Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer dragging bad

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer dragging bad

Unread postby VickieC » August 23rd, 2009, 11:29 pm

Hi,

My computer has started dragging bad. I haven't downloaded anything new and I have a lot of space left. If someone can look at the log and see if anything there could be causing it I would appreciate it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:43 PM, on 8/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\AccuWeather.com Stratus\AccuWeather.com Stratus.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\aol\1125257697\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: AccuWeather.lnk = C:\Program Files\AccuWeather.com Stratus\AccuWeather.com Stratus.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Slingo%20Quest/Images/stg_drm.ocx
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/free- ... uncher.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mystery P.I. - The Vegas Heist\Images\armhelper.ocx
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/Game ... meHost.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10669 bytes
VickieC
Regular Member
 
Posts: 52
Joined: July 11th, 2009, 11:39 am
Advertisement
Register to Remove

Re: Computer dragging bad

Unread postby Wingman » August 27th, 2009, 8:31 am

Hello... Welcome to the forum.
My name is Wingman, and I'll be helping you with any malware problems.
HijackThis logs can take a while to research, so please be patient.

I am currently under the guidance of the MRU teachers, everything I post to you, has been reviewed by them.
This additional review process can add some extra time to my responses...but not too much
.
;)

Before we begin...please note the following important guidelines.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. DO NOT run any other fix or removal tools unless instructed to do so!
  3. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  4. Please, if you have questions about something...ASK, don't guess or assume.
  5. Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  7. Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean"

If you follow these guidelines, things should proceed smoothly. :)
I am currently reviewing your log and will return, as soon as possible, with additional instructions.
In the meantime... please perform the following steps.

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
RSIT (Random's System Information Tool)
Please download RSIT by random/random... save it to your desktop.
  1. Double click on RSIT.exe to run it... read the disclaimer... click on Continue.
  2. RSIT will start running. When done... 2 logs files...will be produced.
    The first one, "log.txt", will be maximized ... the second one, "info.txt", will be minimized.
  3. Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Step 2.
GMER
Please download GMER by GMER. An alternate download site.
  1. Unzip it to a folder on your desktop.
  2. Double click on gmer.exe to execute.
    If asked, allow the gmer.sys driver load.
  3. If you get a warning prompt about rootkit activity ... asking if you want to run Scan, click OK.
  4. If you don't get a warning then...
    • Click the Rootkit/Malware tab at the top of the GMER window.
    • Click the Scan button.
  5. Once the scan has finished... click Copy. ... Do not close the GMER window yet...
  6. Open Notepad and paste what you copied. Ctrl+V
  7. Select "Save As" in Notepad...saving the file to your desktop as "gmerroot.txt"... then close Notepad.
    In the GMER window...
  8. Click on the >>> tab at the top of the GMER window.
    This displays the rest of the "selection" tabs for you.
  9. Click on the Autostart tab.
  10. Click on Scan button... Once the scan has finished... click Copy.
  11. Open Notepad (again) and paste what you copied. Ctrl+V
  12. Select "Save As" in Notepad...saving the file to your desktop as "gmerauto.txt"
  13. Copy and paste the contents of the files gmerroot.txt and gmerauto.txt in you next reply.

Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. RSIT log and info.txt file contents
  3. GMER gmerroot and gmerauto.txt file contents
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Computer dragging bad

Unread postby VickieC » August 27th, 2009, 11:34 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-08-27 23:25:24
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 43 GB (47%) free of 92 GB
Total RAM: 495 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:57 PM, on 8/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\common files\aol\1125257697\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\Program Files\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: AccuWeather.lnk = C:\Program Files\AccuWeather.com Stratus\AccuWeather.com Stratus.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Slingo%20Quest/Images/stg_drm.ocx
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/free- ... uncher.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mystery P.I. - The Vegas Heist\Images\armhelper.ocx
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/Game ... meHost.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10705 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-07-19 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-07-08 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-03-24 352256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"LXBXCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16 []
"FaxCenterServer4_in_1"=C:\Program Files\Lexmark 7100 Series\fm3032.exe [2004-12-06 286720]
"EzPrint"=C:\Program Files\Lexmark 7100 Series\ezprint.exe [2004-09-17 61440]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
"HostManager"=C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe [2008-06-24 41824]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-04-28 516440]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-07-19 198160]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-06-01 341312]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-07-10 645328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
AccuWeather.lnk - C:\Program Files\AccuWeather.com Stratus\AccuWeather.com Stratus.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\1125257697\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1125257697\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Abacast\Abaclient.exe"="C:\Program Files\Abacast\Abaclient.exe:*:Enabled:Abaclient"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Disabled:Octoshape add-in for Adobe Flash Player"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\1125257697\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1125257697\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

