25F6C900-C138-4888-A56C-91D3D063023A}" = HP Update
"{269D9176-CEF5-81BE-D204-B90ACA0ECD79}" = Catalyst Control Center Core Implementation
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{393C1150-6EBF-D1DA-BDC2-3E1D1D772B44}" = Catalyst Control Center Graphics Full Existing
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C97C9C5-1AF3-41B0-B61C-185C06C75EE6}" = D4100_Help
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4FC19392-E4A5-4CCB-B45A-AB7E8126D3C9}" = Microsoft Easy Assist
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{57F7C02B-D36E-3F81-239B-FD031984ADFE}" = Catalyst Control Center Graphics Previews Common
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69580770-C77E-67FE-014F-BE02DF5D8A4F}" = ccc-core-preinstall
"{6EACA7EA-CA28-1333-206C-C985F7F22C2F}" = CCC Help English
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{726A85FE-D304-4C4A-8167-D8A24A7C86F9}" = UI Desktop 2.1.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}" = HP Photosmart All-In-One Software 9.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8D0049D9-265D-145D-96D7-CD5814DA7092}" = ccc-core-static
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEBEF8E1-11B9-4458-A619-14EEE48A5BB4}" = Pure Networks Platform
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{BA9A7A5D-5976-3682-826C-CDE03A0DE33D}" = Catalyst Control Center Graphics Full New
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D721F201-E316-0825-7D23-48C16939914F}" = ccc-utility
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFB45880-1B78-4107-8028-A134B83ECD5B}" = inContact_Agent
"{E07FEDF6-3E9E-2F4C-3734-15B839CC3CD3}" = Catalyst Control Center Graphics Light
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F45F4E88-288F-4AC4-8C95-9659403A05CA}" = Mirar
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Empires 2.0" = Microsoft Age of Empires II
"All ATI Software" = ATI - Software Uninstall Utility
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Deskbar" = AOL Deskbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"Ask Toolbar_is1" = Vuze Toolbar
"ATI Display Driver" = ATI Display Driver
"ATT-NAP" = ATT-NAP
"Browser Defender_is1" = Browser Defender 2.0.6.10
"Canon iP1700 User Registration" = Canon iP1700 User Registration
"CanonMyPrinter" = Canon My Printer
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"eyeBeam 1.5_is1" = eyeBeam 1.5.19.5
"ezcalendar" = EZ Calendar (remove only)
"FrostWire" = FrostWire 4.17.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"KwinzySrch" = Kwinzy 1.0 build 135
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My.Freeze.com NetAssistant" = My.Freeze.com NetAssistant
"N360" = Norton 360
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RadialpointClientGateway_is1" = AT&T Internet Security Wizard 1.5.11
"RealPlayer 6.0" = RealPlayer Basic
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Spark 2.5.8" = Spark 2.5.8
"Spyware Doctor" = Spyware Doctor 7.0
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager
"ZHCIELangPack" = Chinese (Simplified) Language Support
"ZHTIELangPack" = Chinese (Traditional) Language Support

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Digital Editions" = Adobe Digital Editions
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/13/2009 5:09:26 PM | Computer Name = YOLANDA-4A4E18F | Source = MyAgent.exe | ID = 1
Description =

Error - 10/21/2009 8:00:52 PM | Computer Name = YOLANDA-4A4E18F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x000e94ac.

Error - 10/21/2009 8:01:11 PM | Computer Name = YOLANDA-4A4E18F | Source = Application Error | ID = 1001
Description = Fault bucket 1394745435.

Error - 10/22/2009 2:03:59 AM | Computer Name = YOLANDA-4A4E18F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x000cd389.

Error - 10/23/2009 1:47:51 AM | Computer Name = YOLANDA-4A4E18F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x000dea73.

Error - 10/23/2009 4:36:46 PM | Computer Name = YOLANDA-4A4E18F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x000cd389.

Error - 10/23/2009 4:37:02 PM | Computer Name = YOLANDA-4A4E18F | Source = Application Error | ID = 1001
Description = Fault bucket 1392559477.

Error - 10/23/2009 6:33:19 PM | Computer Name = YOLANDA-4A4E18F | Source = MyAgent.exe | ID = 1
Description =

Error - 10/24/2009 1:03:52 AM | Computer Name = YOLANDA-4A4E18F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x000e94ac.

Error - 10/24/2009 11:47:13 PM | Computer Name = YOLANDA-4A4E18F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x000e8710.

[ System Events ]
Error - 11/25/2009 8:16:15 AM | Computer Name = YOLANDA-4A4E18F | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%126

Error - 11/25/2009 9:52:50 AM | Computer Name = YOLANDA-4A4E18F | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped
monitoring the volume.

