my problem is when i do a virus scan it finds adaware.onestep but cant delete it
OTL logfile created on: 3/17/2010 6:30:21 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\jam\My Documents
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.25 Gb Total Space | 249.67 Gb Free Space | 54.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JAMESDELL
Current User Name: jam
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ========== PRC - [2010/03/17 18:29:42 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jam\My Documents\OTL.exe
PRC - [2010/03/01 10:50:02 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/01 10:50:01 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/26 08:18:19 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/24 23:34:15 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
PRC - [2010/01/17 11:57:51 | 002,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/17 06:59:35 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/31 03:45:14 | 003,399,727 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe
PRC - [2008/12/12 19:31:31 | 000,382,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/11/30 15:50:21 | 003,446,088 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\Webshots.scr
PRC - [2008/11/05 22:59:00 | 004,347,120 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/06/12 21:29:18 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/06/06 12:04:12 | 000,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2007/10/08 17:50:56 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/17 17:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/04/10 17:46:48 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2007/04/01 07:02:22 | 000,983,040 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Sprint music manager\MEMonitor.exe
PRC - [2007/03/13 10:41:02 | 000,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\anotify.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
PRC - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2003/02/10 16:45:22 | 000,020,480 | ---- | M] (Apache Software Foundation) -- C:\OpenSA\Apache2\bin\Apache.exe
========== Modules (SafeList) ========== MOD - [2010/03/17 18:29:42 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jam\My Documents\OTL.exe
MOD - [2006/08/25 09:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 06:00:00 | 001,852,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\AcGenral.dll
MOD - [2004/08/04 06:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll
========== Win32 Services (SafeList) ========== SRV - [2010/03/01 19:14:38 | 000,062,824 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\TabQuery\tabquery121.exe -- (TabQuery Service)
SRV - [2010/03/01 10:50:01 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/06/09 22:54:48 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/10/11 10:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2007/05/17 17:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/01/25 13:31:34 | 000,093,048 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/02/10 16:45:22 | 000,020,480 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\OpenSA\Apache2\bin\Apache.exe -- (Apache2)
========== Driver Services (SafeList) ========== DRV - [2010/01/17 11:57:44 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/01/17 11:57:43 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/04/26 09:49:51 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/02/17 11:43:30 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/12/26 18:51:48 | 000,013,824 | ---- | M] (LoteSoft Co.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\splitcam.sys -- (SPLITCAM)
DRV - [2008/12/01 18:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/11/01 14:38:56 | 004,620,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/23 19:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/07/19 23:10:10 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/07/19 19:26:24 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/07/19 13:00:00 | 000,235,616 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM05Vid.sys -- (OEM05Vid)
DRV - [2007/06/07 13:00:02 | 000,141,376 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM05Afx.sys -- (OEM05Afx)
DRV - [2007/04/22 19:27:48 | 000,038,784 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) StudioPro audio (WDM)
DRV - [2007/04/10 17:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2007/03/05 06:45:04 | 000,007,424 | R--- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM05Vfx.sys -- (OEM05Vfx)
DRV - [2007/01/25 13:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/01/15 18:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)
DRV - [2006/06/20 15:00:38 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2006/06/20 15:00:28 | 000,021,312 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/06/20 15:00:18 | 000,039,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/27 09:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/10/06 10:39:14 | 000,283,904 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A5AGU.sys -- (A5AGU)
DRV - [2004/10/04 06:28:38 | 000,043,392 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Athfmwdl.sys -- (ATHFMWDL)
DRV - [2004/08/04 06:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/04 00:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 00:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/07/27 11:20:46 | 000,028,205 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2004/03/23 22:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/ig/dell?hl=en&cl...amp;ibd=5080610IE - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {a3b24d40-bac4-11dc-95ff-0800200c9a66}:0.2.2
FF - prefs.js..extensions.enabledItems: performeroptimum@livejasmin.com:3.1.5.5
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:1.3.1
FF - prefs.js..extensions.enabledItems: {D591A8AF-267A-4626-AB5E-B37F643B7046}:1.0
FF - HKLM\software\mozilla\Firefox\Extensions\\{5D909F89-B86E-478C-91DE-A55134BFB854}: C:\Documents and Settings\jam\Local Settings\Application Data\{5D909F89-B86E-478C-91DE-A55134BFB854}