======List of files/folders created in the last 1 months======

2009-08-25 23:31:44 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-23 00:23:36 ----D---- C:\Program Files\Common Files\McAfee
2009-08-23 00:23:31 ----D---- C:\Program Files\McAfee.com
2009-08-23 00:23:13 ----D---- C:\Program Files\McAfee
2009-08-22 03:05:21 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-13 02:05:12 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 02:05:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 02:04:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 02:04:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 02:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 02:04:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 02:04:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 02:03:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 02:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-04 22:01:51 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-04 22:01:51 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-04 22:01:50 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2009-08-27 23:25:32 ----D---- C:\WINDOWS\Temp
2009-08-27 23:25:06 ----D---- C:\WINDOWS\Prefetch
2009-08-27 18:53:35 ----D---- C:\WINDOWS
2009-08-27 08:42:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-26 21:02:05 ----D---- C:\Program Files\Mozilla Firefox
2009-08-26 13:15:47 ----SHD---- C:\Config.Msi
2009-08-25 23:50:08 ----SHD---- C:\WINDOWS\Installer
2009-08-25 23:50:07 ----D---- C:\Program Files\Common Files
2009-08-25 23:41:57 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-25 23:32:11 ----HD---- C:\WINDOWS\inf
2009-08-25 23:31:51 ----D---- C:\WINDOWS\system32
2009-08-25 21:39:22 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-24 08:36:25 ----A---- C:\WINDOWS\imsins.BAK
2009-08-24 08:36:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-24 08:36:08 ----D---- C:\WINDOWS\system32\drivers
2009-08-23 23:07:03 ----A---- C:\WINDOWS\win.ini
2009-08-23 09:59:28 ----D---- C:\WINDOWS\network diagnostic
2009-08-23 09:49:50 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-08-23 00:28:42 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-23 00:24:05 ----SD---- C:\WINDOWS\Tasks
2009-08-23 00:23:31 ----D---- C:\Program Files
2009-08-22 23:55:12 ----D---- C:\WINDOWS\system32\config
2009-08-22 23:54:44 ----D---- C:\WINDOWS\system32\wbem
2009-08-22 23:54:44 ----D---- C:\WINDOWS\Registration
2009-08-21 21:58:19 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-19 14:54:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-13 21:42:50 ----A---- C:\VETlog.txt
2009-08-13 02:04:06 ----D---- C:\Program Files\Outlook Express
2009-08-05 05:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-04 22:01:05 ----D---- C:\Program Files\Java
2009-08-01 19:06:48 ----D---- C:\Program Files\Google
2009-08-01 19:06:48 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-07-29 20:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-28 19:43:07 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-05-19 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-05-19 2560]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2005-09-04 241280]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-07-08 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2002-12-17 139674]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2002-12-17 206464]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2006-03-22 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-27 2284864]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-06-17 220032]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-07-08 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-07-08 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-07-08 40552]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2002-12-17 30630]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2008-01-20 26112]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-02-05 9856]
R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2002-12-17 25930]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-07-08 34248]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-09-22 515200]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-28 953168]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-07-08 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-07-10 894136]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2005-05-11 172032]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-07-08 606736]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-07-14 66056]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 lxbx_device;lxbx_device; C:\WINDOWS\system32\lxbxcoms.exe [2005-01-06 462848]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-07-08 365072]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.06 2009-08-27 23:33:15

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DC8786E-35D6-4E50-9301-627AAF99D852}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8008FE43-F06B-45F9-8464-20AFD27DEE53}\setup.exe" -l0x9 anything
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}\setup.exe" -l0x9 -L0x9anything
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9DA84FEC-670A-441B-ACC1-D0FE8C977492}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Abacast Client-->C:\PROGRA~1\Abacast\UNWISE.EXE C:\PROGRA~1\Abacast\client.LOG
ABBYY FineReader 6.0 Sprint Plus-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
AccuWeather.com Stratus-->MsiExec.exe /X{1C0C5E50-8B6D-BECC-13B2-BA09E66F7F5A}
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Download Manager-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
AltoMP3 Gold 5.06-->"C:\Program Files\AltoMP3 Gold\unins000.exe"
Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
AXIS Media Control SDK-->C:\PROGRA~1\AXISCO~1\AXISME~1\UNWISE.EXE C:\PROGRA~1\AXISCO~1\AXISME~1\INSTALL.LOG
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
BigFix-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Comcast Rhapsody-->C:\PROGRA~1\COMCAS~1\Unwise32.exe /A C:\PROGRA~1\COMCAS~1\install.log
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe"
Go Bingo-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\gobingo.rguninst" "AddRemove"
HDView for Internet Explorer-->MsiExec.exe /I{FCC3BD6A-F118-475D-8748-7EE08EA0AF56}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
ieSpell 2.1.1 (build 325)-->"C:\Program Files\ieSpell\uninst.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 7100 Series Fax Solutions-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{316A75E3-039D-4BF4-AC29-3FF91E8555CD} /l1033 /z/U
Lexmark 7100 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbxUNST.EXE -NOLICENSE
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
MeridianLink Site Security Certificate-->C:\PROGRA~1\SITECH~1\UNWISE.EXE C:\PROGRA~1\SITECH~1\INSTALL.LOG
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MyDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\SETUP.EXE" -l0x9 -L0x9 /SMAINT
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Protected Music Converter 1.0.0.9-->"C:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe"
Pure Networks Port Magic-->C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUI
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealArcade-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst" "AddRemove"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RecordPad Sound Recorder Uninstall-->C:\Program Files\NCH Swift Sound\RecordPad\uninst.exe
Recovery Software Suite eMachines-->MsiExec.exe /I{15377C3E-9655-400F-B441-E69F0A6BEAFE}
Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
ShowBiz-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07295ABF-1245-415A-BE06-863271753443}\setup.exe" -l0x9
SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
SoundTap-->C:\Program Files\NCH Swift Sound\SoundTap\uninst.exe
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol 2009-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) [2009-07-16]
R3 - URLSearchHook: (no name) - - (no file) [2009-07-16]
O4 - HKCU\..\Run: [SpyDefender Shield] "C:\Program Files\SpyDefender Pro\SpyDefender.exe" --scan2 [2009-07-16]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) [2009-07-16]
O15 - Trusted Zone: http://*.mcafee.com [2009-07-16]

