Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected please help


  • This topic is locked This topic is locked
21 replies to this topic

#1 fscguy

fscguy

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 14 March 2010 - 06:40 PM

i am pretty sure i have a virus and i can't get rid of it.

here is my highjack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:10 PM, on 3/14/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sprint music manager\MEMonitor.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\McAfee\MSC\mcshell.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R320 Series on MAIN] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P43 "Auto EPSON Stylus Photo R320 Series on MAIN" /O13 "\\MAIN\EPSON1" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: check-ip-changed.bat
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGet.htm
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Extract Flash Video with Bytescout... - {F7DC590B-B6AD-4F7D-A778-7954A6D15B7F} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract_ie.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\StreamingStar\HiDownload\hidownload.exe (HKCU)
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth.ne...bls_speedop.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\OpenSA\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TabQuery Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\TabQuery\tabquery121.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15498 bytes

Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:29 AM

Posted 17 March 2010 - 03:49 PM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 fscguy

fscguy
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 17 March 2010 - 07:07 PM

my problem is when i do a virus scan it finds adaware.onestep but cant delete it

OTL logfile created on: 3/17/2010 6:30:21 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\jam\My Documents
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.25 Gb Total Space | 249.67 Gb Free Space | 54.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAMESDELL
Current User Name: jam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/17 18:29:42 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jam\My Documents\OTL.exe
PRC - [2010/03/01 10:50:02 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/01 10:50:01 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/26 08:18:19 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/24 23:34:15 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
PRC - [2010/01/17 11:57:51 | 002,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/17 06:59:35 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/31 03:45:14 | 003,399,727 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe
PRC - [2008/12/12 19:31:31 | 000,382,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/11/30 15:50:21 | 003,446,088 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\Webshots.scr
PRC - [2008/11/05 22:59:00 | 004,347,120 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/06/12 21:29:18 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/06/06 12:04:12 | 000,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2007/10/08 17:50:56 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/17 17:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/04/10 17:46:48 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2007/04/01 07:02:22 | 000,983,040 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Sprint music manager\MEMonitor.exe
PRC - [2007/03/13 10:41:02 | 000,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\anotify.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
PRC - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2003/02/10 16:45:22 | 000,020,480 | ---- | M] (Apache Software Foundation) -- C:\OpenSA\Apache2\bin\Apache.exe


========== Modules (SafeList) ==========

MOD - [2010/03/17 18:29:42 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jam\My Documents\OTL.exe
MOD - [2006/08/25 09:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 06:00:00 | 001,852,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\AcGenral.dll
MOD - [2004/08/04 06:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/01 19:14:38 | 000,062,824 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\TabQuery\tabquery121.exe -- (TabQuery Service)
SRV - [2010/03/01 10:50:01 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/06/09 22:54:48 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/10/11 10:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2007/05/17 17:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/01/25 13:31:34 | 000,093,048 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/02/10 16:45:22 | 000,020,480 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\OpenSA\Apache2\bin\Apache.exe -- (Apache2)


========== Driver Services (SafeList) ==========

DRV - [2010/01/17 11:57:44 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/01/17 11:57:43 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/04/26 09:49:51 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/02/17 11:43:30 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/12/26 18:51:48 | 000,013,824 | ---- | M] (LoteSoft Co.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\splitcam.sys -- (SPLITCAM)
DRV - [2008/12/01 18:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/11/01 14:38:56 | 004,620,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/23 19:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/07/19 23:10:10 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/07/19 19:26:24 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/07/19 13:00:00 | 000,235,616 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM05Vid.sys -- (OEM05Vid)
DRV - [2007/06/07 13:00:02 | 000,141,376 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM05Afx.sys -- (OEM05Afx)
DRV - [2007/04/22 19:27:48 | 000,038,784 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) StudioPro audio (WDM)
DRV - [2007/04/10 17:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2007/03/05 06:45:04 | 000,007,424 | R--- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM05Vfx.sys -- (OEM05Vfx)
DRV - [2007/01/25 13:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/01/15 18:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)
DRV - [2006/06/20 15:00:38 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2006/06/20 15:00:28 | 000,021,312 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/06/20 15:00:18 | 000,039,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/27 09:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/10/06 10:39:14 | 000,283,904 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A5AGU.sys -- (A5AGU)
DRV - [2004/10/04 06:28:38 | 000,043,392 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Athfmwdl.sys -- (ATHFMWDL)
DRV - [2004/08/04 06:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/04 00:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 00:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/07/27 11:20:46 | 000,028,205 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2004/03/23 22:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=5080610
IE - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {a3b24d40-bac4-11dc-95ff-0800200c9a66}:0.2.2
FF - prefs.js..extensions.enabledItems: performeroptimum@livejasmin.com:3.1.5.5
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:1.3.1
FF - prefs.js..extensions.enabledItems: {D591A8AF-267A-4626-AB5E-B37F643B7046}:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{5D909F89-B86E-478C-91DE-A55134BFB854}: C:\Documents and Settings\jam\Local Settings\Application Data\{5D909F89-B86E-478C-91DE-A55134BFB854}
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 23:40:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/26 08:18:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/26 08:18:25 | 000,000,000 | ---D | M]

[2009/06/21 13:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jam\Application Data\Mozilla\Extensions
[2009/06/21 13:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jam\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/16 19:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jam\Application Data\Mozilla\Firefox\Profiles\k9j8fmj0.default\extensions
[2009/08/14 07:14:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\jam\Application Data\Mozilla\Firefox\Profiles\k9j8fmj0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/21 16:19:58 | 000,000,000 | ---D | M] (jDownFF) -- C:\Documents and Settings\jam\Application Data\Mozilla\Firefox\Profiles\k9j8fmj0.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2009/11/21 16:41:25 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\jam\Application Data\Mozilla\Firefox\Profiles\k9j8fmj0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/11/01 21:25:10 | 000,000,000 | ---D | M] (Sothink SWF Catcher) -- C:\Documents and Settings\jam\Application Data\Mozilla\Firefox\Profiles\k9j8fmj0.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/03/16 19:07:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/30 07:11:11 | 000,000,000 | ---D | M] (TabQuery) -- C:\Program Files\Mozilla Firefox\extensions\{D591A8AF-267A-4626-AB5E-B37F643B7046}
[2009/07/01 18:14:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\performeroptimum@livejasmin.com
[2008/11/22 18:19:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org
[2008/10/14 12:48:28 | 000,062,872 | ---- | M] (WebEx Comminucations, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ateccli.dll
[2008/10/14 12:48:01 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2008/10/14 12:48:01 | 000,125,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2008/10/14 12:48:28 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2008/10/14 12:47:48 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2007/11/18 15:36:00 | 000,077,824 | ---- | M] (Sobonito Investment LTD) -- C:\Program Files\Mozilla Firefox\plugins\npCID.dll
[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/01/17 11:54:15 | 000,002,388 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\tabquery115.xml
[2010/01/30 07:11:11 | 000,002,391 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\tabquery119.xml
[2010/03/03 08:05:39 | 000,002,388 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\tabquery121.xml

O1 HOSTS File: ([2009/04/20 19:35:24 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (IeCatch5 Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\Jccatch.dll (FlashGet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (gFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll (Xi)
O3 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\..\Toolbar\WebBrowser: (no name) - {E55C2A00-3FF5-4C2F-A07C-A4D6314E945B} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Auto EPSON Stylus Photo R320 Series on MAIN] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005..\Run: [Eyeball Chat] C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe (Eyeball Networks Inc.)
O4 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\jam\Start Menu\Programs\Startup\check-ip-changed.bat ()
O4 - Startup: C:\Documents and Settings\jam\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\jam\Start Menu\Programs\Startup\MEMonitor.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe (Smith Micro Software, Inc.)
O4 - Startup: C:\Documents and Settings\jam\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html ()
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGetAll.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGet.htm ()
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Extract Flash Video with Bytescout... - {F7DC590B-B6AD-4F7D-A778-7954A6D15B7F} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract_ie.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} http://imlive.com/chatsource/ImlCID.cab (imlUCID Class)
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} http://www.fastaccess.drivers.bellsouth.ne...bls_speedop.cab (BLS_SpeedOP.systemcheck)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/17 18:29:39 | 000,556,032 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jam\My Documents\OTL.exe
[2010/03/10 07:48:29 | 003,555,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/09 19:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/09/21 21:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/09/21 21:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/12/17 00:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\agi
[2008/11/30 15:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\agi
[2008/11/17 00:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/10/09 11:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SupportSoft
[2008/07/15 23:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/06/17 19:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2004/08/11 18:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/08/11 18:06:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/08/11 18:06:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\jam\My Documents\*.tmp files -> C:\Documents and Settings\jam\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/17 18:33:38 | 001,491,820 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\downloads.sav
[2010/03/17 18:33:38 | 000,183,309 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\downloads.his.sav
[2010/03/17 18:33:38 | 000,009,794 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\downloads.del.sav
[2010/03/17 18:33:38 | 000,003,316 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\history.sav
[2010/03/17 18:33:38 | 000,001,817 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\schedules.sav
[2010/03/17 18:33:38 | 000,001,563 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\sites.sav
[2010/03/17 18:33:38 | 000,000,782 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\dlmgrsi.sav
[2010/03/17 18:33:38 | 000,000,387 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\groups.sav
[2010/03/17 18:33:38 | 000,000,032 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\mctasks.sav
[2010/03/17 18:33:38 | 000,000,024 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\spider.sav
[2010/03/17 18:33:38 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\uploads.1.sav
[2010/03/17 18:29:56 | 025,537,812 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\5kendra.wmv.part
[2010/03/17 18:29:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\5kendra.wmv
[2010/03/17 18:29:42 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jam\My Documents\OTL.exe
[2010/03/17 18:16:08 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\ipresub.job
[2010/03/17 17:39:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/17 14:38:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/16 22:39:00 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/16 16:20:39 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\jam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/16 16:20:29 | 038,714,173 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\dt1.wmv
[2010/03/16 16:09:53 | 000,033,019 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\dt1(1).wmv
[2010/03/16 16:08:48 | 102,790,594 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\DU-WICHSER-04.rar
[2010/03/16 15:55:56 | 253,226,314 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\Codi_Milo_3.avi
[2010/03/15 21:53:54 | 081,679,463 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\403.rar
[2010/03/15 09:49:27 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/15 07:30:50 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/15 07:30:50 | 000,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/15 07:30:50 | 000,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/15 07:28:28 | 000,039,893 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/03/15 07:27:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/15 07:26:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/15 07:26:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/15 07:24:47 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\jam\ntuser.dat
[2010/03/15 07:24:47 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\jam\ntuser.ini
[2010/03/15 01:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/03/14 01:22:24 | 081,679,313 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\Can You Cum Before Bikini Goddess Remi Catches You And Humilates (www.jerkfix.com).wmv
[2010/03/13 20:28:41 | 000,033,039 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\LL_SchlGrl_JO.wmv
[2010/03/13 17:35:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/10 14:07:18 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
[2010/03/06 02:00:42 | 041,327,028 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\LexiL.wmv
[2010/03/06 01:24:42 | 058,698,455 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\Kendra.F.wmv
[2010/03/03 08:21:35 | 004,573,623 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\ngCD13_trailer.wmv
[2010/03/02 18:40:39 | 004,885,641 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\hogKJ02_trailer.wmv
[2010/03/01 20:30:19 | 092,040,833 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\05kenstrip.wmv
[2010/03/01 19:51:07 | 125,896,059 | ---- | M] () -- C:\Documents and Settings\jam\Desktop\countdowntocumeatingforcedhigh.wmv
[2010/03/01 19:37:08 | 068,639,447 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\LyneStrokeItCommand.wmv
[2010/03/01 19:36:26 | 142,463,993 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\369.rar
[2010/03/01 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/02/27 03:30:20 | 009,758,222 | ---- | M] () -- C:\Documents and Settings\jam\Desktop\WB13060918.wmv
[2010/02/27 03:29:24 | 009,397,180 | ---- | M] () -- C:\Documents and Settings\jam\Desktop\WB13060912.wmv
[2010/02/27 03:15:39 | 006,079,991 | ---- | M] () -- C:\Documents and Settings\jam\Desktop\WBOnAirDare-ChelseaSnot.wmv
[2010/02/27 02:40:08 | 094,442,613 | ---- | M] () -- C:\Documents and Settings\jam\Desktop\isohump.wmv
[2010/02/27 02:24:46 | 000,033,201 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\isohump.wmv
[2010/02/24 04:00:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/17 13:48:17 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\jam\Start Menu\Programs\Startup\Webshots.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\jam\My Documents\*.tmp files -> C:\Documents and Settings\jam\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\kerorufe
[2010/03/17 18:29:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\5kendra.wmv
[2010/03/17 18:29:44 | 019,901,716 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\5kendra.wmv.part
[2010/03/16 16:09:52 | 000,033,019 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\dt1(1).wmv
[2010/03/16 16:09:15 | 102,904,295 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\genie105_HQ-countdown.wmv
[2010/03/16 16:05:16 | 081,679,313 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\Can You Cum Before Bikini Goddess Remi Catches You And Humilates (www.jerkfix.com).wmv
[2010/03/16 15:50:01 | 102,790,594 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\DU-WICHSER-04.rar
[2010/03/16 15:49:45 | 038,714,173 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\dt1.wmv
[2010/03/16 15:47:41 | 253,226,314 | -H-- | C] () -- C:\Documents and Settings\jam\My Documents\Codi_Milo_3.avi
[2010/03/15 21:48:36 | 081,679,463 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\403.rar
[2010/03/13 20:28:41 | 000,033,039 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\LL_SchlGrl_JO.wmv
[2010/03/06 01:53:16 | 041,327,028 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\LexiL.wmv
[2010/03/06 01:14:13 | 058,698,455 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\Kendra.F.wmv
[2010/03/03 08:21:09 | 004,573,623 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\ngCD13_trailer.wmv
[2010/03/02 18:40:15 | 004,885,641 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\hogKJ02_trailer.wmv
[2010/03/01 23:59:27 | 142,463,853 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\Tara - Follow My Direction For A Masturbation Marathon (www.jerkfix.com).wmv
[2010/03/01 20:12:51 | 092,040,833 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\05kenstrip.wmv
[2010/03/01 19:30:00 | 068,639,447 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\LyneStrokeItCommand.wmv
[2010/03/01 19:29:10 | 125,896,059 | ---- | C] () -- C:\Documents and Settings\jam\Desktop\countdowntocumeatingforcedhigh.wmv
[2010/03/01 19:18:20 | 142,463,993 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\369.rar
[2010/02/27 03:29:12 | 009,758,222 | ---- | C] () -- C:\Documents and Settings\jam\Desktop\WB13060918.wmv
[2010/02/27 03:28:18 | 009,397,180 | ---- | C] () -- C:\Documents and Settings\jam\Desktop\WB13060912.wmv
[2010/02/27 03:14:57 | 006,079,991 | ---- | C] () -- C:\Documents and Settings\jam\Desktop\WBOnAirDare-ChelseaSnot.wmv
[2010/02/27 02:24:57 | 094,442,613 | ---- | C] () -- C:\Documents and Settings\jam\Desktop\isohump.wmv
[2010/02/27 02:24:45 | 000,033,201 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\isohump.wmv
[2010/02/23 23:12:47 | 106,815,574 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\Redlight-Greenlight.m4v
[2008/12/31 19:28:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/12/29 21:54:22 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2008/12/28 17:12:31 | 000,002,395 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/12/18 19:55:17 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/12 19:26:23 | 000,000,000 | ---- | C] () -- C:\Program Files\jre-6u11-windows-i586-p.exe.bak
[2008/12/12 19:26:23 | 000,000,000 | ---- | C] () -- C:\Program Files\jre-6u11-windows-i586-p.exe
[2008/12/12 19:26:01 | 000,001,230 | ---- | C] () -- C:\Program Files\jre-6u11-windows-i586-p.exe.sdm
[2008/12/05 19:12:52 | 000,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/12/05 19:12:51 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/11/30 15:49:04 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2008/11/30 15:49:04 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2008/10/12 18:04:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/10/07 17:55:15 | 000,000,217 | ---- | C] () -- C:\WINDOWS\QScreenCapt.ini
[2008/07/30 17:52:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/20 20:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/06/20 20:18:38 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/06/20 20:18:37 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2008/06/12 20:34:17 | 000,073,216 | ---- | C] () -- C:\Documents and Settings\jam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/12 19:08:47 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\jam\Local Settings\Application Data\fusioncache.dat
[2008/06/09 23:00:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/09 22:43:49 | 000,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\livecamv.sys
[2008/06/09 22:42:36 | 000,131,070 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2008/06/09 22:24:05 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2008/06/09 22:22:42 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/05/22 18:22:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/22 18:19:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/22 18:19:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 18:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/02/11 09:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/11/18 15:22:28 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\imlCID.dll
[2007/07/27 14:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/01/25 13:31:36 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/12/05 19:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/09/22 13:12:24 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\sysinfo.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:00:52 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf(2).dll
[2004/08/11 18:00:29 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2004/08/11 18:00:29 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/08/11 18:00:21 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2004/08/11 18:00:18 | 000,056,880 | ---- | C] () -- C:\WINDOWS\System32\scvideo.dll
[2003/02/10 16:30:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\libintl.dll
[2003/02/10 16:28:48 | 000,253,952 | ---- | C] () -- C:\WINDOWS\sablot.dll
[2003/02/10 16:28:24 | 000,114,688 | ---- | C] () -- C:\WINDOWS\libexpat.dll
[2003/02/10 16:21:50 | 000,020,480 | ---- | C] () -- C:\WINDOWS\localcharset.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6F9610D
< End of report >