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 23:40:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/26 08:18:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/26 08:18:25 | 000,000,000 | ---D | M]
[2009/06/21 13:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jam\Application Data\Mozilla\Extensions
[2009/06/21 13:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jam\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/16 19:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jam\Application Data\Mozilla\Firefox\Profiles\k9j8fmj0.default\extensions
[2009/08/14 07:14:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\jam\Application Data\Mozilla\Firefox\Profiles\k9j8fmj0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/21 16:19:58 | 000,000,000 | ---D | M] (jDownFF) -- C:\Documents and Settings\jam\Application Data\Mozilla\Firefox\Profiles\k9j8fmj0.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2009/11/21 16:41:25 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\jam\Application Data\Mozilla\Firefox\Profiles\k9j8fmj0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/11/01 21:25:10 | 000,000,000 | ---D | M] (Sothink SWF Catcher) -- C:\Documents and Settings\jam\Application Data\Mozilla\Firefox\Profiles\k9j8fmj0.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/03/16 19:07:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/30 07:11:11 | 000,000,000 | ---D | M] (TabQuery) -- C:\Program Files\Mozilla Firefox\extensions\{D591A8AF-267A-4626-AB5E-B37F643B7046}
[2009/07/01 18:14:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\performeroptimum@livejasmin.com
[2008/11/22 18:19:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org
[2008/10/14 12:48:28 | 000,062,872 | ---- | M] (WebEx Comminucations, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ateccli.dll
[2008/10/14 12:48:01 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2008/10/14 12:48:01 | 000,125,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2008/10/14 12:48:28 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2008/10/14 12:47:48 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2007/11/18 15:36:00 | 000,077,824 | ---- | M] (Sobonito Investment LTD) -- C:\Program Files\Mozilla Firefox\plugins\npCID.dll
[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/01/17 11:54:15 | 000,002,388 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\tabquery115.xml
[2010/01/30 07:11:11 | 000,002,391 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\tabquery119.xml
[2010/03/03 08:05:39 | 000,002,388 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\tabquery121.xml
O1 HOSTS File: ([2009/04/20 19:35:24 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (IeCatch5 Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\Jccatch.dll (FlashGet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (gFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll (Xi)
O3 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\..\Toolbar\WebBrowser: (no name) - {E55C2A00-3FF5-4C2F-A07C-A4D6314E945B} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Auto EPSON Stylus Photo R320 Series on MAIN] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005..\Run: [Eyeball Chat] C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe (Eyeball Networks Inc.)
O4 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\jam\Start Menu\Programs\Startup\check-ip-changed.bat ()
O4 - Startup: C:\Documents and Settings\jam\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\jam\Start Menu\Programs\Startup\MEMonitor.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe (Smith Micro Software, Inc.)
O4 - Startup: C:\Documents and Settings\jam\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html ()
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGetAll.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGet.htm ()
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Extract Flash Video with Bytescout... - {F7DC590B-B6AD-4F7D-A778-7954A6D15B7F} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract_ie.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3258488223-1465139301-3237350382-1005\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83}
http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258}
http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B}
http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D}
http://imlive.com/chatsource/ImlCID.cab (imlUCID Class)
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F}
http://www.fastaccess.drivers.bellsouth.ne...bls_speedop.cab (BLS_SpeedOP.systemcheck)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A}
http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}
http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/03/17 18:29:39 | 000,556,032 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jam\My Documents\OTL.exe
[2010/03/10 07:48:29 | 003,555,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/09 19:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/09/21 21:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/09/21 21:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/12/17 00:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\agi
[2008/11/30 15:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\agi
[2008/11/17 00:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/10/09 11:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SupportSoft
[2008/07/15 23:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/06/17 19:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2004/08/11 18:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/08/11 18:06:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/08/11 18:06:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\jam\My Documents\*.tmp files -> C:\Documents and Settings\jam\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/03/17 18:33:38 | 001,491,820 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\downloads.sav