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: YOUR-5552C4542A
Event Code: 1002
Message: The IP address lease 192.168.100.2 for the Network Card with network address 001320257673 has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 118530
Source Name: Dhcp
Time Written: 20090724225850.000000-240
Event Type: error
User:

Computer Name: YOUR-5552C4542A
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Record Number: 118529
Source Name: W32Time
Time Written: 20090724225832.000000-240
Event Type: error
User:

Computer Name: YOUR-5552C4542A
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 118528
Source Name: W32Time
Time Written: 20090724225832.000000-240
Event Type: error
User:

Computer Name: YOUR-5552C4542A
Event Code: 1002
Message: The IP address lease 68.53.195.184 for the Network Card with network address 001320257673 has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 118527
Source Name: Dhcp
Time Written: 20090724225826.000000-240
Event Type: error
User:

Computer Name: YOUR-5552C4542A
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001320257673. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 118526
Source Name: Dhcp
Time Written: 20090724225826.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: YOUR-5552C4542A
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 109
Source Name: Application Hang
Time Written: 20090718201140.000000-240
Event Type: error
User:

Computer Name: YOUR-5552C4542A
Event Code: 1002
Message: Hanging application muppy.exe, version 1.39.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 108
Source Name: Application Hang
Time Written: 20090718195557.000000-240
Event Type: error
User:

Computer Name: YOUR-5552C4542A
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 101
Source Name: Application Hang
Time Written: 20090718154650.000000-240
Event Type: error
User:

Computer Name: YOUR-5552C4542A
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 28
Source Name: Application Hang
Time Written: 20090716012129.000000-240
Event Type: error
User:

Computer Name: YOUR-5552C4542A
Event Code: 1000
Message: Faulting application ViewpointService.exe, version 2.0.0.54, faulting module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Record Number: 3
Source Name: Application Error
Time Written: 20090715215347.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Sonic\MyDVD;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
VickieC
Regular Member
 
Posts: 52
Joined: July 11th, 2009, 11:39 am

Re: Computer dragging bad

Unread postby VickieC » August 28th, 2009, 12:06 am

gmerroot log part 1

GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-27 23:51:24
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF768E87E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF768EBFE]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xED8284EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xED828498]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xED8284AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xED828597]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xED8285C3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xED828631]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xED82861B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xED82852A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xED82865D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xED82856D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xED828470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xED828484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xED8284FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xED828699]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xED828605]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xED8285EF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xED8285AD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xED828685]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xED828671]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xED8284D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xED8284C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xED828559]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xED828647]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xED828540]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xED828514]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + F0 804E274C 4 Bytes CALL 16B71EB9
.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP ED828518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D59 5 Bytes JMP ED828571 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F2 7 Bytes JMP ED8285F3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CDC0 5 Bytes JMP ED8284EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DC01 5 Bytes JMP ED8284C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570A6D 7 Bytes JMP ED82869D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 7 Bytes JMP ED828635 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805717C7 5 Bytes JMP ED828474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571CB1 2 Bytes JMP ED828502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory + 3 80571CB4 4 Bytes [2B, 6D, 90, 90] {SUB EBP, [EBP-0x70]; NOP }
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805736E6 5 Bytes JMP ED828544 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573B61 7 Bytes JMP ED82852E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC6C 7 Bytes JMP ED8284B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805822EC 5 Bytes JMP ED82855D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058A1C9 5 Bytes JMP ED828488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058A699 5 Bytes JMP ED828661 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590677 7 Bytes JMP ED82861F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D5C 7 Bytes JMP ED8285C7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805952CA 7 Bytes JMP ED82859B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B136A 5 Bytes JMP ED82849C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DD17 5 Bytes JMP ED8284DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064D9DA 7 Bytes JMP ED82864B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E300 7 Bytes JMP ED828609 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E77C 7 Bytes JMP ED8285B1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064EC71 1 Byte [E9]
PAGE ntoskrnl.exe!ZwRestoreKey 8064EC71 5 Bytes JMP ED828675 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F0DC 5 Bytes JMP ED828689 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----
VickieC
Regular Member
 