OTL Extras logfile created on: 3/17/2010 6:30:21 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\jam\My Documents
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.25 Gb Total Space | 249.67 Gb Free Space | 54.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAMESDELL
Current User Name: jam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3258488223-1465139301-3237350382-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Common Files\AOL\acs\AOLDial.exe" = C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\AOL\acs\AOLacsd.exe" = C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1213745417\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1213745417\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Xi\NetXfer\NetTransport.exe" = C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager -- (Xi)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\OpenSA\Apache2\bin\Apache.exe" = C:\OpenSA\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Perl\bin\perl.exe" = C:\Perl\bin\perl.exe:*:Enabled:Perl Command Line Interpreter -- (ActiveState, a division of Sophos)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\jam\Local Settings\temp\7zSBB.tmp\setup\HPZnui01.exe" = C:\Documents and Settings\jam\Local Settings\temp\7zSBB.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00718491-55BF-46C6-83EF-4B3B95AC807A}" = SplitCam
"{010AC47F-F7E5-4B82-990C-E5E76E9D8E9D}" = Shell Racing Game
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{09C32A3E-CE8E-461F-A2E6-AE798827EB2E}" = ActivePerl 5.8.3 Build 809
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1147FF9A-D576-4cb5-B5E7-FCA21D1E7D26}" = J4680
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CD0C3C5-809D-4CFC-904A-1B67C6243637}" = Debugging Tools for Windows (x86)
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3E981E45-833E-44C4-AB75-3668AA77F8EC}" = Adobe Flash Media Live Encoder 3
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{448E2D77-E504-4221-B2C2-93646B344729}" = Mouse Suite for Desktop Computers
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4DBBF091-FACD-422C-B43C-786335BD5398}" = MovieEdit Task
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{58F33687-EE1F-FE06-AC2B-6858503C33F2}" = Quick Hit - Football
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus XtremeG
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}" = Camtasia Studio 5
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{87841AF8-C785-42FF-A76E-CC0F0C2816CC}" = ATI Catalyst Control Center
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{919B9228-CEBF-418C-BCF5-A1BA043504F4}" = OpenSA web server 2
"{9F70BF98-003C-491D-81FC-FF9792206AF0}" = iTunes
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E55C2A00-3FF5-4C2F-A07C-A4D6314E945B}" = Mirar
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Complete Care Consumer Service Agreement
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FE34691C-4298-4667-9758-D7F534DD0B94}" = Dell Automated PC TuneUp
"7-Zip" = 7-Zip 4.65
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"AVI Splitter_is1" = AVI Splitter
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Banner Maker Pro 7_is1" = Banner Maker Pro Version 7
"Camfrog 5.3" = Camfrog Video Chat 5.3
"Creative OEM005" = Monitor Webcam (SP2208WFP) Driver (1.00.08.0720)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"EsetOnlineScanner" = ESET Online Scanner
"ExpertGPS_is1" = ExpertGPS 2.9.5
"Eyeball Chat 2.2" = Eyeball Chat 2.2
"FlashGet(JetCar)" = FlashGet(JetCar)
"FLV Player" = FLV Player 2.0 (build 25)
"Free Download Manager_is1" = Free Download Manager 3.0
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"HiDownload_is1" = HiDownload
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{4DBBF091-FACD-422C-B43C-786335BD5398}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX
"InstallShield_{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus XtremeG
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"LimeWire" = LimeWire 5.1.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18)
"MPEG Converter" = MPEG Converter
"MSC" = McAfee SecurityCenter
"MSNINST" = MSN
"myibay eBay bid sniper_is1" = myibay eBay bid sniper 1.0.37
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NetXfer Vista(x86) (Multilingual)_is1" = NetXfer 2.57.399
"Picasa 3" = Picasa 3
"Prism" = Prism Video Converter
"PROSet" = Intel® PRO Network Connections Drivers
"QcDrv" = Logitech® Camera Driver
"quickhit.football.QHFootball.4D5206CA741FBF5FD6AAD1A97F5076E917382B34.1" = Quick Hit - Football
"RealPlayer 6.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"SkypeCap_is1" = SkypeCap
"SprintMusicManagerA" = Sprint music manager
"TabQuery" = TabQuery 1.0 build 121
"TIMELEFT3_is1" = TimeLeft
"tintii" = indii.org/tintii
"Total Video Player 1.03_is1" = Total Video Player 1.03
"UnityWebPlayer" = Unity Web Player
"VidCrop_is1" = VidCrop
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.41-rc1
"WinPcapInst" = WinPcap 4.0
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft Video Converter" = Xilisoft Video Converter 3
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3258488223-1465139301-3237350382-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/14/2010 6:39:36 AM | Computer Name = JAMESDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/14/2010 6:39:36 AM | Computer Name = JAMESDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/14/2010 6:39:36 AM | Computer Name = JAMESDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/14/2010 6:39:36 AM | Computer Name = JAMESDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/14/2010 6:39:36 AM | Computer Name = JAMESDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/14/2010 6:39:36 AM | Computer Name = JAMESDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/14/2010 6:39:36 AM | Computer Name = JAMESDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/14/2010 6:39:37 AM | Computer Name = JAMESDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/14/2010 6:39:37 AM | Computer Name = JAMESDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/14/2010 9:43:22 PM | Computer Name = JAMESDELL | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2072 (0x818) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\jam\My
Documents\New Folder\jeep_mm_setup_gc.exe by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0)

7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

[ OSession Events ]
Error - 4/13/2009 7:57:44 PM | Computer Name = JAMESDELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 168406
seconds with 180 seconds of active time. This session ended with a crash.

Error - 4/20/2009 7:22:52 PM | Computer Name = JAMESDELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 84843
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/6/2010 7:11:33 PM | Computer Name = JAMESDELL | Source = Service Control Manager | ID = 7000
Description = The StudioPro webcam service failed to start due to the following
error: %%2

Error - 3/6/2010 7:11:33 PM | Computer Name = JAMESDELL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the TabQuery Service service
to connect.

Error - 3/6/2010 7:13:06 PM | Computer Name = JAMESDELL | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/7/2010 8:22:23 PM | Computer Name = JAMESDELL | Source = Service Control Manager | ID = 7000
Description = The StudioPro webcam service failed to start due to the following
error: %%2

Error - 3/7/2010 8:22:23 PM | Computer Name = JAMESDELL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the TabQuery Service service
to connect.

Error - 3/7/2010 8:23:45 PM | Computer Name = JAMESDELL | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/14/2010 9:44:05 PM | Computer Name = JAMESDELL | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 3/15/2010 7:26:10 AM | Computer Name = JAMESDELL | Source = Service Control Manager | ID = 7000
Description = The StudioPro webcam service failed to start due to the following
error: %%2

Error - 3/15/2010 7:26:10 AM | Computer Name = JAMESDELL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the TabQuery Service service
to connect.

Error - 3/15/2010 7:27:36 AM | Computer Name = JAMESDELL | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.