[2010/03/17 18:33:38 | 000,183,309 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\downloads.his.sav
[2010/03/17 18:33:38 | 000,009,794 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\downloads.del.sav
[2010/03/17 18:33:38 | 000,003,316 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\history.sav
[2010/03/17 18:33:38 | 000,001,817 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\schedules.sav
[2010/03/17 18:33:38 | 000,001,563 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\sites.sav
[2010/03/17 18:33:38 | 000,000,782 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\dlmgrsi.sav
[2010/03/17 18:33:38 | 000,000,387 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\groups.sav
[2010/03/17 18:33:38 | 000,000,032 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\mctasks.sav
[2010/03/17 18:33:38 | 000,000,024 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\spider.sav
[2010/03/17 18:33:38 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\uploads.1.sav
[2010/03/17 18:29:56 | 025,537,812 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\5kendra.wmv.part
[2010/03/17 18:29:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\5kendra.wmv
[2010/03/17 18:29:42 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jam\My Documents\OTL.exe
[2010/03/17 18:16:08 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\ipresub.job
[2010/03/17 17:39:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/17 14:38:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/16 22:39:00 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/16 16:20:39 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\jam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/16 16:20:29 | 038,714,173 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\dt1.wmv
[2010/03/16 16:09:53 | 000,033,019 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\dt1(1).wmv
[2010/03/16 16:08:48 | 102,790,594 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\DU-WICHSER-04.rar
[2010/03/16 15:55:56 | 253,226,314 | -H-- | M] () -- C:\Documents and Settings\jam\My Documents\Codi_Milo_3.avi
[2010/03/15 21:53:54 | 081,679,463 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\403.rar
[2010/03/15 09:49:27 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/15 07:30:50 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/15 07:30:50 | 000,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/15 07:30:50 | 000,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/15 07:28:28 | 000,039,893 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/03/15 07:27:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/15 07:26:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/15 07:26:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/15 07:24:47 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\jam\ntuser.dat
[2010/03/15 07:24:47 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\jam\ntuser.ini
[2010/03/15 01:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/03/14 01:22:24 | 081,679,313 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\Can You Cum Before Bikini Goddess Remi Catches You And Humilates (www.jerkfix.com).wmv
[2010/03/13 20:28:41 | 000,033,039 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\LL_SchlGrl_JO.wmv
[2010/03/13 17:35:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/10 14:07:18 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
[2010/03/06 02:00:42 | 041,327,028 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\LexiL.wmv
[2010/03/06 01:24:42 | 058,698,455 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\Kendra.F.wmv
[2010/03/03 08:21:35 | 004,573,623 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\ngCD13_trailer.wmv
[2010/03/02 18:40:39 | 004,885,641 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\hogKJ02_trailer.wmv
[2010/03/01 20:30:19 | 092,040,833 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\05kenstrip.wmv
[2010/03/01 19:51:07 | 125,896,059 | ---- | M] () -- C:\Documents and Settings\jam\Desktop\countdowntocumeatingforcedhigh.wmv
[2010/03/01 19:37:08 | 068,639,447 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\LyneStrokeItCommand.wmv
[2010/03/01 19:36:26 | 142,463,993 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\369.rar
[2010/03/01 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/02/27 03:30:20 | 009,758,222 | ---- | M] () -- C:\Documents and Settings\jam\Desktop\WB13060918.wmv
[2010/02/27 03:29:24 | 009,397,180 | ---- | M] () -- C:\Documents and Settings\jam\Desktop\WB13060912.wmv
[2010/02/27 03:15:39 | 006,079,991 | ---- | M] () -- C:\Documents and Settings\jam\Desktop\WBOnAirDare-ChelseaSnot.wmv
[2010/02/27 02:40:08 | 094,442,613 | ---- | M] () -- C:\Documents and Settings\jam\Desktop\isohump.wmv
[2010/02/27 02:24:46 | 000,033,201 | ---- | M] () -- C:\Documents and Settings\jam\My Documents\isohump.wmv
[2010/02/24 04:00:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/17 13:48:17 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\jam\Start Menu\Programs\Startup\Webshots.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\jam\My Documents\*.tmp files -> C:\Documents and Settings\jam\My Documents\*.tmp -> ]
========== Files Created - No Company Name ========== [2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\kerorufe
[2010/03/17 18:29:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\5kendra.wmv
[2010/03/17 18:29:44 | 019,901,716 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\5kendra.wmv.part
[2010/03/16 16:09:52 | 000,033,019 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\dt1(1).wmv
[2010/03/16 16:09:15 | 102,904,295 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\genie105_HQ-countdown.wmv
[2010/03/16 16:05:16 | 081,679,313 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\Can You Cum Before Bikini Goddess Remi Catches You And Humilates (www.jerkfix.com).wmv
[2010/03/16 15:50:01 | 102,790,594 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\DU-WICHSER-04.rar
[2010/03/16 15:49:45 | 038,714,173 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\dt1.wmv