Posts: 52
Joined: July 11th, 2009, 11:39 am

Re: Computer dragging bad

Unread postby VickieC » August 28th, 2009, 12:07 am

gmerroot part 2

.text C:\WINDOWS\system32\svchost.exe[112] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[112] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0F70
.text C:\WINDOWS\system32\svchost.exe[112] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC005B
.text C:\WINDOWS\system32\svchost.exe[112] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC004A
.text C:\WINDOWS\system32\svchost.exe[112] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0F8D
.text C:\WINDOWS\system32\svchost.exe[112] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0FC3
.text C:\WINDOWS\system32\svchost.exe[112] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC00A7
.text C:\WINDOWS\system32\svchost.exe[112] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC0096
.text C:\WINDOWS\system32\svchost.exe[112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC0F3D
.text C:\WINDOWS\system32\svchost.exe[112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC0F4E
.text C:\WINDOWS\system32\svchost.exe[112] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC00F1
.text C:\WINDOWS\system32\svchost.exe[112] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC0FA8
.text C:\WINDOWS\system32\svchost.exe[112] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[112] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC0F5F
.text C:\WINDOWS\system32\svchost.exe[112] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC002F
.text C:\WINDOWS\system32\svchost.exe[112] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\system32\svchost.exe[112] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC00CC
.text C:\WINDOWS\system32\svchost.exe[112] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00660022
.text C:\WINDOWS\system32\svchost.exe[112] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00660F91
.text C:\WINDOWS\system32\svchost.exe[112] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00660011
.text C:\WINDOWS\system32\svchost.exe[112] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00660000
.text C:\WINDOWS\system32\svchost.exe[112] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00660058
.text C:\WINDOWS\system32\svchost.exe[112] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00660FE5
.text C:\WINDOWS\system32\svchost.exe[112] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00660FB6
.text C:\WINDOWS\system32\svchost.exe[112] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [86, 88]
.text C:\WINDOWS\system32\svchost.exe[112] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0066003D
.text C:\WINDOWS\system32\svchost.exe[112] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00650FB7
.text C:\WINDOWS\system32\svchost.exe[112] msvcrt.dll!system 77C293C7 5 Bytes JMP 00650FC8
.text C:\WINDOWS\system32\svchost.exe[112] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00650038
.text C:\WINDOWS\system32\svchost.exe[112] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[112] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00650FE3
.text C:\WINDOWS\system32\svchost.exe[112] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00650011
.text C:\WINDOWS\system32\svchost.exe[112] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00630FE5
.text C:\WINDOWS\system32\svchost.exe[112] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[112] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00630011
.text C:\WINDOWS\system32\svchost.exe[112] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00630FC0
.text C:\WINDOWS\system32\svchost.exe[112] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F9E
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070093
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0007005B
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0007002C
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000700C1
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F79
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700E3
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070F4A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 000700F4
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070FAF
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 000700A4
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070FC0
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 000700D2
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060036
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060087
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060FE5
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0006001B
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060FC0
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00060062
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060047
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050027
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050F9C
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FC1
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0005000C
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FD2
.text C:\WINDOWS\system32\services.exe[732] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C00F74
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C00F85
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C00FA2
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C0005F
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C0003D
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C000BA
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C0009F
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C00F46
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C000D5
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C00F35
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C0004E
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C00084
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C0002C
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C0001B
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C00F57
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF0036
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF0069
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF0FDB
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF0011
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF0058
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BF0FB6
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DF, 88]
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF0047
.text C:\WINDOWS\system32\lsass.exe[756] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0F75
.text C:\WINDOWS\system32\lsass.exe[756] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0F9A
.text C:\WINDOWS\system32\lsass.exe[756] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\lsass.exe[756] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0FE3
.text C:\WINDOWS\system32\lsass.exe[756] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0FAB
.text C:\WINDOWS\system32\lsass.exe[756] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0FD2
.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BD0FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[880] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DC009D
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DC0F9E
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DC006C
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DC0051
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DC0FAF
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DC0F61
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DC0F7C
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DC0F2B
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DC00C4
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DC00D5
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DC0040
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DC000A
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DC0F8D
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DC001B
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DC0FCA
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DC0F50
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DB0040
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DB0076
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DB0025
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DB000A
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DB0FB9
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DB005B
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DB0FD4
.text C:\WINDOWS\system32\svchost.exe[916] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DA004E
.text C:\WINDOWS\system32\svchost.exe[916] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DA0FC3
.text C:\WINDOWS\system32\svchost.exe[916] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DA0FDE
.text C:\WINDOWS\system32\svchost.exe[916] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\svchost.exe[916] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DA0033