< End of report >

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2010-03-17 19:59:00
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB05280B0]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB046B78A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB046B837]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB046B863]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB046B8D1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB046B8BB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB046B7CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB046B8FD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB046B80D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB046B710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB046B724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB046B79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB046B939]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB046B8A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB046B88F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB046B84D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB046B925]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB046B911]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB046B776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB046B762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB046B7F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB046B8E7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB046B7E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB046B7B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504ABC 7 Bytes JMP B046B7B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80577F8E 5 Bytes JMP B046B78E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B0E34 7 Bytes JMP B046B7CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B1C42 5 Bytes JMP B046B7E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B7218 7 Bytes JMP B046B7A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CA156 5 Bytes JMP B046B714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CA3E2 5 Bytes JMP B046B728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CCBA0 5 Bytes JMP B046B766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D0436 5 Bytes JMP B046B77A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D1680 5 Bytes JMP B046B7FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 80620660 7 Bytes JMP B046B893 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 806209AE 5 Bytes JMP B046B915 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80620F2E 7 Bytes JMP B046B8EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80621774 7 Bytes JMP B046B8A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80621FCC 7 Bytes JMP B046B851 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80622A36 7 Bytes JMP B046B83B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80622C06 7 Bytes JMP B046B867 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80622DE6 7 Bytes JMP B046B8D5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 80623050 7 Bytes JMP B046B8BF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 8062393C 5 Bytes JMP B046B811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80623C60 7 Bytes JMP B046B93D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 80624186 5 Bytes JMP B046B929 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 806242A0 5 Bytes JMP B046B901 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0063000A
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00630F85
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00630084
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00630073
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00630FC0
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00630047
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00630F5E
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 006300B0
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006300F7
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006300DC
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00630108
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00630062
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00630025
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00630095
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00630036
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00630FE5
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 006300CB
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007B0036
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007B0FC3
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007B001B
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007B0000
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 007B0080
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 007B0FEF
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 007B0065
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 007B0FD4
.text C:\WINDOWS\system32\svchost.exe[176] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00650FDB
.text C:\WINDOWS\system32\svchost.exe[176] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[176] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00650011
.text C:\WINDOWS\system32\svchost.exe[176] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 0065002E
.text C:\WINDOWS\system32\svchost.exe[176] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00830FEF
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008300A7
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0083008C
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00830FA8
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0083005B
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0083002F
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008300E9
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008300C2
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008300FA
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00830F61
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00830F46
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0083004A
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00830FDE
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00830F97
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00830014
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00830FC3
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00830F7C
.text C:\WINDOWS\system32\svchost.exe[528] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00820FD4
.text C:\WINDOWS\system32\svchost.exe[528] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00820F68
.text C:\WINDOWS\system32\svchost.exe[528] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0082001B
.text C:\WINDOWS\system32\svchost.exe[528] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00820FEF
.text C:\WINDOWS\system32\svchost.exe[528] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00820F83
.text C:\WINDOWS\system32\svchost.exe[528] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00820000
.text C:\WINDOWS\system32\svchost.exe[528] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00820F9E
.text C:\WINDOWS\system32\svchost.exe[528] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [ A2, 88 ]
.text C:\WINDOWS\system32\svchost.exe[528] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00820FB9
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0000
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A004E
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F59
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0F74
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A003D
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FB6
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F2D
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0069
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A009A
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F01
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001A0EE6
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001A0FA5
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001A001B
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001A0F3E
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001A002C
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001A0FDB
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001A0F1C
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290025
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290F9B
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0029000A
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FD4
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00290062
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00290047
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00290036
.text C:\WINDOWS\Explorer.EXE[752] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 002C001B
.text C:\WINDOWS\Explorer.EXE[752] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 002C000A
.text C:\WINDOWS\Explorer.EXE[752] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 002C002C
.text C:\WINDOWS\Explorer.EXE[752] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 002C0FCF
.text C:\WINDOWS\Explorer.EXE[752] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 013D0FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[912] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[912] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A60000
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A60F5C
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A60F77
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A60051
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A60F94
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A6002C
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A600A4
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A60093
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A60F1C
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A60F37
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A60F01
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A60FAF
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A60FDB
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A6006C
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A60FC0
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A60011
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A600B5
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01260F9E
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01260F61
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01260FB9
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01260FCA
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 0126001E
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 01260FE5
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 01260F72
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [ 46, 89 ]
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 01260F83
.text C:\WINDOWS\system32\services.exe[1060] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A80000
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E40FE5
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E40056
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E40F61
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E40F72
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E4002F
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E40F9E
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E40084
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E40067
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E40EFC
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E40F17
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00E400A6
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00E40F83
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E40FD4
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00E40F46
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00E40014
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00E40FC3
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00E40095
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F40FC3
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F4006C
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F40014
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F40FDE
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00F4005B
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00F4004A
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00F40039
.text C:\WINDOWS\system32\lsass.exe[1072] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00F20FEF
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0091006A
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00910F75
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00910F86
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00910F97
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00910039
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009100A9
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00910098
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00910F2B
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00910F3C
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009100DF
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00910FB2
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00910014
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 0091007B
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00910FCD
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00910FDE
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 009100BA
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00940022
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00940069
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00940011
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00940FE5
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00940058
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00940000
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00940FB6
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [ B4, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 0094003D
.text C:\WINDOWS\system32\svchost.exe[1256] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A80000
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A80F5C
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A80051
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A80F83
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A80F94
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A80FCA
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A80F3F
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A80087
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A800BD
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A800AC
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A800CE
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A80FA5
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A8001B
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A8006C
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A80FDB
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A8002C
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A80F2E
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AB0FCD
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AB0068
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AB0014
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AB0FDE
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00AB004D
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00AB0FA1
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [ CB, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00AB0FBC
.text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A9000A
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02480FEF
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 02480F6D
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02480062
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02480047
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02480F8A
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02480FB6
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 0248009F
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0248008E
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 024800D5
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02480F3C
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 024800F0
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 02480FA5
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 02480000
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 02480073
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 02480022
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 02480011
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 024800BA
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 024C0FA8
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 024C0F7C
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 024C0FB9
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 024C0FCA
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 024C0039
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 024C0FEF
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 024C0028
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 024C0F97
.text C:\WINDOWS\System32\svchost.exe[1356] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 02490FEF
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 024A0FDE
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 024A0FEF
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 024A0FCD
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 024A0FBC
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00780000
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00780F6D
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00780F7E
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00780062
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00780FAF
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00780040
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00780F48
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00780090
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00780F2D
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007800C6
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00780F12
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00780051
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00780FE5
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00780073
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00780FCA
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0078001B
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 007800AB
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007F0FAF
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007F0F8A
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007F0FCA
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007F0FDB
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 007F0047
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 007F0000
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 007F0036
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 007F001B
.text C:\WINDOWS\system32\svchost.exe[1584] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 007D0FE5
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00990FE5
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00990F6D
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00990062
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00990F94
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00990051
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00990040
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00990F37
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00990F48
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009900BF
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009900A4
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009900D0
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00990FAF
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00990FCA
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00990073
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00990025
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00990F26
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009C0FD1
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009C0073
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009C0022
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009C0011
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 009C0FAC
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 009C004E
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 009C003D
.text C:\WINDOWS\system32\svchost.exe[1608] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009A0000
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0070000A
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00700F7C
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00700F8D
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00700FA8
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00700065
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00700FC3
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00700F50
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00700098
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00700F13
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00700F24
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 007000C7
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0070004A
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00700FEF
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00700F61
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00700025
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00700FD4
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00700F3F
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006F0025
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006F0F9E
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006F0FD4
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006F000A
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 006F005B
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 006F0FEF
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 006F004A
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 006F0FC3
.text C:\WINDOWS\System32\svchost.exe[2248] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006D0000
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00700FE5
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00700F68
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0070005D
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0070004C
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00700F83
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00700025
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00700F4B
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00700093
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007000C9
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00700F26
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 007000DA
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00700F94
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00700FD4
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00700082
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00700FAF
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00700000
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 007000A4
.text C:\WINDOWS\System32\svchost.exe[2280] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006F0FE5
.text C:\WINDOWS\System32\svchost.exe[2280] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006F009B
.text C:\WINDOWS\System32\svchost.exe[2280] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006F002C
.text C:\WINDOWS\System32\svchost.exe[2280] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006F001B
.text C:\WINDOWS\System32\svchost.exe[2280] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 006F0076
.text C:\WINDOWS\System32\svchost.exe[2280] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 006F0000
.text C:\WINDOWS\System32\svchost.exe[2280] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 006F0FD4
.text C:\WINDOWS\System32\svchost.exe[2280] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [ 8F, 88 ]
.text C:\WINDOWS\System32\svchost.exe[2280] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 006F0051
.text C:\WINDOWS\System32\svchost.exe[2280] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006D0000
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A60FEF
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A6006C
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A60F77
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A60F92
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A60051
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A60FAF
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A60F4B
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A60F5C
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A60EFA
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A60F15
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A60EE9
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A60036
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A60FD4
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A60087
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A60025
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A60000
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A60F30
.text C:\WINDOWS\system32\svchost.exe[2428] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A50FB9
.text C:\WINDOWS\system32\svchost.exe[2428] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A50F8D
.text C:\WINDOWS\system32\svchost.exe[2428] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A50FD4
.text C:\WINDOWS\system32\svchost.exe[2428] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A50FE5
.text C:\WINDOWS\system32\svchost.exe[2428] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00A50F9E
.text C:\WINDOWS\system32\svchost.exe[2428] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00A50000
.text C:\WINDOWS\system32\svchost.exe[2428] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00A50040
.text C:\WINDOWS\system32\svchost.exe[2428] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00A50025
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B009A
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0089
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B006E
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0047
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0FC0
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B0F65
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B00AB
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B0F2F
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B0F4A
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001B00ED
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001B0FA5
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001B0F8A
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001B002C
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001B00C8
.text C:\WINDOWS\system32\wuauclt.exe[4712] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B0FE5
.text C:\WINDOWS\system32\wuauclt.exe[4712] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\wuauclt.exe[4712] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0036
.text C:\WINDOWS\system32\wuauclt.exe[4712] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B001B
.text C:\WINDOWS\system32\wuauclt.exe[4712] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 002B0051
.text C:\WINDOWS\system32\wuauclt.exe[4712] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 002B0000
.text C:\WINDOWS\system32\wuauclt.exe[4712] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 002B0FAF
.text C:\WINDOWS\system32\wuauclt.exe[4712] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [ 4B, 88 ]
.text C:\WINDOWS\system32\wuauclt.exe[4712] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 002B0FC0
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0000
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F8B
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A008A
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A006F
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0FB2
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0040
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F5F
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A00A7
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0F2C
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F3D
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001A00E0
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001A0F70
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001A001B
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001A0F4E
.text C:\WINDOWS\system32\svchost.exe[4972] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0029002C
.text C:\WINDOWS\system32\svchost.exe[4972] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290062
.text C:\WINDOWS\system32\svchost.exe[4972] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0029001B
.text C:\WINDOWS\system32\svchost.exe[4972] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0029000A
.text C:\WINDOWS\system32\svchost.exe[4972] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00290051
.text C:\WINDOWS\system32\svchost.exe[4972] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\svchost.exe[4972] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00290FA5
.text C:\WINDOWS\system32\svchost.exe[4972] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [ 49, 88 ]
.text C:\WINDOWS\system32\svchost.exe[4972] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00290FC0
.text C:\WINDOWS\system32\svchost.exe[4972] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B20FEF
.text C:\WINDOWS\system32\svchost.exe[4972] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[4972] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[4972] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\system32\svchost.exe[4972] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00BC0FB9

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat 9EA6BC8A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.14 ----

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:29 AM

Posted 18 March 2010 - 02:43 AM

Hello fscguy,

P2P WARNING
-------------------
Going over your logs I noticed that you have LimeWire installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 fscguy

fscguy
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 19 March 2010 - 05:22 PM

i had to attach the log because it wouldnt allow me to copy the whole thing to a single post

Attached File  ComboFix.txt   300.33KB   15 downloads

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:29 AM

Posted 20 March 2010 - 04:52 AM

Please post me also the log you'll find at c:\qoobox\combofix5.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 fscguy

fscguy
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 20 March 2010 - 11:22 AM

ComboFix 09-01-07.01 - jam 2009-01-07 17:47:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2583 [GMT -5:00]
Running from: c:\documents and settings\jam\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jam\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\BMb738d35f.txt
c:\windows\cookies.ini
c:\windows\system32\MPG4C32.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-05 06:31 . 2009-01-05 06:31 <DIR> d-------- c:\windows\LastGood
2009-01-03 15:41 . 2009-01-03 15:41 <DIR> d-------- c:\program files\Ascentive
2009-01-03 15:41 . 2008-07-29 11:27 208,896 --a------ c:\windows\system32\ConTest.dll
2009-01-03 15:41 . 2008-08-20 17:44 45,056 --a------ c:\windows\system32\CreateLog.dll
2009-01-03 15:41 . 2007-07-03 11:48 36,864 --a------ c:\windows\system32\ascbalon.dll
2009-01-03 15:41 . 2007-07-03 11:48 20,480 --a------ c:\windows\system32\SysRestore.dll
2008-12-31 18:29 . 2008-12-31 18:30 27,265,566 --a------ C:\12302008-232738.wmv
2008-12-31 18:29 . 2008-12-31 18:49 5 --a------ c:\windows\system32\SySAVI2WMV.dat
2008-12-31 18:28 . 2008-12-31 18:28 <DIR> d-------- c:\program files\ezvideotools.com
2008-12-31 18:24 . 2008-12-31 18:25 <DIR> d-------- c:\program files\MPEG Converter
2008-12-31 18:24 . 2003-09-23 18:31 794,624 --a------ c:\windows\system32\mpgfiltr.ax
2008-12-31 18:24 . 2003-10-07 22:15 348,160 --a------ c:\windows\system32\axVideoConvert.dll
2008-12-31 18:24 . 2002-07-09 22:42 140,288 --a------ c:\windows\system32\Comdlg32.ocx
2008-12-31 17:33 . 2008-12-31 17:33 76,056 --a------ C:\img2-001.raw
2008-12-30 21:01 . 2008-12-30 21:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\EyePowerGames
2008-12-29 22:23 . 2009-01-02 21:49 <DIR> d-------- c:\documents and settings\jam\Application Data\HPAppData
2008-12-29 20:54 . 2007-04-10 16:46 1,966,696 --a------ c:\windows\system32\drivers\VX3000.sys
2008-12-29 20:54 . 2007-04-10 16:46 709,992 --a------ c:\windows\vVX3000.exe
2008-12-29 20:54 . 2007-04-10 16:46 476,520 --a------ c:\windows\vVX3000.dll
2008-12-29 20:54 . 2007-04-10 16:46 202,088 --a------ c:\windows\system32\LCCoin14.dll
2008-12-29 20:54 . 2007-04-10 16:46 185,704 --a------ c:\windows\system32\cVX3000.dll
2008-12-29 20:54 . 2007-04-10 16:46 111,976 --a------ c:\windows\VX3000.dll
2008-12-29 20:54 . 2007-04-10 16:46 15,498 --a------ c:\windows\VX3000.ini
2008-12-29 20:54 . 2007-04-10 16:46 13,023 --a------ c:\windows\VX3000.src
2008-12-29 20:53 . 2008-12-29 20:54 <DIR> d-------- c:\program files\Microsoft LifeCam
2008-12-29 03:00 . 2008-12-29 03:00 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-28 16:57 . 2008-12-28 16:57 <DIR> d-------- c:\documents and settings\jam\Application Data\HP
2008-12-28 16:48 . 2008-12-28 16:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2008-12-28 16:46 . 2008-12-28 16:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-12-28 16:46 . 2007-11-06 21:10 271,704 -ra------ c:\windows\system32\hpzids01.dll
2008-12-28 16:46 . 2007-12-03 18:57 118,272 --a------ c:\windows\system32\hpz3l5mu.dll
2008-12-28 16:45 . 2007-10-31 05:35 729,088 -ra------ c:\windows\system32\hpwwiax4.dll
2008-12-28 16:45 . 2007-10-31 05:35 593,920 -ra------ c:\windows\system32\hpwtscl3.dll
2008-12-28 16:45 . 2007-01-17 11:37 364,544 -ra------ c:\windows\system32\hppldcoi.dll
2008-12-28 16:45 . 2007-01-17 11:37 309,760 -ra------ c:\windows\system32\difxapi.dll
2008-12-28 16:45 . 2007-01-17 11:31 294,912 -ra------ c:\windows\system32\hpovst11.dll
2008-12-28 16:45 . 2001-08-17 13:53 6,784 --a------ c:\windows\system32\drivers\serscan.sys
2008-12-28 16:45 . 2001-08-17 13:53 6,784 --a------ c:\windows\system32\dllcache\serscan.sys
2008-12-28 16:29 . 2008-12-28 16:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-12-28 16:28 . 2008-12-28 16:28 <DIR> d-------- c:\program files\Hewlett-Packard
2008-12-28 16:28 . 2008-12-28 16:28 <DIR> d-------- c:\program files\Common Files\HP
2008-12-28 16:28 . 2008-12-28 16:28 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2008-12-28 16:28 . 2008-12-28 16:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-12-28 16:25 . 2008-12-28 16:47 178,379 --a------ c:\windows\hpwins20.dat
2008-12-28 16:25 . 2008-01-08 07:42 2,428 -ra------ c:\windows\hpwmdl20.dat
2008-12-28 16:15 . 2008-12-28 16:15 <DIR> d-------- c:\windows\yellowtail+1
2008-12-28 16:15 . 2008-12-28 16:29 <DIR> d-------- c:\program files\HP
2008-12-28 16:15 . 2007-11-06 21:04 1,373,528 -ra------ c:\windows\hpzshl01.exe
2008-12-28 16:15 . 2007-11-06 21:15 1,140,056 -ra------ c:\windows\hpzmsi01.exe
2008-12-28 16:15 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-28 16:15 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys
2008-12-28 16:15 . 2008-01-08 07:44 12,054 -ra------ c:\windows\hpwscr20.dat
2008-12-28 15:31 . 2008-12-28 15:31 0 --a------ c:\windows\ativpsrm.bin
2008-12-28 15:29 . 2008-12-28 15:29 <DIR> d-------- C:\ATI
2008-12-26 17:51 . 2008-12-31 17:37 <DIR> d-------- c:\program files\SplitCam
2008-12-26 17:51 . 2003-05-14 21:07 389,120 --a------ c:\windows\system32\actskn43.ocx
2008-12-26 17:51 . 2008-12-26 17:51 13,824 --a------ c:\windows\system32\drivers\splitcam.sys
2008-12-24 22:11 . 2008-12-30 23:14 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-22 17:25 . 2008-12-22 17:25 <DIR> d-------- c:\program files\innoheim
2008-12-22 17:23 . 2008-12-22 17:23 <DIR> d-------- c:\program files\Common Files\Download Manager
2008-12-21 20:51 . 2008-12-21 20:51 <DIR> d-------- c:\program files\SkypeCap
2008-12-21 20:51 . 2008-12-21 20:51 <DIR> d-------- c:\documents and settings\jam\Application Data\SkypeCap
2008-12-21 16:43 . 2008-12-21 16:43 <DIR> d-------- c:\program files\Common Files\TechSmith Shared
2008-12-18 18:55 . 2008-12-18 18:55 25 --a------ c:\windows\cdplayer.ini
2008-12-16 23:49 . 2008-12-16 23:49 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\agi
2008-12-13 12:11 . 2008-12-13 12:11 <DIR> d-------- c:\program files\Unity
2008-12-12 18:31 . 2008-12-12 18:31 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-12 18:26 . 2008-12-12 18:29 0 --------- c:\program files\jre-6u11-windows-i586-p.exe
2008-12-12 18:25 . 2008-12-12 18:29 <DIR> d-------- c:\documents and settings\jam\.SunDownloadManager
2008-12-12 03:00 . 2008-12-12 03:03 1,393 --a------ c:\windows\imsins.BAK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 22:28 --------- d-----w c:\documents and settings\jam\Application Data\Skype
2009-01-07 21:03 --------- d-----w c:\documents and settings\jam\Application Data\skypePM
2009-01-07 06:14 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-05 11:31 --------- d-----w c:\program files\McAfee
2009-01-03 20:41 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-30 01:35 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-28 21:23 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-28 20:56 --------- d-----w c:\program files\Virtual Earth 3D
2008-12-28 20:11 --------- d-----w c:\program files\Google
2008-12-25 19:51 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-16 04:26 --------- d-----w c:\program files\FlashGet
2008-12-12 23:34 --------- d-----w c:\program files\Java
2008-12-12 23:26 1,230 ----a-w c:\program files\jre-6u11-windows-i586-p.exe.sdm
2008-12-12 23:26 0 ----a-w c:\program files\jre-6u11-windows-i586-p.exe.bak
2008-12-12 17:33 3,060,224 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-01 22:13 3,452,928 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-12-01 22:13 3,452,928 ----a-w c:\windows\system32\dllcache\ati2mtag.sys
2008-12-01 20:52 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll
2008-12-01 20:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll
2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-12-01 20:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-12-01 20:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2008-12-01 20:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\dllcache\ati3duag.dll
2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll
2008-12-01 20:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\dllcache\ativvaxx.dll
2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll
2008-12-01 19:57 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalrt.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalcl.dll
2008-12-01 19:53 401,408 ----a-w c:\windows\system32\atikvmag.dll
2008-12-01 19:52 86,016 ----a-w c:\windows\system32\atiadlxx.dll
2008-12-01 19:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-12-01 19:51 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-12-01 19:50 3,252,224 ----a-w c:\windows\system32\Amdcaldd.dll
2008-12-01 19:50 286,720 ----a-w c:\windows\system32\atiok3x2.dll
2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-12-01 19:35 593,920 ------w c:\windows\system32\ati2sgag.exe
2008-11-30 19:50 --------- d-----w c:\program files\Webshots
2008-11-30 19:50 --------- d-----w c:\documents and settings\LocalService\Application Data\agi
2008-11-30 19:50 --------- d-----w c:\documents and settings\jam\Application Data\Webshots
2008-11-30 19:50 --------- d-----w c:\documents and settings\jam\Application Data\agi
2008-11-30 19:49 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-11-30 19:49 339,968 ----a-w c:\windows\system32\pythoncom25.dll
2008-11-30 19:49 2,117,632 ----a-w c:\windows\system32\python25.dll
2008-11-30 19:49 114,688 ----a-w c:\windows\system32\pywintypes25.dll
2008-11-30 19:49 --------- d-----w c:\documents and settings\All Users\Application Data\agi
2008-11-30 19:48 --------- d-----w c:\program files\AGI
2008-11-29 18:54 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-11-23 01:02 --------- d-----w c:\program files\Common Files\Skype
2008-11-23 01:02 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-22 22:28 --------- d-----w c:\documents and settings\jam\Application Data\Yahoo!
2008-11-22 22:23 --------- d-----w c:\program files\TimeLeft3
2008-11-22 22:23 --------- d-----w c:\program files\Skyworks Interactive
2008-11-22 22:23 --------- d-----w c:\program files\myibay
2008-11-22 22:23 --------- d-----w c:\program files\GeoVid
2008-11-22 22:23 --------- d-----w c:\program files\Bonjour
2008-11-22 22:23 --------- d-----w c:\documents and settings\jam\Application Data\NesterSoft
2008-11-22 22:23 --------- d-----w c:\documents and settings\All Users\Application Data\GeoVid
2008-11-22 22:20 --------- d-----w c:\program files\Skype
2008-11-22 22:20 --------- d-----w c:\program files\Lavasoft(2)
2008-11-22 22:20 --------- d-----w c:\program files\Lavasoft
2008-11-22 22:20 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-22 19:06 --------- d-----w c:\program files\Yahoo!
2008-11-22 18:35 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-10 23:06 --------- d-----w c:\documents and settings\jam\Application Data\.myibay
2008-11-10 23:04 --------- d-----w c:\program files\eBay Auction Sniper and Auto Search
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-21 18:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe
2008-10-21 17:40 81,920 ----a-w c:\windows\system32\ATIODE.exe
2008-10-21 17:40 45,056 ----a-w c:\windows\system32\ATIODCLI.exe
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2(2).dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\netapi32(4).dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\netapi32(3).dll
2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 09:45 18,432 ------w c:\windows\system32\dllcache\iedw.exe
2008-06-24 00:54 61,224 ----a-w c:\documents and settings\jam\GoToAssistDownloadHelper.exe
2008-10-14 16:48 62,872 ----a-w c:\program files\mozilla firefox\plugins\ateccli.dll
2008-10-14 16:48 27,976 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-10-14 16:48 125,848 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-10-14 16:48 98,712 ----a-w c:\program files\mozilla firefox\plugins\ieatgpc.dll
2008-12-20 06:49 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 06:49 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 06:49 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 06:49 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 06:49 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-06-14 15:56 76 --sh--r c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-06 50528]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"Eyeball Chat"="c:\progra~1\Eyeball\EYEBAL~1\EyeballChat.exe" [2002-10-11 2863176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"Performance Center"="c:\program files\Ascentive\Performance Center\APCMain.exe" [2008-08-13 3244032]
"PC SpeedScan Pro"="c:\program files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe" [2008-08-21 2093056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\MAIN\EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-12 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"Auto EPSON Stylus Photo R320 Series on MAIN"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\jam\Start Menu\Programs\Startup\
check-ip-changed.bat [2008-10-15 58]
MEMonitor.lnk - c:\program files\Sprint music manager\MEMonitor.exe [2008-07-30 983040]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-11-30 157000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-09 21:54 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-06-06 11:04 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
--a------ 2004-10-14 09:17 45056 c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2008-06-03 00:35 50528 c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-09-25 09:12 90112 c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 05:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
--------- 2007-07-27 15:43 118784 c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
--a------ 2007-10-11 09:49 465136 c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-08-13 23:04 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2008-03-11 12:44 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2008-02-28 13:18 17920 c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 12:16 42032 c:\program files\Common Files\AOL\1213745417\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 13:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 14:24 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 14:14 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 16:32 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 19:12 582992 c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM05Mon.exe]
-ra------ 2007-05-08 12:00 36864 c:\windows\OEM05Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
--------- 2007-09-17 11:56 124200 c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-06-12 20:29 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-11-05 21:59 4347120 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]
--a------ 2006-11-08 15:01 49152 c:\windows\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-10-25 10:57 16855552 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"stllssvr"=3 (0x3)
"sprtsvc_dellsupportcenter"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"gusvc"=2 (0x2)
"ATI Smart"=2 (0x2)
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1213745417\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)