[2010/03/16 15:47:41 | 253,226,314 | -H-- | C] () -- C:\Documents and Settings\jam\My Documents\Codi_Milo_3.avi
[2010/03/15 21:48:36 | 081,679,463 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\403.rar
[2010/03/13 20:28:41 | 000,033,039 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\LL_SchlGrl_JO.wmv
[2010/03/06 01:53:16 | 041,327,028 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\LexiL.wmv
[2010/03/06 01:14:13 | 058,698,455 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\Kendra.F.wmv
[2010/03/03 08:21:09 | 004,573,623 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\ngCD13_trailer.wmv
[2010/03/02 18:40:15 | 004,885,641 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\hogKJ02_trailer.wmv
[2010/03/01 23:59:27 | 142,463,853 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\Tara - Follow My Direction For A Masturbation Marathon (www.jerkfix.com).wmv
[2010/03/01 20:12:51 | 092,040,833 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\05kenstrip.wmv
[2010/03/01 19:30:00 | 068,639,447 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\LyneStrokeItCommand.wmv
[2010/03/01 19:29:10 | 125,896,059 | ---- | C] () -- C:\Documents and Settings\jam\Desktop\countdowntocumeatingforcedhigh.wmv
[2010/03/01 19:18:20 | 142,463,993 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\369.rar
[2010/02/27 03:29:12 | 009,758,222 | ---- | C] () -- C:\Documents and Settings\jam\Desktop\WB13060918.wmv
[2010/02/27 03:28:18 | 009,397,180 | ---- | C] () -- C:\Documents and Settings\jam\Desktop\WB13060912.wmv
[2010/02/27 03:14:57 | 006,079,991 | ---- | C] () -- C:\Documents and Settings\jam\Desktop\WBOnAirDare-ChelseaSnot.wmv
[2010/02/27 02:24:57 | 094,442,613 | ---- | C] () -- C:\Documents and Settings\jam\Desktop\isohump.wmv
[2010/02/27 02:24:45 | 000,033,201 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\isohump.wmv
[2010/02/23 23:12:47 | 106,815,574 | ---- | C] () -- C:\Documents and Settings\jam\My Documents\Redlight-Greenlight.m4v
[2008/12/31 19:28:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/12/29 21:54:22 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2008/12/28 17:12:31 | 000,002,395 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/12/18 19:55:17 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/12 19:26:23 | 000,000,000 | ---- | C] () -- C:\Program Files\jre-6u11-windows-i586-p.exe.bak
[2008/12/12 19:26:23 | 000,000,000 | ---- | C] () -- C:\Program Files\jre-6u11-windows-i586-p.exe
[2008/12/12 19:26:01 | 000,001,230 | ---- | C] () -- C:\Program Files\jre-6u11-windows-i586-p.exe.sdm
[2008/12/05 19:12:52 | 000,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/12/05 19:12:51 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/11/30 15:49:04 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2008/11/30 15:49:04 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2008/10/12 18:04:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/10/07 17:55:15 | 000,000,217 | ---- | C] () -- C:\WINDOWS\QScreenCapt.ini
[2008/07/30 17:52:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/20 20:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/06/20 20:18:38 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/06/20 20:18:37 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2008/06/12 20:34:17 | 000,073,216 | ---- | C] () -- C:\Documents and Settings\jam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/12 19:08:47 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\jam\Local Settings\Application Data\fusioncache.dat
[2008/06/09 23:00:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/09 22:43:49 | 000,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\livecamv.sys
[2008/06/09 22:42:36 | 000,131,070 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2008/06/09 22:24:05 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2008/06/09 22:22:42 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/05/22 18:22:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/22 18:19:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/22 18:19:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 18:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/02/11 09:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/11/18 15:22:28 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\imlCID.dll
[2007/07/27 14:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/01/25 13:31:36 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/12/05 19:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/09/22 13:12:24 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\sysinfo.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:00:52 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf(2).dll
[2004/08/11 18:00:29 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2004/08/11 18:00:29 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/08/11 18:00:21 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2004/08/11 18:00:18 | 000,056,880 | ---- | C] () -- C:\WINDOWS\System32\scvideo.dll
[2003/02/10 16:30:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\libintl.dll
[2003/02/10 16:28:48 | 000,253,952 | ---- | C] () -- C:\WINDOWS\sablot.dll
[2003/02/10 16:28:24 | 000,114,688 | ---- | C] () -- C:\WINDOWS\libexpat.dll
[2003/02/10 16:21:50 | 000,020,480 | ---- | C] () -- C:\WINDOWS\localcharset.dll
========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6F9610D
< End of report >
OTL Extras logfile created on: 3/17/2010 6:30:21 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\jam\My Documents
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.25 Gb Total Space | 249.67 Gb Free Space | 54.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JAMESDELL
Current User Name: jam