.text C:\WINDOWS\system32\svchost.exe[916] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\svchost.exe[916] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C9000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C90F86
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C90F97
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C90FA8
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C90FB9
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C90051
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C90F53
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C90F64
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C900D1
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C900B6
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C90F27
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C90FCA
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C90025
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C90F75
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C90036
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C90FE5
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C90F38
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C80047
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C80FA5
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C80036
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C80011
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C8006C
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C80000
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C80FCA
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes CALL C89FEDE5
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C80FE5
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C70036
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C7001B
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C70000
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C70FE3
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C70FAB
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C70FC6
.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C6000A
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02910000
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02910F6D
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02910F7E
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02910F8F
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02910FAC
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0291003D
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02910F41
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02910F52
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 029100B8
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02910F15
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02910F04
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02910058
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0291001B
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0291007D
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02910FDB
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0291002C
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02910F26
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02900036
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02900058
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02900025
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02900FE5
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02900F9B
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02900000
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02900047
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02900FCA
.text C:\WINDOWS\System32\svchost.exe[1056] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0180004E
.text C:\WINDOWS\System32\svchost.exe[1056] msvcrt.dll!system 77C293C7 5 Bytes JMP 01800FB9
.text C:\WINDOWS\System32\svchost.exe[1056] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01800029
.text C:\WINDOWS\System32\svchost.exe[1056] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01800FEF
.text C:\WINDOWS\System32\svchost.exe[1056] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01800FD4
.text C:\WINDOWS\System32\svchost.exe[1056] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0180000C
.text C:\WINDOWS\System32\svchost.exe[1056] WS2_32.dll!socket 71AB4211 5 Bytes JMP 017F0FEF
.text C:\WINDOWS\System32\svchost.exe[1056] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 017E0000
.text C:\WINDOWS\System32\svchost.exe[1056] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 017E001B
.text C:\WINDOWS\System32\svchost.exe[1056] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 017E002C
.text C:\WINDOWS\System32\svchost.exe[1056] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 017E0FDB
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00790FE5
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00790F30
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0079002F
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExW 7C801AF5 3 Bytes JMP 00790F57
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExW + 4 7C801AF9 1 Byte [83]
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00790014
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00790F8D
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00790040
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00790F04
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00790076
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0079005B
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00790EC2
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00790F72
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00790FD4
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00790F15
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00790F9E
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00790FAF
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00790EDD
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00780025
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00780FAF
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00780FD4
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0078000A
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0078006C
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00780FEF
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00780051
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00780036
.text C:\WINDOWS\system32\svchost.exe[1156] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00770069
.text C:\WINDOWS\system32\svchost.exe[1156] msvcrt.dll!system 77C293C7 5 Bytes JMP 00770058
.text C:\WINDOWS\system32\svchost.exe[1156] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0077002C
.text C:\WINDOWS\system32\svchost.exe[1156] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00770000
.text C:\WINDOWS\system32\svchost.exe[1156] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0077003D
.text C:\WINDOWS\system32\svchost.exe[1156] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00770011
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0076000A
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA00B8
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0FC3
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0091
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA005B
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA00F8
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0FB2
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA0124
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA0F8B
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA013F
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA006C
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0011
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA00D3
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0036
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0FE5
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA0109
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B90FC3
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B90F9E
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B9000A
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B90FD4
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B9005B
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B9004A
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B90025
.text C:\WINDOWS\system32\svchost.exe[1328] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B80027
.text C:\WINDOWS\system32\svchost.exe[1328] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B80F9C
.text C:\WINDOWS\system32\svchost.exe[1328] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B80FC8
.text C:\WINDOWS\system32\svchost.exe[1328] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\svchost.exe[1328] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B80FB7
.text C:\WINDOWS\system32\svchost.exe[1328] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B80FE3
.text C:\WINDOWS\system32\svchost.exe[1328] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FE0000