R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2004-10-06 283904]
R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\drivers\OEM05Afx.sys [2008-06-09 141376]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [2008-06-09 7424]
R3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [2008-06-09 235616]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-06-09 31616]
R4 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [2008-11-30 10240]
R4 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-08-23 5376]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-06-12 24652]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2004-10-04 43392]
S3 EuMusDesignVirtualAudioCableWdm;StudioPro audio (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2008-06-22 38784]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S4 0302641231155080mcinstcleanup;McAfee Application Installer Cleanup (0302641231155080);c:\windows\TEMP\030264~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\030264~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S4 StudioPro;StudioPro webcam;c:\windows\system32\DRIVERS\StudioPro.sys --> c:\windows\system32\DRIVERS\StudioPro.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2009-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2009-01-07 c:\windows\Tasks\ipresub.job
- c:\perl\bin\perl.exe [2004-02-02 23:29]

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20)
MSConfigStartUp-b40be0c3 - c:\windows\system32\wuietjop.dll
MSConfigStartUp-BMb738d35f - c:\windows\system32\oumxdixd.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
uInternet Settings,ProxyOverride = *.local
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download all by NetXfer - c:\program files\Xi\NetXfer\NXAddList.html
IE: Download All Files by HiDownload - c:\program files\StreamingStar\HiDownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\StreamingStar\HiDownload\HDGet.htm
IE: Download by NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{F7DC590B-B6AD-4F7D-A778-7954A6D15B7F} - c:\program files\Bytescout Movies Extractor Scout\flashextract_ie.html
Trusted Zone: *.internet
Trusted Zone: *.mcafee.com
FF - ProfilePath - c:\documents and settings\jam\Application Data\Mozilla\Firefox\Profiles\ky7hdgf7.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.aol.com/37080/aol/en-us/suite.aspx|http://mail.google.com/mail/#inbox|http://www.match.com/connect/connectionsHelp.aspx|http://www.plentyoffish.com/inbox.aspx?Guid=&SID=#in
FF - component: c:\documents and settings\jam\Application Data\Mozilla\Firefox\Profiles\ky7hdgf7.default\extensions\piclens@cooliris.com\components\piclensstub.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - plugin: c:\documents and settings\jam\Application Data\Mozilla\Firefox\Profiles\ky7hdgf7.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000054.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCID.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 17:48:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1020)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2009-01-07 17:49:43
ComboFix-quarantined-files.txt 2009-01-07 22:49:41

Pre-Run: 308,281,171,968 bytes free
Post-Run: 308,423,561,216 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

429 --- E O F --- 2008-12-29 08:00:44
ComboFix 09-01-07.01 - jam 2009-01-07 19:34:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2614 [GMT -5:00]
Running from: c:\documents and settings\jam\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jam\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point