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-3258488223-1465139301-3237350382-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Common Files\AOL\acs\AOLDial.exe" = C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\AOL\acs\AOLacsd.exe" = C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1213745417\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1213745417\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Xi\NetXfer\NetTransport.exe" = C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager -- (Xi)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\OpenSA\Apache2\bin\Apache.exe" = C:\OpenSA\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Perl\bin\perl.exe" = C:\Perl\bin\perl.exe:*:Enabled:Perl Command Line Interpreter -- (ActiveState, a division of Sophos)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\jam\Local Settings\temp\7zSBB.tmp\setup\HPZnui01.exe" = C:\Documents and Settings\jam\Local Settings\temp\7zSBB.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00718491-55BF-46C6-83EF-4B3B95AC807A}" = SplitCam
"{010AC47F-F7E5-4B82-990C-E5E76E9D8E9D}" = Shell Racing Game
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{09C32A3E-CE8E-461F-A2E6-AE798827EB2E}" = ActivePerl 5.8.3 Build 809
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1147FF9A-D576-4cb5-B5E7-FCA21D1E7D26}" = J4680
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CD0C3C5-809D-4CFC-904A-1B67C6243637}" = Debugging Tools for Windows (x86)
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3E981E45-833E-44C4-AB75-3668AA77F8EC}" = Adobe Flash Media Live Encoder 3
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{448E2D77-E504-4221-B2C2-93646B344729}" = Mouse Suite for Desktop Computers
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4DBBF091-FACD-422C-B43C-786335BD5398}" = MovieEdit Task
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{58F33687-EE1F-FE06-AC2B-6858503C33F2}" = Quick Hit - Football
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus XtremeG
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}" = Camtasia Studio 5
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{87841AF8-C785-42FF-A76E-CC0F0C2816CC}" = ATI Catalyst Control Center
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{919B9228-CEBF-418C-BCF5-A1BA043504F4}" = OpenSA web server 2
"{9F70BF98-003C-491D-81FC-FF9792206AF0}" = iTunes
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E55C2A00-3FF5-4C2F-A07C-A4D6314E945B}" = Mirar
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Complete Care Consumer Service Agreement
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FE34691C-4298-4667-9758-D7F534DD0B94}" = Dell Automated PC TuneUp
"7-Zip" = 7-Zip 4.65
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"AVI Splitter_is1" = AVI Splitter
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Banner Maker Pro 7_is1" = Banner Maker Pro Version 7
"Camfrog 5.3" = Camfrog Video Chat 5.3
"Creative OEM005" = Monitor Webcam (SP2208WFP) Driver (1.00.08.0720)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"EsetOnlineScanner" = ESET Online Scanner
"ExpertGPS_is1" = ExpertGPS 2.9.5
"Eyeball Chat 2.2" = Eyeball Chat 2.2
"FlashGet(JetCar)" = FlashGet(JetCar)
"FLV Player" = FLV Player 2.0 (build 25)
"Free Download Manager_is1" = Free Download Manager 3.0
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"HiDownload_is1" = HiDownload
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{4DBBF091-FACD-422C-B43C-786335BD5398}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX
"InstallShield_{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus XtremeG
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"LimeWire" = LimeWire 5.1.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18)
"MPEG Converter" = MPEG Converter
"MSC" = McAfee SecurityCenter
"MSNINST" = MSN
"myibay eBay bid sniper_is1" = myibay eBay bid sniper 1.0.37
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NetXfer Vista(x86) (Multilingual)_is1" = NetXfer 2.57.399
"Picasa 3" = Picasa 3
"Prism" = Prism Video Converter
"PROSet" = Intel® PRO Network Connections Drivers
"QcDrv" = Logitech® Camera Driver
"quickhit.football.QHFootball.4D5206CA741FBF5FD6AAD1A97F5076E917382B34.1" = Quick Hit - Football
"RealPlayer 6.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"SkypeCap_is1" = SkypeCap
"SprintMusicManagerA" = Sprint music manager
"TabQuery" = TabQuery 1.0 build 121
"TIMELEFT3_is1" = TimeLeft
"tintii" = indii.org/tintii
"Total Video Player 1.03_is1" = Total Video Player 1.03
"UnityWebPlayer" = Unity Web Player
"VidCrop_is1" = VidCrop
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.41-rc1
"WinPcapInst" = WinPcap 4.0
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft Video Converter" = Xilisoft Video Converter 3
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3258488223-1465139301-3237350382-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 3/14/2010 6:39:36 AM | Computer Name = JAMESDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 3/14/2010 6:39:36 AM | Computer Name = JAMESDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 3/14/2010 6:39:36 AM | Computer Name = JAMESDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 3/14/2010 6:39:36 AM | Computer Name = JAMESDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 3/14/2010 6:39:36 AM | Computer Name = JAMESDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 3/14/2010 6:39:36 AM | Computer Name = JAMESDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 3/14/2010 6:39:36 AM | Computer Name = JAMESDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 3/14/2010 6:39:37 AM | Computer Name = JAMESDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 3/14/2010 6:39:37 AM | Computer Name = JAMESDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 3/14/2010 9:43:22 PM | Computer Name = JAMESDELL | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2072 (0x818) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\jam\My
Documents\New Folder\jeep_mm_setup_gc.exe by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0)
7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
[ OSession Events ]
Error - 4/13/2009 7:57:44 PM | Computer Name = JAMESDELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 168406
seconds with 180 seconds of active time. This session ended with a crash.