Error - 11/25/2009 9:52:50 AM | Computer Name = YOLANDA-4A4E18F | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 11/25/2009 9:53:51 AM | Computer Name = YOLANDA-4A4E18F | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 11/25/2009 9:53:54 AM | Computer Name = YOLANDA-4A4E18F | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 11/25/2009 9:53:54 AM | Computer Name = YOLANDA-4A4E18F | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%126

Error - 11/25/2009 10:29:48 AM | Computer Name = YOLANDA-4A4E18F | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 11/25/2009 10:30:29 AM | Computer Name = YOLANDA-4A4E18F | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 11/25/2009 10:30:36 AM | Computer Name = YOLANDA-4A4E18F | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 11/25/2009 10:30:36 AM | Computer Name = YOLANDA-4A4E18F | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%126


< End of report >

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:02 PM

Posted 25 November 2009 - 06:49 PM

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 yolas

yolas
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 25 November 2009 - 10:44 PM

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-25 22:42:12
Windows 5.1.2600 Service Pack 3
Running: 4j38brtx[1].exe; Driver: C:\DOCUME~1\yolanda\LOCALS~1\Temp\kgkiikoc.sys


---- System - GMER 1.0.15 ----

SSDT 8532B508 ZwAlertResumeThread
SSDT 85136708 ZwAlertThread
SSDT 8556B288 ZwAllocateVirtualMemory
SSDT 8567B858 ZwAssignProcessToJobObject
SSDT 84EFF840 ZwConnectPort
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF747EE22]
SSDT 85567160 ZwCreateMutant
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF745FCDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF745FECE]
SSDT 84DAE118 ZwCreateSymbolicLinkObject
SSDT 852A7CB0 ZwCreateThread
SSDT 85339848 ZwDebugActiveProcess
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF747F610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF747F8C4]
SSDT 8419B900 ZwDuplicateObject
SSDT 84DCB420 ZwFreeVirtualMemory
SSDT 85659888 ZwImpersonateAnonymousToken
SSDT 854C3608 ZwImpersonateThread
SSDT 85414A28 ZwLoadDriver
SSDT 852A9498 ZwMapViewOfSection
SSDT 8572FAB0 ZwOpenEvent
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF747DB14]
SSDT 84DBD288 ZwOpenProcess
SSDT 84DB2E50 ZwOpenProcessToken
SSDT 855D05E0 ZwOpenSection
SSDT 84DBD1F8 ZwOpenThread
SSDT 84DAE008 ZwProtectVirtualMemory
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF747FD30]
SSDT 852B1E50 ZwResumeThread
SSDT 84E48050 ZwSetContextThread
SSDT 84DEA2D8 ZwSetInformationProcess
SSDT 85261CD0 ZwSetSystemInformation
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF747F0E2]
SSDT 8561D858 ZwSuspendProcess
SSDT 855D0CD0 ZwSuspendThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF745F982]
SSDT 8527C6E8 ZwTerminateThread
SSDT 8546DCA0 ZwUnmapViewOfSection
SSDT 84DC5F80 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504854 6 Bytes [58, D8, 61, 85, D0, 0C]
? SYMEFA.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Spyware Doctor\pctsTray.exe[468] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044B8D9 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Documents and Settings\yolanda\Local Settings\Temporary Internet Files\Content.IE5\Z7KAOTDF\4j38brtx[1].exe[772] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003C0001
.text C:\Documents and Settings\yolanda\Local Settings\Temporary Internet Files\Content.IE5\Z7KAOTDF\4j38brtx[1].exe[772] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\yolanda\Local Settings\Temporary Internet Files\Content.IE5\Z7KAOTDF\4j38brtx[1].exe[772] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\yolanda\Local Settings\Temporary Internet Files\Content.IE5\Z7KAOTDF\4j38brtx[1].exe[772] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\yolanda\Local Settings\Temporary Internet Files\Content.IE5\Z7KAOTDF\4j38brtx[1].exe[772] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F]
.text C:\Documents and Settings\yolanda\Local Settings\Temporary Internet Files\Content.IE5\Z7KAOTDF\4j38brtx[1].exe[772] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003B0001
.text C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\alg.exe[956] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 006D0001
.text C:\WINDOWS\System32\alg.exe[956] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\alg.exe[956] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\alg.exe[956] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[956] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\alg.exe[956] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[2280] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044BC05 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\WINDOWS\system32\ctfmon.exe[2352] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001
.text C:\WINDOWS\system32\ctfmon.exe[2352] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2352] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[2352] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2352] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2352] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2664] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B90001
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2664] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2664] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2664] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2664] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2664] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2824] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2824] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E97F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2824] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCE79 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2824] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2824] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2824] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2824] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2824] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2824] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2824] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2824] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2824] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2824] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED6D8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2824] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E44F7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2824] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 037A62F0 C:\WINDOWS\system32\gzpkhesypudau.dll
.text C:\WINDOWS\System32\regsvr32.exe[2880] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AC0001
.text C:\WINDOWS\System32\regsvr32.exe[2880] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\regsvr32.exe[2880] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\regsvr32.exe[2880] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\regsvr32.exe[2880] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\regsvr32.exe[2880] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\SearchIndexer.exe[3116] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585808 C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3404] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00790001
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3404] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3404] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3404] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3404] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3404] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3908] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C80001
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3908] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3908] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3908] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3908] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3908] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\SNDVOL32.EXE[4092] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003B0001
.text C:\WINDOWS\system32\SNDVOL32.EXE[4092] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\SNDVOL32.EXE[4092] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\SNDVOL32.EXE[4092] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SNDVOL32.EXE[4092] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\SNDVOL32.EXE[4092] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A
.text C:\Program Files\America Online 9.0a\waol.exe[4180] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003E0001
.text C:\Program Files\America Online 9.0a\waol.exe[4180] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\America Online 9.0a\waol.exe[4180] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\Program Files\America Online 9.0a\waol.exe[4180] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\America Online 9.0a\waol.exe[4180] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F]
.text C:\Program Files\America Online 9.0a\waol.exe[4180] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A
.text C:\Program Files\America Online 9.0a\shellmon.exe[5076] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003E0001
.text C:\Program Files\America Online 9.0a\shellmon.exe[5076] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\America Online 9.0a\shellmon.exe[5076] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\Program Files\America Online 9.0a\shellmon.exe[5076] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\America Online 9.0a\shellmon.exe[5076] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F]
.text C:\Program Files\America Online 9.0a\shellmon.exe[5076] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[432] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1192500886\ee\aolsoftware.exe[884] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2824] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\Iphlpapi.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\Iphlpapi.DLL [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\America Online 9.0a\waol.exe[4180] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:02 PM