FILE ::
c:\windows\CT4CET.bin
c:\windows\system32\ascbalon.dll
c:\windows\system32\ConTest.dll
c:\windows\system32\LCCoin14.dll
c:\windows\system32\oumxdixd.dll
c:\windows\system32\SySAVI2WMV.dat
c:\windows\system32\SysRestore.dll
c:\windows\system32\wuietjop.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\agi
c:\program files\agi\common\agcutils.dll
c:\program files\agi\common\bootstrapper.exe
c:\program files\agi\common\common.zip
c:\program files\agi\common\comtypes\__init__.py
c:\program files\agi\common\comtypes\__init__.pyc
c:\program files\agi\common\comtypes\_comobject.py
c:\program files\agi\common\comtypes\_comobject.pyc
c:\program files\agi\common\comtypes\_meta.py
c:\program files\agi\common\comtypes\_meta.pyc
c:\program files\agi\common\comtypes\_safearray.py
c:\program files\agi\common\comtypes\_safearray.pyc
c:\program files\agi\common\comtypes\automation.py
c:\program files\agi\common\comtypes\automation.pyc
c:\program files\agi\common\comtypes\client\__init__.py
c:\program files\agi\common\comtypes\client\__init__.pyc
c:\program files\agi\common\comtypes\client\_events.py
c:\program files\agi\common\comtypes\client\_events.pyc
c:\program files\agi\common\comtypes\client\_generate.py
c:\program files\agi\common\comtypes\client\_generate.pyc
c:\program files\agi\common\comtypes\client\dynamic.py
c:\program files\agi\common\comtypes\client\dynamic.pyc
c:\program files\agi\common\comtypes\connectionpoints.py
c:\program files\agi\common\comtypes\connectionpoints.pyc
c:\program files\agi\common\comtypes\errorinfo.py
c:\program files\agi\common\comtypes\errorinfo.pyc
c:\program files\agi\common\comtypes\gen\__init__.py
c:\program files\agi\common\comtypes\gen\__init__.pyc
c:\program files\agi\common\comtypes\gen\_00020430_0000_0000_C000_000000000046_0_2_0.py
c:\program files\agi\common\comtypes\git.py
c:\program files\agi\common\comtypes\GUID.py
c:\program files\agi\common\comtypes\GUID.pyc
c:\program files\agi\common\comtypes\hresult.py
c:\program files\agi\common\comtypes\hresult.pyc
c:\program files\agi\common\comtypes\logutil.py
c:\program files\agi\common\comtypes\messageloop.py
c:\program files\agi\common\comtypes\messageloop.pyc
c:\program files\agi\common\comtypes\partial.py
c:\program files\agi\common\comtypes\partial.pyc
c:\program files\agi\common\comtypes\persist.py
c:\program files\agi\common\comtypes\safearray.py
c:\program files\agi\common\comtypes\safearray.pyc
c:\program files\agi\common\comtypes\server\__init__.py
c:\program files\agi\common\comtypes\server\__init__.pyc
c:\program files\agi\common\comtypes\server\automation.py
c:\program files\agi\common\comtypes\server\automation.pyc
c:\program files\agi\common\comtypes\server\connectionpoints.py
c:\program files\agi\common\comtypes\server\inprocserver.py
c:\program files\agi\common\comtypes\server\inprocserver.pyc
c:\program files\agi\common\comtypes\server\localserver.py
c:\program files\agi\common\comtypes\server\localserver.pyc
c:\program files\agi\common\comtypes\server\register.py
c:\program files\agi\common\comtypes\server\register.pyc
c:\program files\agi\common\comtypes\server\w_getopt.py
c:\program files\agi\common\comtypes\server\w_getopt.pyc
c:\program files\agi\common\comtypes\tools\__init__.py
c:\program files\agi\common\comtypes\tools\codegenerator.py
c:\program files\agi\common\comtypes\tools\tlbparser.py
c:\program files\agi\common\comtypes\tools\typedesc.py
c:\program files\agi\common\comtypes\tools\typedesc_base.py
c:\program files\agi\common\comtypes\typeinfo.py
c:\program files\agi\common\comtypes\typeinfo.pyc
c:\program files\agi\common\comtypes\util.py
c:\program files\agi\common\configobj.py
c:\program files\agi\common\configobj.pyc
c:\program files\agi\common\dateutil\__init__.py
c:\program files\agi\common\dateutil\__init__.pyc
c:\program files\agi\common\dateutil\easter.py
c:\program files\agi\common\dateutil\parser.py
c:\program files\agi\common\dateutil\parser.pyc
c:\program files\agi\common\dateutil\relativedelta.py
c:\program files\agi\common\dateutil\relativedelta.pyc
c:\program files\agi\common\dateutil\rrule.py
c:\program files\agi\common\dateutil\tz.py
c:\program files\agi\common\dateutil\tz.pyc
c:\program files\agi\common\dateutil\tzwin.py
c:\program files\agi\common\dateutil\tzwin.pyc
c:\program files\agi\common\dateutil\zoneinfo\__init__.py
c:\program files\agi\common\dateutil\zoneinfo\zoneinfo-2005q.tar.gz
c:\program files\agi\common\dependencies.zip
c:\program files\agi\common\Microsoft.VC80.CRT.manifest
c:\program files\agi\common\msvcp80.dll
c:\program files\agi\common\msvcr80.dll
c:\program files\agi\common\pyagcore\__init__.pyc
c:\program files\agi\common\pyagcore\agservice.pyc
c:\program files\agi\common\pyagcore\config\__init__.pyc
c:\program files\agi\common\pyagcore\config\appconfig.pyc
c:\program files\agi\common\pyagcore\config\config.pyc
c:\program files\agi\common\pyagcore\cookieutil.pyc
c:\program files\agi\common\pyagcore\install\__init__.pyc
c:\program files\agi\common\pyagcore\install\agcustomactions.pyc
c:\program files\agi\common\pyagcore\install\appupdate.pyc
c:\program files\agi\common\pyagcore\install\autoupdate.pyc
c:\program files\agi\common\pyagcore\install\dependency\__init__.pyc
c:\program files\agi\common\pyagcore\install\dependency\KiweeToolbar.pyc
c:\program files\agi\common\pyagcore\install\dependencychecker.pyc
c:\program files\agi\common\pyagcore\install\dependencythread.pyc
c:\program files\agi\common\pyagcore\install\installers\__init__.pyc
c:\program files\agi\common\pyagcore\install\installers\AGCal.pyc
c:\program files\agi\common\pyagcore\install\installers\AGToolbar.pyc
c:\program files\agi\common\pyagcore\install\installers\AGToolbarFF.pyc
c:\program files\agi\common\pyagcore\install\installers\KiweeToolbar.pyc
c:\program files\agi\common\pyagcore\install\installers\WebshotsDesktop.pyc
c:\program files\agi\common\pyagcore\install\installers\WebshotsToolbar.pyc
c:\program files\agi\common\pyagcore\install\installutil.pyc
c:\program files\agi\common\pyagcore\install\pythonchecker.pyc
c:\program files\agi\common\pyagcore\install\windows.pyc
c:\program files\agi\common\pyagcore\installer.pyc
c:\program files\agi\common\pyagcore\lilw\__init__.pyc
c:\program files\agi\common\pyagcore\lilw\AGCoreLib.pyc
c:\program files\agi\common\pyagcore\lilw\lilw.tlb
c:\program files\agi\common\pyagcore\lilw\lilwconfig.pyc
c:\program files\agi\common\pyagcore\lilw\lilwsearchdetection.pyc
c:\program files\agi\common\pyagcore\lilw\lilwsearchhook.pyc
c:\program files\agi\common\pyagcore\logwrangler.pyc
c:\program files\agi\common\pyagcore\msiecookiejar.pyc
c:\program files\agi\common\pyagcore\process\__init__.pyc
c:\program files\agi\common\pyagcore\process\winprocess.pyc
c:\program files\agi\common\pyagcore\protection\__init__.pyc
c:\program files\agi\common\pyagcore\protection\agimonitor.pyc
c:\program files\agi\common\pyagcore\protection\monitor.pyc
c:\program files\agi\common\pyagcore\protection\protection.pyc
c:\program files\agi\common\pyagcore\regspy.pyc
c:\program files\agi\common\pyagcore\regutil.pyc
c:\program files\agi\common\pyagcore\search\__init__.pyc
c:\program files\agi\common\pyagcore\search\algorithm\__init__.pyc
c:\program files\agi\common\pyagcore\search\iesearchprotection.pyc
c:\program files\agi\common\pyagcore\search\provider\__init__.pyc
c:\program files\agi\common\pyagcore\search\provider\MSN.pyc
c:\program files\agi\common\pyagcore\search\searchdetection.pyc
c:\program files\agi\common\pyagcore\search\searchgenerator.pyc
c:\program files\agi\common\pyagcore\search\searchprotection.pyc
c:\program files\agi\common\pyagcore\search\urlprotect.pyc
c:\program files\agi\common\pyagcore\setenv.pyc
c:\program files\agi\common\pyagcore\uiutil.pyc
c:\program files\agi\common\pyagcore\updateui.pyc
c:\program files\agi\common\pyagcore\urlutil.pyc
c:\program files\agi\common\pyagcore\versionnumber.pyc
c:\program files\agi\common\pythoncom.py
c:\program files\agi\common\pythoncom.pyc
c:\program files\agi\common\validate.py
c:\program files\agi\common\win32\_win32sysloader.pyd
c:\program files\agi\common\win32\_winxptheme.pyd
c:\program files\agi\common\win32\dbi.pyd
c:\program files\agi\common\win32\lib\afxres.py
c:\program files\agi\common\win32\lib\commctrl.py
c:\program files\agi\common\win32\lib\mmsystem.py
c:\program files\agi\common\win32\lib\netbios.py
c:\program files\agi\common\win32\lib\ntsecuritycon.py
c:\program files\agi\common\win32\lib\ntsecuritycon.pyc
c:\program files\agi\common\win32\lib\pywintypes.py
c:\program files\agi\common\win32\lib\pywintypes.pyc
c:\program files\agi\common\win32\lib\rasutil.py
c:\program files\agi\common\win32\lib\regcheck.py
c:\program files\agi\common\win32\lib\regutil.py
c:\program files\agi\common\win32\lib\sspi.py
c:\program files\agi\common\win32\lib\sspicon.py
c:\program files\agi\common\win32\lib\win32con.py
c:\program files\agi\common\win32\lib\win32con.pyc
c:\program files\agi\common\win32\lib\win32cryptcon.py
c:\program files\agi\common\win32\lib\win32evtlogutil.py
c:\program files\agi\common\win32\lib\win32gui_struct.py
c:\program files\agi\common\win32\lib\win32inetcon.py
c:\program files\agi\common\win32\lib\win32netcon.py
c:\program files\agi\common\win32\lib\win32pdhquery.py
c:\program files\agi\common\win32\lib\win32pdhutil.py
c:\program files\agi\common\win32\lib\win32pdhutil.pyc
c:\program files\agi\common\win32\lib\win32rcparser.py
c:\program files\agi\common\win32\lib\win32serviceutil.py
c:\program files\agi\common\win32\lib\win32serviceutil.pyc
c:\program files\agi\common\win32\lib\win32timezone.py
c:\program files\agi\common\win32\lib\win32traceutil.py
c:\program files\agi\common\win32\lib\win32verstamp.py
c:\program files\agi\common\win32\lib\winerror.py
c:\program files\agi\common\win32\lib\winerror.pyc
c:\program files\agi\common\win32\lib\winioctlcon.py
c:\program files\agi\common\win32\lib\winnt.py
c:\program files\agi\common\win32\lib\winperf.py
c:\program files\agi\common\win32\lib\winxptheme.py
c:\program files\agi\common\win32\license.txt
c:\program files\agi\common\win32\mmapfile.pyd
c:\program files\agi\common\win32\odbc.pyd
c:\program files\agi\common\win32\perfmon.pyd
c:\program files\agi\common\win32\perfmondata.dll
c:\program files\agi\common\win32\pythonservice.exe
c:\program files\agi\common\win32\scripts\backupEventLog.py
c:\program files\agi\common\win32\scripts\ControlService.py
c:\program files\agi\common\win32\scripts\killProcName.py
c:\program files\agi\common\win32\scripts\rasutil.py
c:\program files\agi\common\win32\scripts\regsetup.py
c:\program files\agi\common\win32\scripts\setup_d.py
c:\program files\agi\common\win32\servicemanager.pyd
c:\program files\agi\common\win32\timer.pyd
c:\program files\agi\common\win32\win2kras.pyd
c:\program files\agi\common\win32\win32api.pyd
c:\program files\agi\common\win32\win32clipboard.pyd
c:\program files\agi\common\win32\win32console.pyd
c:\program files\agi\common\win32\win32cred.pyd
c:\program files\agi\common\win32\win32crypt.pyd
c:\program files\agi\common\win32\win32event.pyd
c:\program files\agi\common\win32\win32evtlog.pyd
c:\program files\agi\common\win32\win32file.pyd
c:\program files\agi\common\win32\win32gui.pyd
c:\program files\agi\common\win32\win32help.pyd
c:\program files\agi\common\win32\win32inet.pyd
c:\program files\agi\common\win32\win32job.pyd
c:\program files\agi\common\win32\win32lz.pyd
c:\program files\agi\common\win32\win32net.pyd
c:\program files\agi\common\win32\win32pdh.pyd
c:\program files\agi\common\win32\win32pipe.pyd
c:\program files\agi\common\win32\win32popenWin9x.exe
c:\program files\agi\common\win32\win32print.pyd
c:\program files\agi\common\win32\win32process.pyd
c:\program files\agi\common\win32\win32profile.pyd
c:\program files\agi\common\win32\win32ras.pyd
c:\program files\agi\common\win32\win32security.pyd
c:\program files\agi\common\win32\win32service.pyd
c:\program files\agi\common\win32\win32trace.pyd
c:\program files\agi\common\win32\win32transaction.pyd
c:\program files\agi\common\win32\win32ts.pyd
c:\program files\agi\common\win32\win32wnet.pyd
c:\program files\agi\common\win32\winxpgui.pyd
c:\program files\agi\common\win32com\__init__.py
c:\program files\agi\common\win32com\__init__.pyc
c:\program files\agi\common\win32com\client\__init__.py
c:\program files\agi\common\win32com\client\build.py
c:\program files\agi\common\win32com\client\CLSIDToClass.py
c:\program files\agi\common\win32com\client\combrowse.py
c:\program files\agi\common\win32com\client\connect.py
c:\program files\agi\common\win32com\client\dynamic.py
c:\program files\agi\common\win32com\client\gencache.py
c:\program files\agi\common\win32com\client\genpy.py
c:\program files\agi\common\win32com\client\makepy.py