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FE0F86
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FE0F97
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FE0065
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FE0FA8
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FE0FB9
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FE00B3
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FE00A2
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FE0F2B
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FE0F46
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FE00DF
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FE004A
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FE001B
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FE0F75
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FE0FCA
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FE00C4
.text C:\WINDOWS\Explorer.EXE[1516] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FD0011
.text C:\WINDOWS\Explorer.EXE[1516] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FD0F8A
.text C:\WINDOWS\Explorer.EXE[1516] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FD0000
.text C:\WINDOWS\Explorer.EXE[1516] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FD0FCA
.text C:\WINDOWS\Explorer.EXE[1516] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FD0FA5
.text C:\WINDOWS\Explorer.EXE[1516] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FD0FE5
.text C:\WINDOWS\Explorer.EXE[1516] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FD0047
.text C:\WINDOWS\Explorer.EXE[1516] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FD0022
.text C:\WINDOWS\Explorer.EXE[1516] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FC0FC3
.text C:\WINDOWS\Explorer.EXE[1516] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FC0FD4
.text C:\WINDOWS\Explorer.EXE[1516] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FC0033
.text C:\WINDOWS\Explorer.EXE[1516] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FC0FEF
.text C:\WINDOWS\Explorer.EXE[1516] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FC0044
.text C:\WINDOWS\Explorer.EXE[1516] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FC000C
.text C:\WINDOWS\Explorer.EXE[1516] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00FB0000
.text C:\WINDOWS\Explorer.EXE[1516] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00FB0011
.text C:\WINDOWS\Explorer.EXE[1516] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00FB0FDB
.text C:\WINDOWS\Explorer.EXE[1516] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00FB0FCA
.text C:\WINDOWS\Explorer.EXE[1516] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01B40FEF
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90FE5
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B90F70
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B90F81
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B9005B
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B9004A
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B90FB9
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B90080
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B90F38
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B900B6
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B900A5
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B900C7
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B90FA8
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B9000A
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B90F5F
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B90FD4
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B90025
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B90F27
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B80FAF
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B80039
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B8000A
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B80FD4
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B80F72
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B80F83
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D8, 88]
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B80F94
.text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B70FAD
.text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B7002E
.text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B70FD9
.text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B70000
.text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B70FC8
.text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B7001D
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00250FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00250F7E
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00250073
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00250062
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00250051
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00250036
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00250F46
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00250F63
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00250F17
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002500B0
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00250F06
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00250FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00250FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0025008E
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00250025
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00250014
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0025009F
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00340025
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00340F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00340014
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00340FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00340FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00340FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00340040
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00340FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00350FBC
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] msvcrt.dll!system 77C293C7 5 Bytes JMP 0035003D
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00350FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00350000
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00350FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00350FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00CC000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00CC0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00CC0FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00CC001B
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01A70FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00250FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00250F6F
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0025006E
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00250F94
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00250051
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00250FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00250089
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00250F4D
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00250F26
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002500BF
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00250F0B
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00250040
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0025000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00250F5E
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00250FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00250025
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002500AE
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00340036
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00340FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00340FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0034001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00340FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0034000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0034006C
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00340051
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00350038
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] msvcrt.dll!system 77C293C7 5 Bytes JMP 00350FAD
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0035001D
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00350FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00350FBE
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0035000C
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 01C00FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 01C00FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 01C00FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 01C00FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] ws2_32.dll!socket 71AB4211 5 Bytes JMP 029B0FE5