Posted 26 November 2009 - 08:08 AM

Ok go ahead with my previous instructions.
They can be found in the post above this one.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 yolas

yolas
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 26 November 2009 - 03:58 PM

ComboFix 09-11-25.05 - yolanda 11/26/2009 13:51.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.241 [GMT -5:00]
Running from: c:\documents and settings\yolanda\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\yolanda\Local Settings\Application Data\{C6BCBEC4-440C-4D9A-9EAC-55A2B4235E99}
c:\documents and settings\yolanda\Local Settings\Application Data\{C6BCBEC4-440C-4D9A-9EAC-55A2B4235E99}\chrome.manifest
c:\documents and settings\yolanda\Local Settings\Application Data\{C6BCBEC4-440C-4D9A-9EAC-55A2B4235E99}\chrome\content\_cfg.js
c:\documents and settings\yolanda\Local Settings\Application Data\{C6BCBEC4-440C-4D9A-9EAC-55A2B4235E99}\chrome\content\overlay.xul
c:\documents and settings\yolanda\Local Settings\Application Data\{C6BCBEC4-440C-4D9A-9EAC-55A2B4235E99}\install.rdf
c:\program files\INSTALL.LOG
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Downloaded Program Files\MyWebEx
c:\windows\Downloaded Program Files\MyWebEx\491\atarm.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atas32.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atasanot.exe
c:\windows\Downloaded Program Files\MyWebEx\491\atasctrl.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atasnt40.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atcarmcl.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atdl2006.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atjpeg60.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atkbctl.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atlchat.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atmemmgr.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atnetext.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atpack.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atres.dll
c:\windows\Downloaded Program Files\MyWebEx\491\attp.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atwbxui5.dll
c:\windows\Downloaded Program Files\MyWebEx\491\ieatgpc.dll
c:\windows\Downloaded Program Files\MyWebEx\491\mwm.ini
c:\windows\Downloaded Program Files\MyWebEx\491\mwmcliun.exe
c:\windows\Downloaded Program Files\MyWebEx\491\mwmHook.dll
c:\windows\Downloaded Program Files\MyWebEx\491\mwmproxy.dll
c:\windows\Downloaded Program Files\MyWebEx\491\mwmres.dll
c:\windows\Downloaded Program Files\MyWebEx\491\mwmtrace.txt
c:\windows\Downloaded Program Files\MyWebEx\491\mwmupd.exe
c:\windows\Downloaded Program Files\MyWebEx\491\ratrace.dll
c:\windows\Downloaded Program Files\MyWebEx\491\raurl.dll
c:\windows\Downloaded Program Files\MyWebEx\491\uilibres.dll
c:\windows\Downloaded Program Files\MyWebEx\491\wbxcrypt.dll
c:\windows\Downloaded Program Files\MyWebEx\491\webexmgr.dll
c:\windows\exibesidaci.dll
c:\windows\system32\4F3X
c:\windows\system32\AutoRun.inf
c:\windows\system32\zesigema.dll

----- BITS: Possible infected sites -----

hxxp://82.98.231.102
Infected copy of c:\windows\system32\srsvc.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\srsvc.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2009-10-26 to 2009-11-26 )))))))))))))))))))))))))))))))
.