Error - 4/20/2009 7:22:52 PM | Computer Name = JAMESDELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 84843
seconds with 180 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 3/6/2010 7:11:33 PM | Computer Name = JAMESDELL | Source = Service Control Manager | ID = 7000
Description = The StudioPro webcam service failed to start due to the following
error: %%2
Error - 3/6/2010 7:11:33 PM | Computer Name = JAMESDELL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the TabQuery Service service
to connect.
Error - 3/6/2010 7:13:06 PM | Computer Name = JAMESDELL | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 3/7/2010 8:22:23 PM | Computer Name = JAMESDELL | Source = Service Control Manager | ID = 7000
Description = The StudioPro webcam service failed to start due to the following
error: %%2
Error - 3/7/2010 8:22:23 PM | Computer Name = JAMESDELL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the TabQuery Service service
to connect.
Error - 3/7/2010 8:23:45 PM | Computer Name = JAMESDELL | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 3/14/2010 9:44:05 PM | Computer Name = JAMESDELL | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.
Error - 3/15/2010 7:26:10 AM | Computer Name = JAMESDELL | Source = Service Control Manager | ID = 7000
Description = The StudioPro webcam service failed to start due to the following
error: %%2
Error - 3/15/2010 7:26:10 AM | Computer Name = JAMESDELL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the TabQuery Service service
to connect.
Error - 3/15/2010 7:27:36 AM | Computer Name = JAMESDELL | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
< End of report >
GMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2010-03-17 19:59:00
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB05280B0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB046B78A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB046B837]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB046B863]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB046B8D1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB046B8BB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB046B7CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB046B8FD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB046B80D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB046B710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB046B724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB046B79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB046B939]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB046B8A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB046B88F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB046B84D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB046B925]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB046B911]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB046B776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB046B762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB046B7F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB046B8E7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB046B7E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB046B7B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.14 ----
.text ntkrnlpa.exe!ZwYieldExecution 80504ABC 7 Bytes JMP B046B7B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80577F8E 5 Bytes JMP B046B78E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B0E34 7 Bytes JMP B046B7CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B1C42 5 Bytes JMP B046B7E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B7218 7 Bytes JMP B046B7A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CA156 5 Bytes JMP B046B714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CA3E2 5 Bytes JMP B046B728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CCBA0 5 Bytes JMP B046B766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D0436 5 Bytes JMP B046B77A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D1680 5 Bytes JMP B046B7FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 80620660 7 Bytes JMP B046B893 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 806209AE 5 Bytes JMP B046B915 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80620F2E 7 Bytes JMP B046B8EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80621774 7 Bytes JMP B046B8A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80621FCC 7 Bytes JMP B046B851 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80622A36 7 Bytes JMP B046B83B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80622C06 7 Bytes JMP B046B867 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80622DE6 7 Bytes JMP B046B8D5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 80623050 7 Bytes JMP B046B8BF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 8062393C 5 Bytes JMP B046B811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80623C60 7 Bytes JMP B046B93D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 80624186 5 Bytes JMP B046B929 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 806242A0 5 Bytes JMP B046B901 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0063000A
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00630F85
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00630084
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00630073
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00630FC0
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00630047
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00630F5E
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 006300B0
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006300F7
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006300DC
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00630108
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00630062
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00630025
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00630095
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00630036
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00630FE5
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 006300CB
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007B0036
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007B0FC3
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007B001B
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007B0000
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 007B0080
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 007B0FEF
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 007B0065
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 007B0FD4
.text C:\WINDOWS\system32\svchost.exe[176] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00650FDB
.text C:\WINDOWS\system32\svchost.exe[176] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[176] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00650011
.text C:\WINDOWS\system32\svchost.exe[176] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 0065002E
.text C:\WINDOWS\system32\svchost.exe[176] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00830FEF
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008300A7
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0083008C
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00830FA8
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0083005B
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0083002F
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008300E9
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008300C2
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008300FA
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00830F61
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00830F46
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0083004A
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00830FDE
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00830F97
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00830014
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00830FC3
.text C:\WINDOWS\system32\svchost.exe[528] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00830F7C
.text C:\WINDOWS\system32\svchost.exe[528] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00820FD4
.text C:\WINDOWS\system32\svchost.exe[528] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00820F68
.text C:\WINDOWS\system32\svchost.exe[528] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0082001B
.text C:\WINDOWS\system32\svchost.exe[528] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00820FEF
.text C:\WINDOWS\system32\svchost.exe[528] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00820F83
.text C:\WINDOWS\system32\svchost.exe[528] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00820000
.text C:\WINDOWS\system32\svchost.exe[528] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00820F9E
.text C:\WINDOWS\system32\svchost.exe[528] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [ A2, 88 ]
.text C:\WINDOWS\system32\svchost.exe[528] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00820FB9
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0000
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A004E
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F59
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0F74
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A003D
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FB6
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F2D
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0069
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A009A
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F01
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001A0EE6
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001A0FA5
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001A001B
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001A0F3E
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001A002C
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001A0FDB
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001A0F1C
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290025
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290F9B
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0029000A
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FD4
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00290062
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00290047
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00290036
.text C:\WINDOWS\Explorer.EXE[752] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 002C001B
.text C:\WINDOWS\Explorer.EXE[752] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 002C000A
.text C:\WINDOWS\Explorer.EXE[752] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 002C002C
.text C:\WINDOWS\Explorer.EXE[752] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 002C0FCF
.text C:\WINDOWS\Explorer.EXE[752] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 013D0FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[912] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[912] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A60000
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A60F5C
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A60F77
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A60051
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A60F94
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A6002C
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A600A4
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A60093
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A60F1C
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A60F37
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A60F01
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A60FAF
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A60FDB
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A6006C
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A60FC0
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A60011
.text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A600B5
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01260F9E
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01260F61
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01260FB9
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01260FCA
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 0126001E
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 01260FE5
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 01260F72
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [ 46, 89 ]
.text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 01260F83
.text C:\WINDOWS\system32\services.exe[1060] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A80000
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E40FE5
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E40056
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E40F61
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E40F72
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E4002F
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E40F9E
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E40084
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E40067
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E40EFC
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E40F17
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00E400A6
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00E40F83
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E40FD4
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00E40F46
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00E40014
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00E40FC3
.text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00E40095
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F40FC3
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F4006C
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F40014
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F40FDE
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00F4005B
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00F4004A
.text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00F40039
.text C:\WINDOWS\system32\lsass.exe[1072] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00F20FEF
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0091006A
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00910F75
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00910F86
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00910F97
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00910039
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009100A9
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00910098
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00910F2B
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00910F3C
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009100DF
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00910FB2
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00910014
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 0091007B
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00910FCD
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00910FDE
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 009100BA
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00940022
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00940069
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00940011
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00940FE5
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00940058
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00940000
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00940FB6
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [ B4, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 0094003D
.text C:\WINDOWS\system32\svchost.exe[1256] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A80000
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A80F5C
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A80051
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A80F83
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A80F94
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A80FCA
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A80F3F
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A80087
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A800BD
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A800AC
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A800CE
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A80FA5
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A8001B
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A8006C
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A80FDB
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A8002C
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A80F2E
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AB0FCD
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AB0068
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AB0014
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AB0FDE
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00AB004D
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00AB0FA1
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [ CB, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00AB0FBC
.text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A9000A
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02480FEF
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 02480F6D
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02480062
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02480047
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02480F8A
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02480FB6
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 0248009F
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0248008E
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 024800D5
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02480F3C
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 024800F0
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 02480FA5
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 02480000
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 02480073
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 02480022
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 02480011
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 024800BA
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 024C0FA8
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 024C0F7C
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 024C0FB9
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 024C0FCA
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 024C0039
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 024C0FEF
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 024C0028
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 024C0F97
.text C:\WINDOWS\System32\svchost.exe[1356] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 02490FEF
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 024A0FDE
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 024A0FEF
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 024A0FCD
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 024A0FBC
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00780000
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00780F6D
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00780F7E
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00780062
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00780FAF
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00780040
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00780F48
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00780090
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00780F2D
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007800C6
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00780F12
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00780051
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00780FE5
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00780073
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00780FCA
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0078001B
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 007800AB
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007F0FAF
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007F0F8A
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007F0FCA
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007F0FDB
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 007F0047
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 007F0000
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 007F0036
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 007F001B
.text C:\WINDOWS\system32\svchost.exe[1584] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 007D0FE5
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00990FE5
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00990F6D
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00990062
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00990F94
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00990051
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00990040
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00990F37
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00990F48
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009900BF
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009900A4
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009900D0
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00990FAF
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00990FCA
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00990073
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00990025
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00990F26
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009C0FD1
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009C0073
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009C0022
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009C0011
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 009C0FAC
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 009C004E
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 009C003D
.text C:\WINDOWS\system32\svchost.exe[1608] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009A0000
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0070000A
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00700F7C
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00700F8D
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00700FA8
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00700065
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00700FC3
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00700F50
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00700098
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00700F13
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00700F24
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 007000C7
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0070004A
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00700FEF
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00700F61
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00700025
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00700FD4
.text C:\WINDOWS\System32\svchost.exe[2248] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00700F3F
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006F0025
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006F0F9E
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006F0FD4
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006F000A
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 006F005B
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 006F0FEF
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 006F004A
.text C:\WINDOWS\System32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 006F0FC3
.text C:\WINDOWS\System32\svchost.exe[2248] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006D0000
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00700FE5
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00700F68
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0070005D
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0070004C
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00700F83
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00700025
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00700F4B
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00700093
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007000C9
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00700F26
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 007000DA
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00700F94
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00700FD4
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00700082
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00700FAF
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00700000
.text C:\WINDOWS\System32\svchost.exe[2280] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 007000A4
.text C:\WINDOWS\System32\svchost.exe[2280] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006F0FE5
.text C:\WINDOWS\System32\svchost.exe[2280] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006F009B
.text C:\WINDOWS\System32\svchost.exe[2280] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006F002C
.text C:\WINDOWS\System32\svchost.exe[2280] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006F001B
.text C:\WINDOWS\System32\svchost.exe[2280] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 006F0076
.text C:\WINDOWS\System32\svchost.exe[2280] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 006F0000
.text C:\WINDOWS\System32\svchost.exe[2280] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 006F0FD4
.text C:\WINDOWS\System32\svchost.exe[2280] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [ 8F, 88 ]
.text C:\WINDOWS\System32\svchost.exe[2280] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 006F0051
.text C:\WINDOWS\System32\svchost.exe[2280] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006D0000
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A60FEF
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A6006C
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A60F77
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A60F92
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A60051
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A60FAF
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A60F4B
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A60F5C
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A60EFA
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A60F15
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A60EE9
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A60036
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A60FD4
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A60087
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A60025
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A60000
.text C:\WINDOWS\system32\svchost.exe[2428] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A60F30
.text C:\WINDOWS\system32\svchost.exe[2428] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A50FB9
.text C:\WINDOWS\system32\svchost.exe[2428] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A50F8D
.text C:\WINDOWS\system32\svchost.exe[2428] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A50FD4
.text C:\WINDOWS\system32\svchost.exe[2428] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A50FE5
.text C:\WINDOWS\system32\svchost.exe[2428] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00A50F9E
.text C:\WINDOWS\system32\svchost.exe[2428] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00A50000
.text C:\WINDOWS\system32\svchost.exe[2428] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00A50040
.text C:\WINDOWS\system32\svchost.exe[2428] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00A50025
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B009A
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0089
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B006E
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0047
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0FC0
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B0F65
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B00AB
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B0F2F
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B0F4A
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001B00ED
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001B0FA5
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001B0F8A
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001B002C
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\wuauclt.exe[4712] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001B00C8
.text C:\WINDOWS\system32\wuauclt.exe[4712] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B0FE5
.text C:\WINDOWS\system32\wuauclt.exe[4712] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\wuauclt.exe[4712] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0036
.text C:\WINDOWS\system32\wuauclt.exe[4712] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B001B
.text C:\WINDOWS\system32\wuauclt.exe[4712] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 002B0051
.text C:\WINDOWS\system32\wuauclt.exe[4712] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 002B0000
.text C:\WINDOWS\system32\wuauclt.exe[4712] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 002B0FAF
.text C:\WINDOWS\system32\wuauclt.exe[4712] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [ 4B, 88 ]
.text C:\WINDOWS\system32\wuauclt.exe[4712] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 002B0FC0
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0000
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F8B
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A008A
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A006F
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0FB2
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0040
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F5F
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A00A7
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0F2C
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F3D
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001A00E0
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001A0F70
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001A001B
.text C:\WINDOWS\system32\svchost.exe[4972] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001A0F4E
.text C:\WINDOWS\system32\svchost.exe[4972] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0029002C
.text C:\WINDOWS\system32\svchost.exe[4972] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290062
.text C:\WINDOWS\system32\svchost.exe[4972] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0029001B
.text C:\WINDOWS\system32\svchost.exe[4972] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0029000A
.text C:\WINDOWS\system32\svchost.exe[4972] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00290051
.text C:\WINDOWS\system32\svchost.exe[4972] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\svchost.exe[4972] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00290FA5
.text C:\WINDOWS\system32\svchost.exe[4972] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [ 49, 88 ]
.text C:\WINDOWS\system32\svchost.exe[4972] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00290FC0
.text C:\WINDOWS\system32\svchost.exe[4972] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B20FEF
.text C:\WINDOWS\system32\svchost.exe[4972] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[4972] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[4972] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\system32\svchost.exe[4972] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00BC0FB9
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[212] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4444] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\anotify.exe[4460] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \FileSystem\Fastfat \Fat 9EA6BC8A
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- EOF - GMER 1.0.14 ----