c:\program files\agi\common\win32com\client\selecttlb.py
c:\program files\agi\common\win32com\client\tlbrowse.py
c:\program files\agi\common\win32com\client\util.py
c:\program files\agi\common\win32com\decimal_23.py
c:\program files\agi\common\win32com\License.txt
c:\program files\agi\common\win32com\olectl.py
c:\program files\agi\common\win32com\readme.htm
c:\program files\agi\common\win32com\server\__init__.py
c:\program files\agi\common\win32com\server\connect.py
c:\program files\agi\common\win32com\server\dispatcher.py
c:\program files\agi\common\win32com\server\exception.py
c:\program files\agi\common\win32com\server\factory.py
c:\program files\agi\common\win32com\server\localserver.py
c:\program files\agi\common\win32com\server\policy.py
c:\program files\agi\common\win32com\server\register.py
c:\program files\agi\common\win32com\server\util.py
c:\program files\agi\common\win32com\storagecon.py
c:\program files\agi\common\win32com\universal.py
c:\program files\agi\common\win32com\util.py
c:\program files\agi\common\win32comext\adsi\__init__.py
c:\program files\agi\common\win32comext\adsi\adsi.pyd
c:\program files\agi\common\win32comext\adsi\adsicon.py
c:\program files\agi\common\win32comext\authorization\__init__.py
c:\program files\agi\common\win32comext\authorization\authorization.pyd
c:\program files\agi\common\win32comext\axcontrol\__init__.py
c:\program files\agi\common\win32comext\axcontrol\axcontrol.pyd
c:\program files\agi\common\win32comext\shell\__init__.py
c:\program files\agi\common\win32comext\shell\__init__.pyc
c:\program files\agi\common\win32comext\shell\shell.pyd
c:\program files\agi\common\win32comext\shell\shellcon.py
c:\program files\agi\common\win32comext\shell\shellcon.pyc
c:\program files\agi\common\windows.zip
c:\program files\agi\Python25\DLLs\_ctypes.pyd
c:\program files\agi\Python25\DLLs\_ctypes_test.pyd
c:\program files\agi\Python25\DLLs\_elementtree.pyd
c:\program files\agi\Python25\DLLs\_hashlib.pyd
c:\program files\agi\Python25\DLLs\_msi.pyd
c:\program files\agi\Python25\DLLs\_socket.pyd
c:\program files\agi\Python25\DLLs\_ssl.pyd
c:\program files\agi\Python25\DLLs\bz2.pyd
c:\program files\agi\Python25\DLLs\py.ico
c:\program files\agi\Python25\DLLs\pyc.ico
c:\program files\agi\Python25\DLLs\pyexpat.pyd
c:\program files\agi\Python25\DLLs\select.pyd
c:\program files\agi\Python25\DLLs\unicodedata.pyd
c:\program files\agi\Python25\DLLs\winsound.pyd
c:\program files\agi\Python25\Lib\__future__.py
c:\program files\agi\Python25\Lib\__future__.pyc
c:\program files\agi\Python25\Lib\__phello__.foo.py
c:\program files\agi\Python25\Lib\_LWPCookieJar.py
c:\program files\agi\Python25\Lib\_MozillaCookieJar.py
c:\program files\agi\Python25\Lib\_strptime.py
c:\program files\agi\Python25\Lib\_threading_local.py
c:\program files\agi\Python25\Lib\aifc.py
c:\program files\agi\Python25\Lib\anydbm.py
c:\program files\agi\Python25\Lib\asynchat.py
c:\program files\agi\Python25\Lib\asyncore.py
c:\program files\agi\Python25\Lib\atexit.py
c:\program files\agi\Python25\Lib\atexit.pyc
c:\program files\agi\Python25\Lib\audiodev.py
c:\program files\agi\Python25\Lib\base64.py
c:\program files\agi\Python25\Lib\base64.pyc
c:\program files\agi\Python25\Lib\BaseHTTPServer.py
c:\program files\agi\Python25\Lib\Bastion.py
c:\program files\agi\Python25\Lib\bdb.py
c:\program files\agi\Python25\Lib\binhex.py
c:\program files\agi\Python25\Lib\bisect.py
c:\program files\agi\Python25\Lib\bisect.pyc
c:\program files\agi\Python25\Lib\calendar.py
c:\program files\agi\Python25\Lib\calendar.pyc
c:\program files\agi\Python25\Lib\cgi.py
c:\program files\agi\Python25\Lib\cgi.pyc
c:\program files\agi\Python25\Lib\CGIHTTPServer.py
c:\program files\agi\Python25\Lib\cgitb.py
c:\program files\agi\Python25\Lib\chunk.py
c:\program files\agi\Python25\Lib\cmd.py
c:\program files\agi\Python25\Lib\code.py
c:\program files\agi\Python25\Lib\codecs.py
c:\program files\agi\Python25\Lib\codecs.pyc
c:\program files\agi\Python25\Lib\codeop.py
c:\program files\agi\Python25\Lib\colorsys.py
c:\program files\agi\Python25\Lib\commands.py
c:\program files\agi\Python25\Lib\compileall.py
c:\program files\agi\Python25\Lib\compiler\__init__.py
c:\program files\agi\Python25\Lib\compiler\__init__.pyc
c:\program files\agi\Python25\Lib\compiler\ast.py
c:\program files\agi\Python25\Lib\compiler\ast.pyc
c:\program files\agi\Python25\Lib\compiler\consts.py
c:\program files\agi\Python25\Lib\compiler\consts.pyc
c:\program files\agi\Python25\Lib\compiler\future.py
c:\program files\agi\Python25\Lib\compiler\future.pyc
c:\program files\agi\Python25\Lib\compiler\misc.py
c:\program files\agi\Python25\Lib\compiler\misc.pyc
c:\program files\agi\Python25\Lib\compiler\pyassem.py
c:\program files\agi\Python25\Lib\compiler\pyassem.pyc
c:\program files\agi\Python25\Lib\compiler\pycodegen.py
c:\program files\agi\Python25\Lib\compiler\pycodegen.pyc
c:\program files\agi\Python25\Lib\compiler\symbols.py
c:\program files\agi\Python25\Lib\compiler\symbols.pyc
c:\program files\agi\Python25\Lib\compiler\syntax.py
c:\program files\agi\Python25\Lib\compiler\syntax.pyc
c:\program files\agi\Python25\Lib\compiler\transformer.py
c:\program files\agi\Python25\Lib\compiler\transformer.pyc
c:\program files\agi\Python25\Lib\compiler\visitor.py
c:\program files\agi\Python25\Lib\compiler\visitor.pyc
c:\program files\agi\Python25\Lib\ConfigParser.py
c:\program files\agi\Python25\Lib\contextlib.py
c:\program files\agi\Python25\Lib\Cookie.py
c:\program files\agi\Python25\Lib\cookielib.py
c:\program files\agi\Python25\Lib\copy.py
c:\program files\agi\Python25\Lib\copy.pyc
c:\program files\agi\Python25\Lib\copy_reg.py
c:\program files\agi\Python25\Lib\copy_reg.pyc
c:\program files\agi\Python25\Lib\cProfile.py
c:\program files\agi\Python25\Lib\csv.py
c:\program files\agi\Python25\Lib\ctypes\__init__.py
c:\program files\agi\Python25\Lib\ctypes\__init__.pyc
c:\program files\agi\Python25\Lib\ctypes\_endian.py
c:\program files\agi\Python25\Lib\ctypes\_endian.pyc
c:\program files\agi\Python25\Lib\ctypes\util.py
c:\program files\agi\Python25\Lib\ctypes\util.pyc
c:\program files\agi\Python25\Lib\ctypes\wintypes.py
c:\program files\agi\Python25\Lib\ctypes\wintypes.pyc
c:\program files\agi\Python25\Lib\dbhash.py
c:\program files\agi\Python25\Lib\decimal.py
c:\program files\agi\Python25\Lib\decimal.pyc
c:\program files\agi\Python25\Lib\difflib.py
c:\program files\agi\Python25\Lib\dircache.py
c:\program files\agi\Python25\Lib\dis.py
c:\program files\agi\Python25\Lib\dis.pyc
c:\program files\agi\Python25\Lib\doctest.py
c:\program files\agi\Python25\Lib\DocXMLRPCServer.py
c:\program files\agi\Python25\Lib\dumbdbm.py
c:\program files\agi\Python25\Lib\dummy_thread.py
c:\program files\agi\Python25\Lib\dummy_threading.py
c:\program files\agi\Python25\Lib\email\__init__.py
c:\program files\agi\Python25\Lib\email\_parseaddr.py
c:\program files\agi\Python25\Lib\email\base64mime.py
c:\program files\agi\Python25\Lib\email\charset.py
c:\program files\agi\Python25\Lib\email\encoders.py
c:\program files\agi\Python25\Lib\email\errors.py
c:\program files\agi\Python25\Lib\email\feedparser.py
c:\program files\agi\Python25\Lib\email\generator.py
c:\program files\agi\Python25\Lib\email\header.py
c:\program files\agi\Python25\Lib\email\iterators.py
c:\program files\agi\Python25\Lib\email\message.py
c:\program files\agi\Python25\Lib\email\mime\__init__.py
c:\program files\agi\Python25\Lib\email\mime\application.py
c:\program files\agi\Python25\Lib\email\mime\audio.py
c:\program files\agi\Python25\Lib\email\mime\base.py
c:\program files\agi\Python25\Lib\email\mime\image.py
c:\program files\agi\Python25\Lib\email\mime\message.py
c:\program files\agi\Python25\Lib\email\mime\multipart.py
c:\program files\agi\Python25\Lib\email\mime\nonmultipart.py
c:\program files\agi\Python25\Lib\email\mime\text.py
c:\program files\agi\Python25\Lib\email\parser.py
c:\program files\agi\Python25\Lib\email\quoprimime.py
c:\program files\agi\Python25\Lib\email\utils.py
c:\program files\agi\Python25\Lib\encodings\__init__.py
c:\program files\agi\Python25\Lib\encodings\__init__.pyc
c:\program files\agi\Python25\Lib\encodings\aliases.py
c:\program files\agi\Python25\Lib\encodings\aliases.pyc
c:\program files\agi\Python25\Lib\encodings\ascii.py
c:\program files\agi\Python25\Lib\encodings\ascii.pyc
c:\program files\agi\Python25\Lib\encodings\base64_codec.py
c:\program files\agi\Python25\Lib\encodings\big5.py
c:\program files\agi\Python25\Lib\encodings\big5hkscs.py
c:\program files\agi\Python25\Lib\encodings\bz2_codec.py
c:\program files\agi\Python25\Lib\encodings\charmap.py
c:\program files\agi\Python25\Lib\encodings\cp037.py
c:\program files\agi\Python25\Lib\encodings\cp1006.py
c:\program files\agi\Python25\Lib\encodings\cp1026.py
c:\program files\agi\Python25\Lib\encodings\cp1140.py
c:\program files\agi\Python25\Lib\encodings\cp1250.py
c:\program files\agi\Python25\Lib\encodings\cp1251.py
c:\program files\agi\Python25\Lib\encodings\cp1252.py
c:\program files\agi\Python25\Lib\encodings\cp1252.pyc
c:\program files\agi\Python25\Lib\encodings\cp1253.py
c:\program files\agi\Python25\Lib\encodings\cp1254.py
c:\program files\agi\Python25\Lib\encodings\cp1255.py
c:\program files\agi\Python25\Lib\encodings\cp1256.py
c:\program files\agi\Python25\Lib\encodings\cp1257.py
c:\program files\agi\Python25\Lib\encodings\cp1258.py
c:\program files\agi\Python25\Lib\encodings\cp424.py
c:\program files\agi\Python25\Lib\encodings\cp437.py
c:\program files\agi\Python25\Lib\encodings\cp500.py
c:\program files\agi\Python25\Lib\encodings\cp737.py
c:\program files\agi\Python25\Lib\encodings\cp775.py
c:\program files\agi\Python25\Lib\encodings\cp850.py
c:\program files\agi\Python25\Lib\encodings\cp852.py
c:\program files\agi\Python25\Lib\encodings\cp855.py
c:\program files\agi\Python25\Lib\encodings\cp856.py
c:\program files\agi\Python25\Lib\encodings\cp857.py
c:\program files\agi\Python25\Lib\encodings\cp860.py
c:\program files\agi\Python25\Lib\encodings\cp861.py
c:\program files\agi\Python25\Lib\encodings\cp862.py
c:\program files\agi\Python25\Lib\encodings\cp863.py
c:\program files\agi\Python25\Lib\encodings\cp864.py
c:\program files\agi\Python25\Lib\encodings\cp865.py
c:\program files\agi\Python25\Lib\encodings\cp866.py
c:\program files\agi\Python25\Lib\encodings\cp869.py
c:\program files\agi\Python25\Lib\encodings\cp874.py
c:\program files\agi\Python25\Lib\encodings\cp875.py
c:\program files\agi\Python25\Lib\encodings\cp932.py
c:\program files\agi\Python25\Lib\encodings\cp949.py
c:\program files\agi\Python25\Lib\encodings\cp950.py
c:\program files\agi\Python25\Lib\encodings\euc_jis_2004.py
c:\program files\agi\Python25\Lib\encodings\euc_jisx0213.py
c:\program files\agi\Python25\Lib\encodings\euc_jp.py
c:\program files\agi\Python25\Lib\encodings\euc_kr.py
c:\program files\agi\Python25\Lib\encodings\gb18030.py
c:\program files\agi\Python25\Lib\encodings\gb2312.py
c:\program files\agi\Python25\Lib\encodings\gbk.py
c:\program files\agi\Python25\Lib\encodings\hex_codec.py
c:\program files\agi\Python25\Lib\encodings\hp_roman8.py
c:\program files\agi\Python25\Lib\encodings\hz.py
c:\program files\agi\Python25\Lib\encodings\idna.py
c:\program files\agi\Python25\Lib\encodings\iso2022_jp.py
c:\program files\agi\Python25\Lib\encodings\iso2022_jp_1.py
c:\program files\agi\Python25\Lib\encodings\iso2022_jp_2.py
c:\program files\agi\Python25\Lib\encodings\iso2022_jp_2004.py
c:\program files\agi\Python25\Lib\encodings\iso2022_jp_3.py
c:\program files\agi\Python25\Lib\encodings\iso2022_jp_ext.py
c:\program files\agi\Python25\Lib\encodings\iso2022_kr.py
c:\program files\agi\Python25\Lib\encodings\iso8859_1.py
c:\program files\agi\Python25\Lib\encodings\iso8859_10.py
c:\program files\agi\Python25\Lib\encodings\iso8859_11.py
c:\program files\agi\Python25\Lib\encodings\iso8859_13.py
c:\program files\agi\Python25\Lib\encodings\iso8859_14.py
c:\program files\agi\Python25\Lib\encodings\iso8859_15.py
c:\program files\agi\Python25\Lib\encodings\iso8859_16.py
c:\program files\agi\Python25\Lib\encodings\iso8859_2.py
c:\program files\agi\Python25\Lib\encodings\iso8859_3.py
c:\program files\agi\Python25\Lib\encodings\iso8859_4.py
c:\program files\agi\Python25\Lib\encodings\iso8859_5.py
c:\program files\agi\Python25\Lib\encodings\iso8859_6.py
c:\program files\agi\Python25\Lib\encodings\iso8859_7.py
c:\program files\agi\Python25\Lib\encodings\iso8859_8.py
c:\program files\agi\Python25\Lib\encodings\iso8859_9.py
c:\program files\agi\Python25\Lib\encodings\johab.py
c:\program files\agi\Python25\Lib\encodings\koi8_r.py
c:\program files\agi\Python25\Lib\encodings\koi8_u.py
c:\program files\agi\Python25\Lib\encodings\latin_1.py
c:\program files\agi\Python25\Lib\encodings\mac_arabic.py
c:\program files\agi\Python25\Lib\encodings\mac_centeuro.py