2009-11-26 19:06 . 2008-04-14 00:12 171008 ----a-w- c:\windows\system32\srsvc.dll
2009-11-26 17:53 . 2009-08-25 08:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.048\NAVENG.SYS
2009-11-26 17:53 . 2009-08-25 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.048\NAVENG32.DLL
2009-11-26 17:53 . 2009-08-25 08:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.048\NAVEX32A.DLL
2009-11-26 17:53 . 2009-08-25 08:00 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.048\NAVEX15.SYS
2009-11-26 17:53 . 2009-09-22 08:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.048\ECMSVR32.DLL
2009-11-26 17:53 . 2009-09-15 08:00 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.048\CCERASER.DLL
2009-11-26 17:53 . 2009-08-27 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.048\EECTRL.SYS
2009-11-26 17:53 . 2009-08-27 08:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.048\ERASER.SYS
2009-11-25 14:12 . 2009-11-25 14:12 -------- d-----w- c:\documents and settings\yolanda\Application Data\Malwarebytes
2009-11-25 14:12 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-25 14:12 . 2009-11-25 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-25 14:12 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-25 14:12 . 2009-11-25 14:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-25 12:41 . 2009-11-25 12:41 -------- d-----w- c:\program files\Runtime Software
2009-11-25 02:34 . 2009-08-25 08:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091124.035\NAVENG.SYS
2009-11-25 02:34 . 2009-08-25 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091124.035\NAVENG32.DLL
2009-11-25 02:34 . 2009-08-25 08:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091124.035\NAVEX32A.DLL
2009-11-25 02:34 . 2009-08-25 08:00 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091124.035\NAVEX15.SYS
2009-11-25 02:34 . 2009-09-22 08:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091124.035\ECMSVR32.DLL
2009-11-25 02:34 . 2009-09-15 08:00 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091124.035\CCERASER.DLL
2009-11-25 02:34 . 2009-08-27 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091124.035\EECTRL.SYS
2009-11-25 02:34 . 2009-08-27 08:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091124.035\ERASER.SYS
2009-11-15 22:15 . 2009-11-15 22:15 -------- d-----w- c:\documents and settings\yolanda\Local Settings\Application Data\Temp
2009-11-13 21:03 . 2009-11-26 17:42 0 ----a-w- c:\windows\Xxiqu.bin
2009-11-13 21:03 . 2009-11-25 19:32 120 ----a-w- c:\windows\Mjayuwibiqo.dat
2009-11-12 22:02 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\Scxpx86.dll
2009-11-12 22:02 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys
2009-11-12 22:02 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys
2009-11-12 22:02 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSxpx86.dll
2009-11-12 22:02 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSviA64.sys
2009-11-11 19:59 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\IDSvix86.sys
2009-11-11 19:59 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\IDSXpx86.sys
2009-11-11 19:59 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\Scxpx86.dll
2009-11-11 19:59 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\IDSxpx86.dll
2009-11-11 19:59 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\IDSviA64.sys
2009-11-11 00:15 . 2009-11-11 00:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-11-11 00:07 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-11 00:07 . 2009-11-11 00:06 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-11 00:01 . 2009-11-11 00:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-11-11 00:00 . 2009-11-11 00:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-11 00:00 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-10 23:59 . 2009-11-11 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-10 23:59 . 2009-11-10 23:59 -------- d-----w- c:\program files\Lavasoft
2009-11-06 21:53 . 2009-11-06 21:53 -------- d-----w- c:\documents and settings\yolanda\Local Settings\Application Data\ICS
2009-11-06 18:18 . 2009-11-06 18:18 -------- d-----r- c:\program files\Norton Support
2009-11-06 13:02 . 2009-11-06 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-11-06 13:02 . 2009-11-06 15:03 -------- d-----w- c:\windows\BDOSCAN8
2009-11-06 02:33 . 2009-11-06 02:33 -------- d-----w- c:\documents and settings\yolanda\Local Settings\Application Data\Threat Expert
2009-11-06 02:22 . 2009-10-08 16:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-06 02:22 . 2009-10-08 16:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-06 02:22 . 2009-10-02 19:19 1152470 ----a-w- c:\windows\UDB.zip
2009-11-06 02:22 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2009-11-06 02:22 . 2009-10-08 16:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-06 02:22 . 2009-10-08 16:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-06 02:19 . 2009-09-24 13:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-06 02:19 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-06 02:19 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-06 02:18 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-06 02:18 . 2009-11-26 19:13 -------- d-----w- c:\program files\Spyware Doctor
2009-11-06 02:18 . 2009-11-06 02:22 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-06 02:18 . 2009-11-06 02:18 -------- d-----w- c:\documents and settings\yolanda\Application Data\PC Tools
2009-11-06 02:18 . 2009-11-06 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-06 02:17 . 2009-11-26 19:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-02 22:49 . 2009-11-02 22:50 -------- d-----w- c:\program files\Safari
2009-11-02 22:35 . 2009-11-02 22:35 -------- d-----w- c:\program files\iPod
2009-11-02 22:35 . 2009-11-02 22:37 -------- d-----w- c:\program files\iTunes
2009-11-02 22:26 . 2009-11-02 22:26 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-23 10:44 . 2009-09-29 13:31 393728 ----a-w- c:\windows\system32\gzpkhesypudau.dll
2009-11-21 00:08 . 2009-11-11 00:06 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-21 00:08 . 2009-11-11 00:06 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-17 21:16 . 2007-10-16 03:26 -------- d-----w- c:\program files\Google
2009-11-17 05:42 . 2009-03-14 00:06 -------- d-----w- c:\documents and settings\yolanda\Application Data\FrostWire
2009-11-11 00:06 . 2009-11-11 00:06 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-11 00:06 . 2009-11-11 00:06 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-11 00:06 . 2009-11-11 00:06 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-11 00:06 . 2009-11-11 00:06 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-11 00:06 . 2009-11-11 00:06 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-11 00:06 . 2009-11-11 00:06 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-11 00:06 . 2009-11-11 00:06 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-11 00:06 . 2009-11-11 00:06 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-10 20:31 . 2009-11-10 20:31 45056 ---ha-w- c:\windows\system32\BIT77C.tmp
2009-11-10 20:29 . 2009-11-10 20:29 92672 ---ha-w- c:\windows\system32\BIT775.tmp
2009-11-10 20:29 . 2009-11-10 20:29 39424 ---ha-w- c:\windows\system32\BIT774.tmp
2009-11-06 18:22 . 2009-04-01 19:43 -------- d-----w- c:\program files\Symantec
2009-11-06 14:00 . 2009-07-15 16:03 -------- d-----w- c:\program files\KwinzySrch
2009-11-06 13:16 . 2009-07-15 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\KwinzySrch
2009-11-02 22:35 . 2009-06-24 00:00 -------- d-----w- c:\program files\Common Files\Apple
2009-11-01 23:34 . 2009-10-18 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-11-01 23:21 . 2009-11-01 23:20 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-11-01 23:21 . 2009-05-22 01:08 -------- d-----w- c:\program files\Uniblue
2009-10-21 23:06 . 2008-11-21 03:20 -------- d-----w- c:\program files\Vuze
2009-10-21 23:05 . 2008-11-21 03:21 -------- d-----w- c:\documents and settings\yolanda\Application Data\Azureus
2009-10-21 22:48 . 2008-04-11 00:46 -------- d-----w- c:\program files\AIM
2009-10-21 22:48 . 2008-04-11 00:47 -------- d-----w- c:\documents and settings\yolanda\Application Data\Aim
2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-10-20 03:23 . 2008-09-02 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-19 21:17 . 2009-10-19 21:16 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-19 21:14 . 2009-10-19 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-19 21:13 . 2009-10-19 21:13 -------- d-----w- c:\program files\McAfee Security Scan
2009-10-19 21:13 . 2009-10-19 21:13 836464 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2009-10-19 21:13 . 2009-10-19 21:13 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-10-18 23:05 . 2009-05-22 01:10 -------- d-----w- c:\documents and settings\yolanda\Application Data\uniblue
2009-10-13 22:00 . 2008-04-11 01:37 -------- d-----w- c:\program files\Yahoo!
2009-10-13 21:47 . 2007-10-16 02:14 -------- d-----w- c:\program files\Common Files\AOL
2009-09-29 00:25 . 2009-06-24 00:08 -------- d-----w- c:\documents and settings\yolanda\Application Data\Apple Computer
2009-09-27 22:56 . 2009-09-27 22:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf
2009-09-27 22:55 . 2009-09-27 22:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-09-27 22:54 . 2009-09-27 22:54 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-09-27 22:54 . 2009-09-27 22:54 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-09-27 22:54 . 2009-09-27 22:54 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-09-25 22:41 . 2009-09-25 21:25 139004 ----a-w- c:\windows\hpoins15.dat
2009-09-25 21:37 . 2009-09-25 21:37 10134 ----a-r- c:\documents and settings\yolanda\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe
2009-09-22 08:00 . 2009-11-26 19:33 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091126.016\ECMSVR32.DLL
2009-09-15 08:00 . 2009-11-26 19:33 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091126.016\CCERASER.DLL
2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 17:44 . 2009-09-03 17:44 28400 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-29 08:08 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}"= "c:\program files\My.Freeze.com NetAssistant\NetAssistant.dll" [2009-03-20 249856]