---- User IAT/EAT - GMER 1.0.15 ----
VickieC
Regular Member
 
Posts: 52
Joined: July 11th, 2009, 11:39 am

Re: Computer dragging bad

Unread postby VickieC » August 28th, 2009, 12:08 am

gmerroot part 3

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[416] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe[3768] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1125257697\ee\aolsoftware.exe[3872] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4000] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
VickieC
Regular Member
 
Posts: 52
Joined: July 11th, 2009, 11:39 am

Re: Computer dragging bad

Unread postby VickieC » August 28th, 2009, 12:09 am

gmerauto

GMER 1.0.15.15077 - http://www.gmer.net
Autostart scan 2009-08-27 23:54:44
Windows 5.1.2600 Service Pack 3


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
igfxcui@DLLName = igfxsrvc.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AOL ACS@ = "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"
Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
JavaQuickStarterService@ = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Lavasoft Ad-Aware Service@ = "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe"
mcmscsvc@ = C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
McNASvc@ = "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe"
McProxy@ = c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
McShield@ = C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
MDM@ = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
MpfService@ = "C:\Program Files\McAfee\MPF\MPFSrv.exe"
PrismXL@ = C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Viewpoint Manager Service@ = "C:\Program Files\Viewpoint\Common\ViewpointService.exe"
WANMiniportService@ = "C:\WINDOWS\wanmpsvc.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Recguard%WINDIR%\SMINST\RECGUARD.EXE = %WINDIR%\SMINST\RECGUARD.EXE
@LXBXCATSrundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16 = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
@FaxCenterServer4_in_1"C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s = "C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s
@EzPrint"C:\Program Files\Lexmark 7100 Series\ezprint.exe" = "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
@iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
@HostManagerC:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe = C:\Program Files\Common Files\AOL\1125257697\ee\AOLSoftware.exe
@Ad-WatchC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe = C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime
@TkBellExe"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
@WinPatrolC:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot /*file not found*/ = C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot /*file not found*/
@SunJavaUpdateSched"C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe"
@mcagent_exe"C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@updateMgr"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 /*file not found*/ = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 /*file not found*/
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\Program Files\Windows Messaging\mlshext.dll = C:\Program Files\Windows Messaging\mlshext.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{7F67036B-66F1-411A-AD85-759FB9C5B0DB} /*SampleView*/(null) =
@{5E44E225-A408-11CF-B581-008029601108} /*Adaptec DirectCD Shell Extension*/C:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll = C:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{59850401-6664-101B-B21C-00AA004BA90B} /*Microsoft Office Binder Explode*/C:\Program Files\Microsoft Office\Office\UNBIND.DLL /*file not found*/ = C:\Program Files\Microsoft Office\Office\UNBIND.DLL /*file not found*/
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/(null) =
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/(null) =
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{11016101-E366-4D22-BC06-4ADA335C892B} /*IE History and Feeds Shell Data Source for Windows Search*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
LavasoftShellExt@{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} = C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
McCtxMenu@{01576F39-90DE-4D6E-A068-5B20C22BAAEE} = c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
LavasoftShellExt@{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} = C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
McCtxMenu@{01576F39-90DE-4D6E-A068-5B20C22BAAEE} = c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
@{3049C3E9-B461-4BC5-8870-4C09146192CA}C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll = C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
@{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}C:\Program Files\AVG\AVG8\avgssie.dll /*file not found*/ = C:\Program Files\AVG\AVG8\avgssie.dll /*file not found*/
@{7DB2D5A0-7241-4E79-B68D-6309F01C5231}C:\Program Files\McAfee\VirusScan\scriptsn.dll = C:\Program Files\McAfee\VirusScan\scriptsn.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.comcast.net/ = http://www.comcast.net/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll

C:\Documents and Settings\Owner\Start Menu\Programs\Startup = AccuWeather.lnk

---- EOF - GMER 1.0.15 ----
VickieC
Regular Member
 
Posts: 52
Joined: July 11th, 2009, 11:39 am

Re: Computer dragging bad

Unread postby VickieC » August 28th, 2009, 12:12 am

Thanks for the hellp wingman.

GMER made my computer reboot once but that was it. The scans stopped but I wasn't sure they completed. If you need anything else from them let me know.

Vickie
VickieC
Regular Member
 
Posts: 52
Joined: July 11th, 2009, 11:39 am

Re: Computer dragging bad

Unread postby Wingman » August 30th, 2009, 10:19 am

Hello Vickie,
I didn't see any signs of malware in the reports you posted, so that's good. :) I would like you to run a couple scans
to see if there is any present, that wasn't shown in the reports.

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
Malwarebytes' Anti-Malware
  1. Please start MBAM (Malwarebytes' Anti-Malware).
  2. Press the Update tab.. then press the Check for Updates...button.
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select FULL SCAN this time... then press the Scan...button. This scan will take a while, so please be patient.
    When the scan finishes...
  5. Check everything to be removed, except the System Volume entries (we'll take care of those entries later)...
  6. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  7. Press the LOG... tab. Locate the most current log file.
Please copy and paste the most recent log (from this new run) in your next reply.

Step 2.
Kaspersky Online Scanner.
Please go to Kaspersky Online Virus Scanner © Kaspersky Lab to perform an online antivirus scan.
  1. Click on the Image ...button.
  2. The program will launch and fill in the Information section ... on the left.
  3. Read the "Requirements and Limitations" then press... the Image ...button.
  4. The program will begin downloading the latest program and definition files.
    It takes a while... please be patient and let it finish.
  5. Once the files have been downloaded, click on the Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Image ...button, if you made any changes.
  6. Now under the Scan section on the left:
      Select My Computer
  7. The program will start and scan your system. This will run for a while, be patient... let it run.
    Once the scan is complete it will display if your system has been infected.
  8. Save the scan results as a Text file ... save it to your desktop.
  9. Copy and paste the saved scan results file in your next reply.

Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. MBAM log
  3. KAS scan results
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Computer dragging bad

Unread postby Wingman » September 2nd, 2009, 9:10 am

3 Day Response
Hello...
It has been 2 days since my last post to you.
  • Do you still need help with this problem?
  • Do you need more time?
  • Are you having problems understanding or following my instructions?
Just let me know what's going on otherwise...
After 24 hrs., if you have not replied to this thread... it will be closed!
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Computer dragging bad

Unread postby VickieC » September 2nd, 2009, 6:27 pm

Malwarebytes' Anti-Malware 1.39
Database version: 2658
Windows 5.1.2600 Service Pack 3

9/2/2009 6:25:57 PM
mbam-log-2009-09-02 (18-25-48).txt

Scan type: Full Scan (C:\|)
Objects scanned: 191981
Time elapsed: 1 hour(s), 55 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
VickieC
Regular Member
 
Posts: 52
Joined: July 11th, 2009, 11:39 am

Re: Computer dragging bad

Unread postby VickieC » September 2nd, 2009, 6:58 pm

The Kaspersky scan is running now. I will post the log when it is complete.