c:\program files\agi\Python25\Lib\encodings\mac_croatian.py
c:\program files\agi\Python25\Lib\encodings\mac_cyrillic.py
c:\program files\agi\Python25\Lib\encodings\mac_farsi.py
c:\program files\agi\Python25\Lib\encodings\mac_greek.py
c:\program files\agi\Python25\Lib\encodings\mac_iceland.py
c:\program files\agi\Python25\Lib\encodings\mac_latin2.py
c:\program files\agi\Python25\Lib\encodings\mac_roman.py
c:\program files\agi\Python25\Lib\encodings\mac_romanian.py
c:\program files\agi\Python25\Lib\encodings\mac_turkish.py
c:\program files\agi\Python25\Lib\encodings\mbcs.py
c:\program files\agi\Python25\Lib\encodings\palmos.py
c:\program files\agi\Python25\Lib\encodings\ptcp154.py
c:\program files\agi\Python25\Lib\encodings\punycode.py
c:\program files\agi\Python25\Lib\encodings\quopri_codec.py
c:\program files\agi\Python25\Lib\encodings\raw_unicode_escape.py
c:\program files\agi\Python25\Lib\encodings\rot_13.py
c:\program files\agi\Python25\Lib\encodings\shift_jis.py
c:\program files\agi\Python25\Lib\encodings\shift_jis_2004.py
c:\program files\agi\Python25\Lib\encodings\shift_jisx0213.py
c:\program files\agi\Python25\Lib\encodings\string_escape.py
c:\program files\agi\Python25\Lib\encodings\string_escape.pyc
c:\program files\agi\Python25\Lib\encodings\tis_620.py
c:\program files\agi\Python25\Lib\encodings\undefined.py
c:\program files\agi\Python25\Lib\encodings\unicode_escape.py
c:\program files\agi\Python25\Lib\encodings\unicode_internal.py
c:\program files\agi\Python25\Lib\encodings\utf_16.py
c:\program files\agi\Python25\Lib\encodings\utf_16_be.py
c:\program files\agi\Python25\Lib\encodings\utf_16_le.py
c:\program files\agi\Python25\Lib\encodings\utf_7.py
c:\program files\agi\Python25\Lib\encodings\utf_8.py
c:\program files\agi\Python25\Lib\encodings\utf_8.pyc
c:\program files\agi\Python25\Lib\encodings\utf_8_sig.py
c:\program files\agi\Python25\Lib\encodings\uu_codec.py
c:\program files\agi\Python25\Lib\encodings\zlib_codec.py
c:\program files\agi\Python25\Lib\filecmp.py
c:\program files\agi\Python25\Lib\fileinput.py
c:\program files\agi\Python25\Lib\fnmatch.py
c:\program files\agi\Python25\Lib\fnmatch.pyc
c:\program files\agi\Python25\Lib\formatter.py
c:\program files\agi\Python25\Lib\fpformat.py
c:\program files\agi\Python25\Lib\ftplib.py
c:\program files\agi\Python25\Lib\functools.py
c:\program files\agi\Python25\Lib\getopt.py
c:\program files\agi\Python25\Lib\getpass.py
c:\program files\agi\Python25\Lib\gettext.py
c:\program files\agi\Python25\Lib\gettext.pyc
c:\program files\agi\Python25\Lib\glob.py
c:\program files\agi\Python25\Lib\glob.pyc
c:\program files\agi\Python25\Lib\gopherlib.py
c:\program files\agi\Python25\Lib\gzip.py
c:\program files\agi\Python25\Lib\gzip.pyc
c:\program files\agi\Python25\Lib\hashlib.py
c:\program files\agi\Python25\Lib\hashlib.pyc
c:\program files\agi\Python25\Lib\heapq.py
c:\program files\agi\Python25\Lib\hmac.py
c:\program files\agi\Python25\Lib\hotshot\__init__.py
c:\program files\agi\Python25\Lib\hotshot\log.py
c:\program files\agi\Python25\Lib\hotshot\stats.py
c:\program files\agi\Python25\Lib\hotshot\stones.py
c:\program files\agi\Python25\Lib\htmlentitydefs.py
c:\program files\agi\Python25\Lib\htmllib.py
c:\program files\agi\Python25\Lib\HTMLParser.py
c:\program files\agi\Python25\Lib\httplib.py
c:\program files\agi\Python25\Lib\httplib.pyc
c:\program files\agi\Python25\Lib\ihooks.py
c:\program files\agi\Python25\Lib\imaplib.py
c:\program files\agi\Python25\Lib\imghdr.py
c:\program files\agi\Python25\Lib\imputil.py
c:\program files\agi\Python25\Lib\inspect.py
c:\program files\agi\Python25\Lib\keyword.py
c:\program files\agi\Python25\Lib\linecache.py
c:\program files\agi\Python25\Lib\linecache.pyc
c:\program files\agi\Python25\Lib\locale.py
c:\program files\agi\Python25\Lib\locale.pyc
c:\program files\agi\Python25\Lib\logging\__init__.py
c:\program files\agi\Python25\Lib\logging\__init__.pyc
c:\program files\agi\Python25\Lib\logging\config.py
c:\program files\agi\Python25\Lib\logging\handlers.py
c:\program files\agi\Python25\Lib\logging\handlers.pyc
c:\program files\agi\Python25\Lib\macpath.py
c:\program files\agi\Python25\Lib\macurl2path.py
c:\program files\agi\Python25\Lib\mailbox.py
c:\program files\agi\Python25\Lib\mailcap.py
c:\program files\agi\Python25\Lib\markupbase.py
c:\program files\agi\Python25\Lib\md5.py
c:\program files\agi\Python25\Lib\mhlib.py
c:\program files\agi\Python25\Lib\mimetools.py
c:\program files\agi\Python25\Lib\mimetools.pyc
c:\program files\agi\Python25\Lib\mimetypes.py
c:\program files\agi\Python25\Lib\MimeWriter.py
c:\program files\agi\Python25\Lib\mimify.py
c:\program files\agi\Python25\Lib\modulefinder.py
c:\program files\agi\Python25\Lib\multifile.py
c:\program files\agi\Python25\Lib\mutex.py
c:\program files\agi\Python25\Lib\netrc.py
c:\program files\agi\Python25\Lib\new.py
c:\program files\agi\Python25\Lib\new.pyc
c:\program files\agi\Python25\Lib\nntplib.py
c:\program files\agi\Python25\Lib\ntpath.py
c:\program files\agi\Python25\Lib\ntpath.pyc
c:\program files\agi\Python25\Lib\nturl2path.py
c:\program files\agi\Python25\Lib\nturl2path.pyc
c:\program files\agi\Python25\Lib\opcode.py
c:\program files\agi\Python25\Lib\opcode.pyc
c:\program files\agi\Python25\Lib\optparse.py
c:\program files\agi\Python25\Lib\optparse.pyc
c:\program files\agi\Python25\Lib\os.py
c:\program files\agi\Python25\Lib\os.pyc
c:\program files\agi\Python25\Lib\os2emxpath.py
c:\program files\agi\Python25\Lib\pdb.py
c:\program files\agi\Python25\Lib\pickle.py
c:\program files\agi\Python25\Lib\pickle.pyc
c:\program files\agi\Python25\Lib\pickletools.py
c:\program files\agi\Python25\Lib\pipes.py
c:\program files\agi\Python25\Lib\pkgutil.py
c:\program files\agi\Python25\Lib\platform.py
c:\program files\agi\Python25\Lib\popen2.py
c:\program files\agi\Python25\Lib\poplib.py
c:\program files\agi\Python25\Lib\posixfile.py
c:\program files\agi\Python25\Lib\posixpath.py
c:\program files\agi\Python25\Lib\posixpath.pyc
c:\program files\agi\Python25\Lib\pprint.py
c:\program files\agi\Python25\Lib\profile.py
c:\program files\agi\Python25\Lib\pstats.py
c:\program files\agi\Python25\Lib\pty.py
c:\program files\agi\Python25\Lib\py_compile.py
c:\program files\agi\Python25\Lib\pyclbr.py
c:\program files\agi\Python25\Lib\pydoc.py
c:\program files\agi\Python25\Lib\Queue.py
c:\program files\agi\Python25\Lib\Queue.pyc
c:\program files\agi\Python25\Lib\quopri.py
c:\program files\agi\Python25\Lib\random.py
c:\program files\agi\Python25\Lib\random.pyc
c:\program files\agi\Python25\Lib\re.py
c:\program files\agi\Python25\Lib\re.pyc
c:\program files\agi\Python25\Lib\repr.py
c:\program files\agi\Python25\Lib\rexec.py
c:\program files\agi\Python25\Lib\rfc822.py
c:\program files\agi\Python25\Lib\rfc822.pyc
c:\program files\agi\Python25\Lib\rlcompleter.py
c:\program files\agi\Python25\Lib\robotparser.py
c:\program files\agi\Python25\Lib\runpy.py
c:\program files\agi\Python25\Lib\sched.py
c:\program files\agi\Python25\Lib\sets.py
c:\program files\agi\Python25\Lib\sgmllib.py
c:\program files\agi\Python25\Lib\sha.py
c:\program files\agi\Python25\Lib\shelve.py
c:\program files\agi\Python25\Lib\shlex.py
c:\program files\agi\Python25\Lib\shutil.py
c:\program files\agi\Python25\Lib\shutil.pyc
c:\program files\agi\Python25\Lib\SimpleHTTPServer.py
c:\program files\agi\Python25\Lib\SimpleXMLRPCServer.py
c:\program files\agi\Python25\Lib\site.py
c:\program files\agi\Python25\Lib\site.pyc
c:\program files\agi\Python25\Lib\smtpd.py
c:\program files\agi\Python25\Lib\smtplib.py
c:\program files\agi\Python25\Lib\sndhdr.py
c:\program files\agi\Python25\Lib\socket.py
c:\program files\agi\Python25\Lib\socket.pyc
c:\program files\agi\Python25\Lib\SocketServer.py
c:\program files\agi\Python25\Lib\sre.py
c:\program files\agi\Python25\Lib\sre_compile.py
c:\program files\agi\Python25\Lib\sre_compile.pyc
c:\program files\agi\Python25\Lib\sre_constants.py
c:\program files\agi\Python25\Lib\sre_constants.pyc
c:\program files\agi\Python25\Lib\sre_parse.py
c:\program files\agi\Python25\Lib\sre_parse.pyc
c:\program files\agi\Python25\Lib\stat.py
c:\program files\agi\Python25\Lib\stat.pyc
c:\program files\agi\Python25\Lib\statvfs.py
c:\program files\agi\Python25\Lib\string.py
c:\program files\agi\Python25\Lib\string.pyc
c:\program files\agi\Python25\Lib\StringIO.py
c:\program files\agi\Python25\Lib\StringIO.pyc
c:\program files\agi\Python25\Lib\stringold.py
c:\program files\agi\Python25\Lib\stringprep.py
c:\program files\agi\Python25\Lib\struct.py
c:\program files\agi\Python25\Lib\struct.pyc
c:\program files\agi\Python25\Lib\subprocess.py
c:\program files\agi\Python25\Lib\subprocess.pyc
c:\program files\agi\Python25\Lib\sunau.py
c:\program files\agi\Python25\Lib\sunaudio.py
c:\program files\agi\Python25\Lib\symbol.py
c:\program files\agi\Python25\Lib\symbol.pyc
c:\program files\agi\Python25\Lib\symtable.py
c:\program files\agi\Python25\Lib\tabnanny.py
c:\program files\agi\Python25\Lib\tarfile.py
c:\program files\agi\Python25\Lib\telnetlib.py
c:\program files\agi\Python25\Lib\tempfile.py
c:\program files\agi\Python25\Lib\tempfile.pyc
c:\program files\agi\Python25\Lib\textwrap.py
c:\program files\agi\Python25\Lib\textwrap.pyc
c:\program files\agi\Python25\Lib\this.py
c:\program files\agi\Python25\Lib\threading.py
c:\program files\agi\Python25\Lib\threading.pyc
c:\program files\agi\Python25\Lib\timeit.py
c:\program files\agi\Python25\Lib\toaiff.py
c:\program files\agi\Python25\Lib\token.py
c:\program files\agi\Python25\Lib\token.pyc
c:\program files\agi\Python25\Lib\tokenize.py
c:\program files\agi\Python25\Lib\trace.py
c:\program files\agi\Python25\Lib\traceback.py
c:\program files\agi\Python25\Lib\traceback.pyc
c:\program files\agi\Python25\Lib\tty.py
c:\program files\agi\Python25\Lib\types.py
c:\program files\agi\Python25\Lib\types.pyc
c:\program files\agi\Python25\Lib\unittest.py
c:\program files\agi\Python25\Lib\urllib.py
c:\program files\agi\Python25\Lib\urllib.pyc
c:\program files\agi\Python25\Lib\urllib2.py
c:\program files\agi\Python25\Lib\urllib2.pyc
c:\program files\agi\Python25\Lib\urlparse.py
c:\program files\agi\Python25\Lib\urlparse.pyc
c:\program files\agi\Python25\Lib\user.py
c:\program files\agi\Python25\Lib\UserDict.py
c:\program files\agi\Python25\Lib\UserDict.pyc
c:\program files\agi\Python25\Lib\UserList.py
c:\program files\agi\Python25\Lib\UserString.py
c:\program files\agi\Python25\Lib\uu.py
c:\program files\agi\Python25\Lib\uuid.py
c:\program files\agi\Python25\Lib\uuid.pyc
c:\program files\agi\Python25\Lib\warnings.py
c:\program files\agi\Python25\Lib\warnings.pyc
c:\program files\agi\Python25\Lib\wave.py
c:\program files\agi\Python25\Lib\weakref.py
c:\program files\agi\Python25\Lib\weakref.pyc
c:\program files\agi\Python25\Lib\webbrowser.py
c:\program files\agi\Python25\Lib\whichdb.py
c:\program files\agi\Python25\Lib\xdrlib.py
c:\program files\agi\Python25\Lib\xml\__init__.py
c:\program files\agi\Python25\Lib\xml\dom\__init__.py
c:\program files\agi\Python25\Lib\xml\dom\domreg.py
c:\program files\agi\Python25\Lib\xml\dom\expatbuilder.py
c:\program files\agi\Python25\Lib\xml\dom\minicompat.py
c:\program files\agi\Python25\Lib\xml\dom\minidom.py
c:\program files\agi\Python25\Lib\xml\dom\NodeFilter.py
c:\program files\agi\Python25\Lib\xml\dom\pulldom.py
c:\program files\agi\Python25\Lib\xml\dom\xmlbuilder.py
c:\program files\agi\Python25\Lib\xml\etree\__init__.py
c:\program files\agi\Python25\Lib\xml\etree\cElementTree.py
c:\program files\agi\Python25\Lib\xml\etree\ElementInclude.py
c:\program files\agi\Python25\Lib\xml\etree\ElementPath.py
c:\program files\agi\Python25\Lib\xml\etree\ElementTree.py
c:\program files\agi\Python25\Lib\xml\parsers\__init__.py
c:\program files\agi\Python25\Lib\xml\parsers\expat.py
c:\program files\agi\Python25\Lib\xml\sax\__init__.py
c:\program files\agi\Python25\Lib\xml\sax\_exceptions.py
c:\program files\agi\Python25\Lib\xml\sax\expatreader.py
c:\program files\agi\Python25\Lib\xml\sax\handler.py
c:\program files\agi\Python25\Lib\xml\sax\saxutils.py
c:\program files\agi\Python25\Lib\xml\sax\xmlreader.py
c:\program files\agi\Python25\Lib\xmllib.py
c:\program files\agi\Python25\Lib\xmlrpclib.py
c:\program files\agi\Python25\Lib\zipfile.py
c:\program files\agi\Python25\Lib\zipfile.pyc
c:\program files\agi\Python25\LICENSE.txt
c:\program files\agi\Python25\python.exe
c:\program files\agi\Python25\pythonw.exe
c:\program files\agi\tmp\installShell.log
c:\program files\agi\tmp\python25.zip
c:\windows\CT4CET.bin
c:\windows\system32\ascbalon.dll
c:\windows\system32\ConTest.dll
c:\windows\system32\LCCoin14.dll
c:\windows\system32\SySAVI2WMV.dat
c:\windows\system32\SysRestore.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AGWINSERVICE
-------\Service_AGWinService


((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

2009-01-05 06:31 . 2009-01-05 06:31 <DIR> d-------- c:\windows\LastGood.Tmp
2009-01-03 15:41 . 2009-01-03 15:41 <DIR> d-------- c:\program files\Ascentive
2009-01-03 15:41 . 2008-08-20 17:44 45,056 --a------ c:\windows\system32\CreateLog.dll
2008-12-31 18:29 . 2008-12-31 18:30 27,265,566 --a------ C:\12302008-232738.wmv
2008-12-31 18:28 . 2008-12-31 18:28 <DIR> d-------- c:\program files\ezvideotools.com
2008-12-31 18:24 . 2008-12-31 18:25 <DIR> d-------- c:\program files\MPEG Converter
2008-12-31 18:24 . 2003-09-23 18:31 794,624 --a------ c:\windows\system32\mpgfiltr.ax
2008-12-31 18:24 . 2003-10-07 22:15 348,160 --a------ c:\windows\system32\axVideoConvert.dll
2008-12-31 18:24 . 2002-07-09 22:42 140,288 --a------ c:\windows\system32\Comdlg32.ocx
2008-12-31 17:33 . 2008-12-31 17:33 76,056 --a------ C:\img2-001.raw
2008-12-30 21:01 . 2008-12-30 21:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\EyePowerGames
2008-12-29 22:23 . 2009-01-02 21:49 <DIR> d-------- c:\documents and settings\jam\Application Data\HPAppData
2008-12-29 20:54 . 2007-04-10 16:46 1,966,696 --a------ c:\windows\system32\drivers\VX3000.sys
2008-12-29 20:54 . 2007-04-10 16:46 709,992 --a------ c:\windows\vVX3000.exe
2008-12-29 20:54 . 2007-04-10 16:46 476,520 --a------ c:\windows\vVX3000.dll
2008-12-29 20:54 . 2007-04-10 16:46 185,704 --a------ c:\windows\system32\cVX3000.dll
2008-12-29 20:54 . 2007-04-10 16:46 111,976 --a------ c:\windows\VX3000.dll
2008-12-29 20:54 . 2007-04-10 16:46 15,498 --a------ c:\windows\VX3000.ini
2008-12-29 20:54 . 2007-04-10 16:46 13,023 --a------ c:\windows\VX3000.src
2008-12-29 20:53 . 2008-12-29 20:54 <DIR> d-------- c:\program files\Microsoft LifeCam
2008-12-29 03:00 . 2008-12-29 03:00 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-28 16:57 . 2008-12-28 16:57 <DIR> d-------- c:\documents and settings\jam\Application Data\HP
2008-12-28 16:48 . 2008-12-28 16:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2008-12-28 16:46 . 2008-12-28 16:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-12-28 16:46 . 2007-11-06 21:10 271,704 -ra------ c:\windows\system32\hpzids01.dll
2008-12-28 16:46 . 2007-12-03 18:57 118,272 --a------ c:\windows\system32\hpz3l5mu.dll
2008-12-28 16:45 . 2007-10-31 05:35 729,088 -ra------ c:\windows\system32\hpwwiax4.dll
2008-12-28 16:45 . 2007-10-31 05:35 593,920 -ra------ c:\windows\system32\hpwtscl3.dll
2008-12-28 16:45 . 2007-01-17 11:37 364,544 -ra------ c:\windows\system32\hppldcoi.dll
2008-12-28 16:45 . 2007-01-17 11:37 309,760 -ra------ c:\windows\system32\difxapi.dll
2008-12-28 16:45 . 2007-01-17 11:31 294,912 -ra------ c:\windows\system32\hpovst11.dll
2008-12-28 16:45 . 2001-08-17 13:53 6,784 --a------ c:\windows\system32\drivers\serscan.sys
2008-12-28 16:45 . 2001-08-17 13:53 6,784 --a------ c:\windows\system32\dllcache\serscan.sys
2008-12-28 16:29 . 2008-12-28 16:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-12-28 16:28 . 2008-12-28 16:28 <DIR> d-------- c:\program files\Hewlett-Packard
2008-12-28 16:28 . 2008-12-28 16:28 <DIR> d-------- c:\program files\Common Files\HP
2008-12-28 16:28 . 2008-12-28 16:28 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2008-12-28 16:28 . 2008-12-28 16:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-12-28 16:25 . 2008-12-28 16:47 178,379 --a------ c:\windows\hpwins20.dat
2008-12-28 16:25 . 2008-01-08 07:42 2,428 -ra------ c:\windows\hpwmdl20.dat
2008-12-28 16:15 . 2008-12-28 16:15 <DIR> d-------- c:\windows\yellowtail+1
2008-12-28 16:15 . 2008-12-28 16:29 <DIR> d-------- c:\program files\HP
2008-12-28 16:15 . 2007-11-06 21:04 1,373,528 -ra------ c:\windows\hpzshl01.exe
2008-12-28 16:15 . 2007-11-06 21:15 1,140,056 -ra------ c:\windows\hpzmsi01.exe
2008-12-28 16:15 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-28 16:15 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys
2008-12-28 16:15 . 2008-01-08 07:44 12,054 -ra------ c:\windows\hpwscr20.dat
2008-12-28 15:31 . 2008-12-28 15:31 0 --a------ c:\windows\ativpsrm.bin
2008-12-28 15:29 . 2008-12-28 15:29 <DIR> d-------- C:\ATI
2008-12-26 17:51 . 2008-12-31 17:37 <DIR> d-------- c:\program files\SplitCam
2008-12-26 17:51 . 2003-05-14 21:07 389,120 --a------ c:\windows\system32\actskn43.ocx
2008-12-26 17:51 . 2008-12-26 17:51 13,824 --a------ c:\windows\system32\drivers\splitcam.sys
2008-12-24 22:11 . 2008-12-30 23:14 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-22 17:25 . 2008-12-22 17:25 <DIR> d-------- c:\program files\innoheim
2008-12-22 17:23 . 2008-12-22 17:23 <DIR> d-------- c:\program files\Common Files\Download Manager
2008-12-21 20:51 . 2008-12-21 20:51 <DIR> d-------- c:\program files\SkypeCap
2008-12-21 20:51 . 2008-12-21 20:51 <DIR> d-------- c:\documents and settings\jam\Application Data\SkypeCap
2008-12-21 16:43 . 2008-12-21 16:43 <DIR> d-------- c:\program files\Common Files\TechSmith Shared
2008-12-18 18:55 . 2008-12-18 18:55 25 --a------ c:\windows\cdplayer.ini
2008-12-16 23:49 . 2008-12-16 23:49 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\agi
2008-12-13 12:11 . 2008-12-13 12:11 <DIR> d-------- c:\program files\Unity
2008-12-12 18:31 . 2008-12-12 18:31 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-12 18:26 . 2008-12-12 18:29 0 --------- c:\program files\jre-6u11-windows-i586-p.exe
2008-12-12 18:25 . 2008-12-12 18:29 <DIR> d-------- c:\documents and settings\jam\.SunDownloadManager
2008-12-12 03:00 . 2008-12-12 03:03 1,393 --a------ c:\windows\imsins.BAK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 00:31 --------- d-----w c:\documents and settings\jam\Application Data\Skype
2009-01-07 23:16 --------- d-----w c:\documents and settings\jam\Application Data\skypePM
2009-01-07 06:14 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-05 11:31 --------- d-----w c:\program files\McAfee
2009-01-03 20:41 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-30 01:35 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-28 21:23 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-28 20:56 --------- d-----w c:\program files\Virtual Earth 3D
2008-12-28 20:11 --------- d-----w c:\program files\Google
2008-12-25 19:51 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-16 04:26 --------- d-----w c:\program files\FlashGet
2008-12-12 23:34 --------- d-----w c:\program files\Java
2008-12-12 23:26 1,230 ----a-w c:\program files\jre-6u11-windows-i586-p.exe.sdm
2008-12-12 23:26 0 ----a-w c:\program files\jre-6u11-windows-i586-p.exe.bak
2008-12-01 22:13 3,452,928 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-12-01 19:51 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-11-30 19:50 --------- d-----w c:\program files\Webshots
2008-11-30 19:50 --------- d-----w c:\documents and settings\LocalService\Application Data\agi
2008-11-30 19:50 --------- d-----w c:\documents and settings\jam\Application Data\Webshots
2008-11-30 19:50 --------- d-----w c:\documents and settings\jam\Application Data\agi
2008-11-30 19:49 --------- d-----w c:\documents and settings\All Users\Application Data\agi
2008-11-29 18:54 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-11-23 01:02 --------- d-----w c:\program files\Common Files\Skype
2008-11-23 01:02 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-22 22:28 --------- d-----w c:\documents and settings\jam\Application Data\Yahoo!
2008-11-22 22:23 --------- d-----w c:\program files\TimeLeft3
2008-11-22 22:23 --------- d-----w c:\program files\Skyworks Interactive
2008-11-22 22:23 --------- d-----w c:\program files\myibay
2008-11-22 22:23 --------- d-----w c:\program files\GeoVid
2008-11-22 22:23 --------- d-----w c:\program files\Bonjour
2008-11-22 22:23 --------- d-----w c:\documents and settings\jam\Application Data\NesterSoft
2008-11-22 22:23 --------- d-----w c:\documents and settings\All Users\Application Data\GeoVid
2008-11-22 22:20 --------- d-----w c:\program files\Skype
2008-11-22 22:20 --------- d-----w c:\program files\Lavasoft(2)
2008-11-22 22:20 --------- d-----w c:\program files\Lavasoft
2008-11-22 22:20 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-22 19:06 --------- d-----w c:\program files\Yahoo!
2008-11-22 18:35 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-10 23:06 --------- d-----w c:\documents and settings\jam\Application Data\.myibay
2008-11-10 23:04 --------- d-----w c:\program files\eBay Auction Sniper and Auto Search
2008-06-24 00:54 61,224 ----a-w c:\documents and settings\jam\GoToAssistDownloadHelper.exe
2008-10-14 16:48 62,872 ----a-w c:\program files\mozilla firefox\plugins\ateccli.dll
2008-10-14 16:48 27,976 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-10-14 16:48 125,848 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-10-14 16:48 98,712 ----a-w c:\program files\mozilla firefox\plugins\ieatgpc.dll
2008-12-20 06:49 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 06:49 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 06:49 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 06:49 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 06:49 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\windows\yellowtail+1 ----

2007-06-08 08:12 477 -ra------ c:\windows\yellowtail+1\scrub2k.ini
2007-05-09 06:07 65536 -ra------ c:\windows\yellowtail+1\scrub2k.exe


((((((((((((((((((((((((((((( snapshot@2009-01-07_17.49.03.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-01-07 19:01:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-07 23:09:58 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-07 19:01:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-07 23:09:58 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-08 00:39:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2a0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-06 50528]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"Eyeball Chat"="c:\progra~1\Eyeball\EYEBAL~1\EyeballChat.exe" [2002-10-11 2863176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"Performance Center"="c:\program files\Ascentive\Performance Center\ApcMain.exe" [2008-08-13 3244032]
"PC SpeedScan Pro"="c:\program files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe" [2008-08-21 2093056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\MAIN\EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-12 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"Auto EPSON Stylus Photo R320 Series on MAIN"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\jam\Start Menu\Programs\Startup\
check-ip-changed.bat [2008-10-15 58]
MEMonitor.lnk - c:\program files\Sprint music manager\MEMonitor.exe [2008-07-30 983040]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-11-30 157000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-09 21:54 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-06-06 11:04 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
--a------ 2004-10-14 09:17 45056 c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2008-06-03 00:35 50528 c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-09-25 09:12 90112 c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 05:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
--------- 2007-07-27 15:43 118784 c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
--a------ 2007-10-11 09:49 465136 c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-08-13 23:04 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2008-03-11 12:44 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2008-02-28 13:18 17920 c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 12:16 42032 c:\program files\Common Files\AOL\1213745417\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 13:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 14:24 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 14:14 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 16:32 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 19:12 582992 c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM05Mon.exe]
-ra------ 2007-05-08 12:00 36864 c:\windows\OEM05Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
--------- 2007-09-17 11:56 124200 c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-06-12 20:29 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-11-05 21:59 4347120 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]
--a------ 2006-11-08 15:01 49152 c:\windows\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-10-25 10:57 16855552 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"stllssvr"=3 (0x3)
"sprtsvc_dellsupportcenter"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"gusvc"=2 (0x2)
"ATI Smart"=2 (0x2)
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1213745417\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)

R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2004-10-06 283904]
R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\drivers\OEM05Afx.sys [2008-06-09 141376]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [2008-06-09 7424]
R3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [2008-06-09 235616]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-06-09 31616]
R4 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-08-23 5376]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-06-12 24652]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2004-10-04 43392]
S3 EuMusDesignVirtualAudioCableWdm;StudioPro audio (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2008-06-22 38784]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S4 0302641231155080mcinstcleanup;McAfee Application Installer Cleanup (0302641231155080);c:\windows\TEMP\030264~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\030264~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S4 StudioPro;StudioPro webcam;c:\windows\system32\DRIVERS\StudioPro.sys --> c:\windows\system32\DRIVERS\StudioPro.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0302641231155080MCINSTCLEANUP

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2009-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2009-01-08 c:\windows\Tasks\ipresub.job
- c:\perl\bin\perl.exe [2004-02-02 23:29]

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
uInternet Settings,ProxyOverride = *.local
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download all by NetXfer - c:\program files\Xi\NetXfer\NXAddList.html
IE: Download All Files by HiDownload - c:\program files\StreamingStar\HiDownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\StreamingStar\HiDownload\HDGet.htm
IE: Download by NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{F7DC590B-B6AD-4F7D-A778-7954A6D15B7F} - c:\program files\Bytescout Movies Extractor Scout\flashextract_ie.html
Trusted Zone: *.internet
Trusted Zone: *.mcafee.com
FF - ProfilePath - c:\documents and settings\jam\Application Data\Mozilla\Firefox\Profiles\ky7hdgf7.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.aol.com/37080/aol/en-us/suite.aspx|http://mail.google.com/mail/#inbox|http://www.match.com/connect/connectionsHelp.aspx|http://www.plentyoffish.com/inbox.aspx?Guid=&SID=#in
FF - component: c:\documents and settings\jam\Application Data\Mozilla\Firefox\Profiles\ky7hdgf7.default\extensions\piclens@cooliris.com\components\piclensstub.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - plugin: c:\documents and settings\jam\Application Data\Mozilla\Firefox\Profiles\ky7hdgf7.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000054.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCID.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 19:39:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1028)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\AOL\acs\AOLacsd.exe
c:\opensa\Apache2\bin\Apache.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\opensa\Apache2\bin\Apache.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\hh.exe
c:\program files\AIM6\aolsoftware.exe
c:\progra~1\Webshots\Webshots.scr
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\progra~1\MOZILL~1\firefox.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-01-07 19:44:58 - machine was rebooted [jam]
ComboFix-quarantined-files.txt 2009-01-08 00:44:55
ComboFix2.txt 2009-01-07 22:49:44

Pre-Run: 308,470,177,792 bytes free
Post-Run: 308,369,235,968 bytes free

1157 --- E O F --- 2008-12-29 08:00:44


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:29 AM

Posted 20 March 2010 - 11:35 AM

Hello again,

What scanner does detect Onestep adware?

UPDATE JAVA
------------------
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 18.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 fscguy

fscguy
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 20 March 2010 - 04:50 PM

Mcaffe was showing the adaware.onstep.


here is my log

Malwarebytes' Anti-Malware 1.44
Database version: 3888
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

3/20/2010 5:27:07 PM
mbam-log-2010-03-20 (17-27-07).txt

Scan type: Full Scan (C:\|)
Objects scanned: 245762
Time elapsed: 55 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\tabquery (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\myibay\unicows.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Program Files\TabQuery\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Streaming Music - MediaPass.lnk (Adware.Trace) -> Quarantined and deleted successfully.


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:29 AM

Posted 20 March 2010 - 05:25 PM

I don't see it now ohmy.gif

How are things running now?

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#11 fscguy

fscguy
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 21 March 2010 - 12:52 AM

eset didnt find anything in its scan.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:29 AM

Posted 21 March 2010 - 03:24 AM

Hello fscguy,

UPDATE XP
--------------
Your Microsoft Windows installation is out of date. Using unpatched Windows systems on the Internet is a security risk to everyone. When there are insecure computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. Keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. If you are not sure how to do this, see How to use Microsoft Update.

For additional information, be sure to read "Windows Xp Service Pack 3 (sp3) Information".

Then go here to check for & install updates to Microsoft applications.
Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.[/color]


ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean smile.gif

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS, GMER (this is a random named file) and OTL.
Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.
Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#13 fscguy

fscguy
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 21 March 2010 - 01:46 PM

when i tried to do the sp3 update it got stuck at the end. it said performing cleanup for like 10 mins with no progress.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:29 AM

Posted 21 March 2010 - 02:25 PM

The install of this update can take quite some time. I'd say to leave it for a bit more and see if it does not finish on its own.

If it really doesn't finish, try to end it manually.

Let me know if that worked and if the update was installed or not.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#15 fscguy

fscguy
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 21 March 2010 - 02:31 PM

well i closed the update and restored to before the install. i will try again in a bit or tomorrow while i am at work.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users