[HKEY_CLASSES_ROOT\clsid\{e38fa08e-f56a-4169-abf5-5c71e3c153a1}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9CD2C770-A60B-0F1A-6780-C6BE6C1B321A}]
2009-11-23 10:44 393728 ----a-w- c:\windows\system32\gzpkhesypudau.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-03-25 303616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AntiVirus Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk
backup=c:\windows\pss\AntiVirus Plus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^yolanda^Start Menu^Programs^Startup^AntiVirus Plus.lnk]
path=c:\documents and settings\yolanda\Start Menu\Programs\Startup\AntiVirus Plus.lnk
backup=c:\windows\pss\AntiVirus Plus.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1192500886\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\CounterPath\\eyeBeam 1.5\\eyeBeam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1192500886\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Datatel\\UI\\wIntegSM.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/10/2009 7:07 PM 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/5/2009 9:19 PM 207280]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0305020.00B\SymEFA.sys [9/8/2009 5:45 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0305020.00B\BHDrvx86.sys [9/8/2009 5:45 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0305020.00B\cchpx86.sys [9/8/2009 5:45 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys [11/12/2009 5:02 PM 329592]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [11/20/2008 10:21 PM 460168]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/5/2009 9:22 PM 112592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1184912]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [9/8/2009 5:45 PM 117640]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/5/2009 9:18 PM 358600]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/15/2007 9:38 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/9/2009 1:55 PM 102448]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 10:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 10:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 7:18 PM 23680]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys --> c:\windows\system32\DRIVERS\TM_CFW.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-11-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 00:09]

2009-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-11-26 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2006-02-28 00:12]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://my.freeze.com/?AcquisitionID=a4a82f31-ae2f-40eb-b87a-ca3f8789ab30&s=&ipc=
mSearch Bar =
IE: &Search
DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} - hxxp://www.newhomebasedccr.com/test/PlaNetSysInfo.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} - hxxps://mycampus.phoenix.edu/secure/PhxStudent15.CAB
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{F45F4E88-288F-4AC4-8C95-9659403A05CA} - (no file)
HKLM-Run-Cdejunaviqe - c:\windows\exibesidaci.dll
AddRemove-Ad-Aware - c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-CanonMyPrinter - c:\program files\Canon\MyPrinter\uninst.exe uninst.ini
AddRemove-Easy-PhotoPrint - c:\program files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
AddRemove-Uniblue DriverScanner 2009 - c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F} - c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-26 14:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\yolanda\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1652)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\pctgmhk.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-11-26 14:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-26 19:51

Pre-Run: 123,576,512,512 bytes free
Post-Run: 123,732,905,984 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F607634C268467DE788A4FA73E85440C

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:02 PM

Posted 26 November 2009 - 04:56 PM

1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
ASKService
Viewpoint Manager Service

File::
c:\windows\system32\gzpkhesypudau.dll

Folder::
c:\program files\KwinzySrch
c:\documents and settings\All Users\Application Data\KwinzySrch
c:\program files\AskBarDis
c:\program files\Viewpoint


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:
  • Combofix.txt
=============
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 yolas

yolas
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 26 November 2009 - 08:22 PM

ComboFix 09-11-26.01 - yolanda 11/26/2009 18:26.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.399 [GMT -5:00]
Running from: c:\documents and settings\yolanda\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\yolanda\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\gzpkhesypudau.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Viewpoint
c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentMgr.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt

.
((((((((((((((((((((((((( Files Created from 2009-10-26 to 2009-11-26 )))))))))))))))))))))))))))))))
.

2009-11-26 20:56 . 2009-11-26 20:56 -------- d-----w- c:\documents and settings\yolanda\Local Settings\Application Data\Symantec
2009-11-26 19:33 . 2009-08-25 08:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091126.016\NAVEX32A.DLL
2009-11-26 19:33 . 2009-08-25 08:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091126.016\NAVENG.SYS
2009-11-26 19:33 . 2009-08-25 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091126.016\NAVENG32.DLL
2009-11-26 19:33 . 2009-08-25 08:00 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091126.016\NAVEX15.SYS
2009-11-26 19:33 . 2009-08-27 08:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091126.016\ERASER.SYS
2009-11-26 19:33 . 2009-09-22 08:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091126.016\ECMSVR32.DLL
2009-11-26 19:33 . 2009-09-15 08:00 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091126.016\CCERASER.DLL
2009-11-26 19:33 . 2009-08-27 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091126.016\EECTRL.SYS
2009-11-26 19:06 . 2008-04-14 00:12 171008 ------w- c:\windows\system32\srsvc.dll
2009-11-25 14:12 . 2009-11-25 14:12 -------- d-----w- c:\documents and settings\yolanda\Application Data\Malwarebytes
2009-11-25 14:12 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-25 14:12 . 2009-11-25 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-25 14:12 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-25 14:12 . 2009-11-25 14:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-25 12:41 . 2009-11-25 12:41 -------- d-----w- c:\program files\Runtime Software
2009-11-25 02:34 . 2009-08-25 08:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091124.035\NAVENG.SYS
2009-11-25 02:34 . 2009-08-25 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091124.035\NAVENG32.DLL
2009-11-25 02:34 . 2009-08-25 08:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091124.035\NAVEX32A.DLL
2009-11-25 02:34 . 2009-08-25 08:00 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091124.035\NAVEX15.SYS
2009-11-25 02:34 . 2009-09-22 08:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091124.035\ECMSVR32.DLL
2009-11-25 02:34 . 2009-09-15 08:00 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091124.035\CCERASER.DLL
2009-11-25 02:34 . 2009-08-27 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091124.035\EECTRL.SYS
2009-11-25 02:34 . 2009-08-27 08:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091124.035\ERASER.SYS
2009-11-15 22:15 . 2009-11-15 22:15 -------- d-----w- c:\documents and settings\yolanda\Local Settings\Application Data\Temp
2009-11-13 21:03 . 2009-11-26 17:42 0 ----a-w- c:\windows\Xxiqu.bin
2009-11-13 21:03 . 2009-11-25 19:32 120 ----a-w- c:\windows\Mjayuwibiqo.dat
2009-11-12 22:02 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\Scxpx86.dll
2009-11-12 22:02 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys
2009-11-12 22:02 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys
2009-11-12 22:02 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSxpx86.dll
2009-11-12 22:02 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSviA64.sys
2009-11-11 19:59 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\IDSvix86.sys
2009-11-11 19:59 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\IDSXpx86.sys
2009-11-11 19:59 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\Scxpx86.dll
2009-11-11 19:59 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\IDSxpx86.dll
2009-11-11 19:59 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\IDSviA64.sys
2009-11-11 00:15 . 2009-11-11 00:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-11-11 00:07 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-11 00:07 . 2009-11-11 00:06 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-11 00:01 . 2009-11-11 00:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-11-11 00:00 . 2009-11-11 00:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-11 00:00 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-10 23:59 . 2009-11-11 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-10 23:59 . 2009-11-10 23:59 -------- d-----w- c:\program files\Lavasoft
2009-11-06 21:53 . 2009-11-06 21:53 -------- d-----w- c:\documents and settings\yolanda\Local Settings\Application Data\ICS
2009-11-06 18:18 . 2009-11-06 18:18 -------- d-----r- c:\program files\Norton Support
2009-11-06 13:02 . 2009-11-06 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-11-06 13:02 . 2009-11-06 15:03 -------- d-----w- c:\windows\BDOSCAN8
2009-11-06 02:33 . 2009-11-06 02:33 -------- d-----w- c:\documents and settings\yolanda\Local Settings\Application Data\Threat Expert
2009-11-06 02:22 . 2009-10-08 16:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-06 02:22 . 2009-10-08 16:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-06 02:22 . 2009-10-02 19:19 1152470 ----a-w- c:\windows\UDB.zip
2009-11-06 02:22 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2009-11-06 02:22 . 2009-10-08 16:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-06 02:22 . 2009-10-08 16:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-06 02:19 . 2009-09-24 13:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-06 02:19 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-06 02:19 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-06 02:18 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-06 02:18 . 2009-11-26 23:43 -------- d-----w- c:\program files\Spyware Doctor
2009-11-06 02:18 . 2009-11-06 02:22 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-06 02:18 . 2009-11-06 02:18 -------- d-----w- c:\documents and settings\yolanda\Application Data\PC Tools
2009-11-06 02:18 . 2009-11-06 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-06 02:17 . 2009-11-26 23:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-02 22:49 . 2009-11-02 22:50 -------- d-----w- c:\program files\Safari
2009-11-02 22:35 . 2009-11-02 22:35 -------- d-----w- c:\program files\iPod
2009-11-02 22:35 . 2009-11-02 22:37 -------- d-----w- c:\program files\iTunes
2009-11-02 22:26 . 2009-11-02 22:26 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 00:08 . 2009-11-11 00:06 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-21 00:08 . 2009-11-11 00:06 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-17 21:16 . 2007-10-16 03:26 -------- d-----w- c:\program files\Google
2009-11-17 05:42 . 2009-03-14 00:06 -------- d-----w- c:\documents and settings\yolanda\Application Data\FrostWire
2009-11-11 00:06 . 2009-11-11 00:06 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-11 00:06 . 2009-11-11 00:06 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-11 00:06 . 2009-11-11 00:06 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-11 00:06 . 2009-11-11 00:06 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-11 00:06 . 2009-11-11 00:06 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-11 00:06 . 2009-11-11 00:06 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-11 00:06 . 2009-11-11 00:06 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-11 00:06 . 2009-11-11 00:06 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-10 20:31 . 2009-11-10 20:31 45056 ---ha-w- c:\windows\system32\BIT77C.tmp
2009-11-10 20:29 . 2009-11-10 20:29 92672 ---ha-w- c:\windows\system32\BIT775.tmp
2009-11-10 20:29 . 2009-11-10 20:29 39424 ---ha-w- c:\windows\system32\BIT774.tmp
2009-11-06 18:22 . 2009-04-01 19:43 -------- d-----w- c:\program files\Symantec
2009-11-02 22:35 . 2009-06-24 00:00 -------- d-----w- c:\program files\Common Files\Apple
2009-11-01 23:34 . 2009-10-18 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-11-01 23:21 . 2009-11-01 23:20 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-11-01 23:21 . 2009-05-22 01:08 -------- d-----w- c:\program files\Uniblue
2009-10-21 23:06 . 2008-11-21 03:20 -------- d-----w- c:\program files\Vuze
2009-10-21 23:05 . 2008-11-21 03:21 -------- d-----w- c:\documents and settings\yolanda\Application Data\Azureus
2009-10-21 22:48 . 2008-04-11 00:46 -------- d-----w- c:\program files\AIM
2009-10-21 22:48 . 2008-04-11 00:47 -------- d-----w- c:\documents and settings\yolanda\Application Data\Aim
2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-10-20 03:23 . 2008-09-02 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-19 21:17 . 2009-10-19 21:16 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-19 21:14 . 2009-10-19 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-19 21:13 . 2009-10-19 21:13 -------- d-----w- c:\program files\McAfee Security Scan
2009-10-19 21:13 . 2009-10-19 21:13 836464 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2009-10-19 21:13 . 2009-10-19 21:13 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-10-18 23:05 . 2009-05-22 01:10 -------- d-----w- c:\documents and settings\yolanda\Application Data\uniblue
2009-10-13 22:00 . 2008-04-11 01:37 -------- d-----w- c:\program files\Yahoo!
2009-10-13 21:47 . 2007-10-16 02:14 -------- d-----w- c:\program files\Common Files\AOL
2009-09-29 00:25 . 2009-06-24 00:08 -------- d-----w- c:\documents and settings\yolanda\Application Data\Apple Computer
2009-09-25 22:41 . 2009-09-25 21:25 139004 ----a-w- c:\windows\hpoins15.dat
2009-09-25 21:37 . 2009-09-25 21:37 10134 ----a-r- c:\documents and settings\yolanda\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe
2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 17:44 . 2009-09-03 17:44 28400 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-29 08:08 . 2006-02-28 12:00 916480 ------w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}"= "c:\program files\My.Freeze.com NetAssistant\NetAssistant.dll" [2009-03-20 249856]

[HKEY_CLASSES_ROOT\clsid\{e38fa08e-f56a-4169-abf5-5c71e3c153a1}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\America Online 9.0a\AOL.EXE" [2005-07-26 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-03-25 303616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AntiVirus Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk
backup=c:\windows\pss\AntiVirus Plus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^yolanda^Start Menu^Programs^Startup^AntiVirus Plus.lnk]
path=c:\documents and settings\yolanda\Start Menu\Programs\Startup\AntiVirus Plus.lnk
backup=c:\windows\pss\AntiVirus Plus.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1192500886\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\CounterPath\\eyeBeam 1.5\\eyeBeam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1192500886\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Datatel\\UI\\wIntegSM.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/10/2009 7:07 PM 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/5/2009 9:19 PM 207280]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0305020.00B\SymEFA.sys [9/8/2009 5:45 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0305020.00B\BHDrvx86.sys [9/8/2009 5:45 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0305020.00B\cchpx86.sys [9/8/2009 5:45 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys [11/12/2009 5:02 PM 329592]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/5/2009 9:22 PM 112592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1184912]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [9/8/2009 5:45 PM 117640]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/5/2009 9:18 PM 358600]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/9/2009 1:55 PM 102448]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 10:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 10:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 7:18 PM 23680]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys --> c:\windows\system32\DRIVERS\TM_CFW.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-11-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 00:09]

2009-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-11-26 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2006-02-28 00:12]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://my.freeze.com/?AcquisitionID=a4a82f31-ae2f-40eb-b87a-ca3f8789ab30&s=&ipc=
mSearch Bar =
IE: &Search
DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} - hxxp://www.newhomebasedccr.com/test/PlaNetSysInfo.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} - hxxps://mycampus.phoenix.edu/secure/PhxStudent15.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-26 18:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-11-26 18:47
ComboFix-quarantined-files.txt 2009-11-26 23:47
ComboFix2.txt 2009-11-26 23:12
ComboFix3.txt 2009-11-26 19:52

Pre-Run: 123,594,956,800 bytes free
Post-Run: 123,577,700,352 bytes free

- - End Of File - - CC050CD6DAE26031858FED3F755BB514

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:02 PM

Posted 27 November 2009 - 07:00 AM

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 yolas

yolas
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 27 November 2009 - 06:10 PM

Malwarebytes' Anti-Malware 1.41
Database version: 3245
Windows 5.1.2600 Service Pack 3

11/27/2009 6:07:04 PM
mbam-log-2009-11-27 (18-07-04).txt

Scan type: Quick Scan
Objects scanned: 106447
Time elapsed: 14 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:02 PM

Posted 28 November 2009 - 09:42 AM

Ok great post the Eset log when you can.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 yolas

yolas
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 29 November 2009 - 08:47 PM

it indicated that no corructed files were found.. did not save the information...

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:02 PM

Posted 30 November 2009 - 07:31 AM

Great how is the computer running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 yolas

yolas
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 30 November 2009 - 04:43 PM

it's great thank you so much for helping me... it's kind of slow what can I do to resolve this issue.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users