ETA: Kaspersky was taking forever to run then it locked up. I will leave it running over night and post the log for that in the morning.

My computer still seems to drag. It seems to take a while for the page open and it can freeze up on me where I have to do a control/Alt/Del and go the the task menu and close IE or Firefox to get unfroze.
VickieC
Regular Member
 
Posts: 52
Joined: July 11th, 2009, 11:39 am

Re: Computer dragging bad

Unread postby VickieC » September 3rd, 2009, 8:48 am

KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, September 3, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, September 03, 2009 06:54:09
Records in database: 2741508
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\
J:\
K:\

Scan statistics:
Objects scanned: 98526
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 04:06:01

No threats found. Scanned area is clean.

Selected area has been scanned.
VickieC
Regular Member
 
Posts: 52
Joined: July 11th, 2009, 11:39 am

Re: Computer dragging bad

Unread postby Wingman » September 3rd, 2009, 4:40 pm

Hi VickieC,
I see that you have Viewpoint Manager and Viewpoint Media Player installed. Are you actually using these?
I ask because these programs are installed along with AOL, sometimes without the persons knowledge and if not used, uninstalling them can free some system resources.

You should print out these instructions, as you may be asked to reboot your machine.

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
Malwarebytes' Anti-Malware
It looks like there were some entries not checked in the last MBAM run...
  1. Please start MBAM (Malwarebytes' Anti-Malware) again.
  2. Press the Update tab.. then press the Check for Updates...button.
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select FULL SCAN ... then press the Scan...button. This scan will take a while, so please be patient.
    When the scan finishes...
  5. Check everything to be removed, except the System Volume entries
  6. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
  7. Press the LOG... tab. Locate the most current log file.
Please copy and paste the most recent log (from this new run) in your next reply.

If you want to remove Viewpoint Manager and Viewpoint Media Player, continue with the next steps... otherwise, skip to Step 4.

Step 2.
End a Process using Task Manager
Open Task Manager by pressing and holding Crtl + Alt + Delete keys simultaneously
or right click your Taskbar... choosing Task Manager from the menu.

In the Task manager window
  1. Press the "Processes"...tab.
  2. Click Image Name column heading...to alphabetize the list.
  3. Find the following:
    ViewpointService.exe
    ViewMgr.exe
  4. Locate each process listed above.
  5. After clicking on the process...press the "End Process"...button.
  6. Repeat steps 4 & 5 for each process listed above.
  7. When finished, close Task Manager.

Step 3.
Add/Remove Programs
I need you to uninstall some programs from your computer.
  1. Click Start...then click Run.
  2. In the open text entry box...please copy/paste the following:
    appwiz.cpl
  3. Click the OK...button. It takes a few seconds for the program list to be "populated'.
  4. Locate the following program(s):
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
  5. Press the "Remove" or "Change/Remove"...button to uninstall the program.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
  6. Repeat steps 4 - 5 for each program in the list.
  7. When finished...close/exit Add/Remove Programs.

Step 4.
If you use IE8's Smart Filter process then having a lot of entries in your Restricted Zones, can cause slow downs or even crashes in IE8.
The Zone entries have to be read each time, you open a web page... IE8's Smart Filter checks the web page and prevents access if bad... so we can eliminate the SpwareBlaster entries.
DelDomains
Please download: DelDomains.inf...Created by: Mike Burgess Microsoft MVP.
Save it to your desktop.
  1. Locate DelDomains.inf
  2. Right-click and select Install...(no need to restart - there is no on-screen action)
    This removes all entries in the Trusted, Restricted,and Enhanced Security Configuration Zones.
    You can check the Restricted Zone entries by choosing:
    Tools in the Browser toolbar, then choose Internet Options, in the new option window select Security, then
    press the Restricted Zones icon... then press the Sites button... the Sites window should be empty.

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. New MBAM log
  3. ViewPoint programs uninstalled?
  4. DelDomains run sccessfully?
  5. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Computer dragging bad

Unread postby Wingman » September 5th, 2009, 7:09 pm

3 Day Response
Hello...
It has been 2 days since my last post to you.
  • Do you still need help with this problem?
  • Do you need more time?
  • Are you having problems understanding or following my instructions?
Just let me know what's going on...
If you know you are going to be longer than 2-3 days in responding, let me know... then I can keep this thread opened. otherwise...

After 24 hrs., if you have not replied to this thread... it will be closed!
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 333 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware