Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My internet is getting away from me!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: My internet is getting away from me!

Unread postby seattle » August 8th, 2010, 1:03 pm

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF081000 C:\WINDOWS\System32\ati3duag.dll 2158592 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF802D000 C:\WINDOWS\System32\DRIVERS\BCMSM.sys 1101824 bytes (Broadcom Corporation, Modem Device Driver)
0xF8172000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 856064 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xEFCD4000 C:\WINDOWS\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF86B4000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF290000 C:\WINDOWS\System32\ativvaxx.dll 520192 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xA2622000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xEFC2A000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEFD9A000 C:\WINDOWS\system32\DRIVERS\RT61.sys 364544 bytes (Ralink Technology Inc., Ralink 802.11 Wireless Adapter Driver)
0xA2754000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA2384000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xA1D2A000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF049000 C:\WINDOWS\System32\ati2cqag.dll 229376 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 225280 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xA25EF000 C:\WINDOWS\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0xF87E7000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA2453000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF8687000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA2692000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA26DF000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA272D000 C:\WINDOWS\System32\Drivers\Mpfp.sys 159744 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)
0xA2707000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xEFD76000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 147456 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
0xEFCB0000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF813A000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xEFC07000 C:\WINDOWS\system32\drivers\ATIRWVD.SYS 143360 bytes (Jungo, WinDriver Device Driver 6.03)
0xF800A000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA26BD000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF877F000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF87B7000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF866D000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xA2598000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xF879F000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA25B1000 C:\WINDOWS\system32\dla\tfsnudf.sys 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8741000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xEFC99000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF8758000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
0xA25C9000 C:\WINDOWS\system32\dla\tfsnifs.sys 86016 bytes (Sonic Solutions, Drive Letter Access Component)
0xA231F000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xEFD62000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF815E000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA27AD000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xA10D6000 C:\WINDOWS\system32\drivers\mfeavfk.sys 73728 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xF876D000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF87D6000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xEFC88000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA25DE000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xA20D9000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF0D23000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF0D33000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF0CF3000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8886000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xF0D13000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF89A6000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF0410000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8876000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF0D43000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF0CE3000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8856000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF04A0000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8896000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xEFE27000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF0D03000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8846000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF0CD3000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8A76000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF8836000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF0440000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF0460000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8866000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF8A26000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xEFE67000 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xA1718000 C:\WINDOWS\system32\drivers\mfesmfk.sys 36864 bytes (McAfee, Inc., System Monitor Filter Driver)
0xF0490000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xEFE57000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA1938000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF8293000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xEFE77000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8C1E000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF0244000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF8C16000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF0CA3000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF8B1E000 C:\WINDOWS\system32\drivers\mfebopk.sys 28672 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xF0C8B000 C:\WINDOWS\System32\Drivers\MxlW2k.SYS 28672 bytes (MusicMatch, Inc., MusicMatch Access Layer KMD)
0xF8AB6000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF3823000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF0C9B000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF0C93000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF025C000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF8C0E000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF0254000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF082E000 C:\WINDOWS\System32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW))
0xF8B36000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF026C000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF024C000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF0826000 C:\WINDOWS\System32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF8ABE000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF083E000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8AC6000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF0836000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF0C83000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF8AF6000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF17B7000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF1B5B000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF0589000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8C46000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF8D16000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF8CF6000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF17C7000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF8CFA000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8D86000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF08B4000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF08B6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8D36000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF08B2000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8D5A000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF08B0000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8D84000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF8D88000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8DF8000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8DC6000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8D38000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8EF6000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8F88000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8DFE000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF40B4000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF40B7000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
!!!!!!!!!!!Hidden driver: 0x832E0AEA ?_empty_? 1302 bytes
0x832E0EC5 unknown_irp_handler 315 bytes
!!!!!!!!!!!Hidden driver: 0x83393420 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF879F000 WARNING: suspicious driver modification [atapi.sys::0x832E0AEA]
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\JVVA6D2B\core.insightexpressai.com\adserver\invites\LSO.swf\flv_player_settings.sol
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.insightexpressai.com\settings.sol
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@adap[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@adnxs[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@adotube[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@ads.gossipcenter[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@adshuffle[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@afy11[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@burstnet[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@by.adshuffle[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@celebrity-gossip[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[3].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@contextweb[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@d.altitudedigitalpartners[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@delb.opt.fimserve[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@demr.opt.fimserve[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@desk.opt.fimserve[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@directorslive[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@dmtry[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@exelator[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@fastclick[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@g.adspeed[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@glam[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@im.afy11[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@liverail[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@mmismm[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@mx3.38787.blueseek[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@mygeek[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@rewardtv[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@scorecardresearch[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@www.celebrity-gossip[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@xgraph[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@yahoo[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@zedo[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\1pix[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\1pix[2].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\1pix[3].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\1x1JPG[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\3loan[1].xml
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\728x90_Sasquatch_Little_Different[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\807261[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\84c2f6bc-3f88-45dc-aba1-2b1620aae8aeCelebrity_300x250[1].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\AdaptvAdserverVastVideoPlugin[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\adsonar[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\ad[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\ai[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\ajsCA3CT93Y.php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\ajsCADQFOH6.php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\ajsCAM2M2GW.php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\ajsCAYKYZI6.php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\antenna2[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\beacon[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\beacon[2].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\bg-footer-search[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\block-editing[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\BrightcovePlayer[2].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\chartbeat[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\core-as3-v4.1.8[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\crossdomainCA67EO0T.xml
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\crossdomainCA96P1VM.xml
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\crossdomainCAUZEH3D.xml
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\crossdomain[11].xml
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\directorslive[2].json
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\dlivelogo[1].png
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\dnserrordiagoff_webOC[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\ErrorPageTemplate[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\ESPN_FFL_v8_AO_300x250_v2[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\ewtrack_9[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\EWTRACK_NEW_V[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\EWTRACK_TIME[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\EWTRACK_TIME[2]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\ewtrack_wesupport[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\EW_BANDWIDTH[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\filefield[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\fimbid[5].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\FP10StreamingMediaController[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\fpt[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\fp[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\gadgets.opt[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\getbid[2].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\getscript[1].jsp
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\get[1].media
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\gisele-bundchen-061310-2[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\gisele-bundchen-061310-8[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\glamadapt_jsrvCA8L3AN8.act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\glamadapt_jsrvCAD8ELYG.act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\glamadapt_jsrvCADWAEXT.act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\glam_comscore[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\i200615[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\igeo[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\jsadimp[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\json[4]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\json[5]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\JS[7].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\JS[8].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\lang[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\layout[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\lmb-15601-32802-42873[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\load[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\logCAYDZMBG
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\log[10]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\log[11]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\log[6]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\log[7]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\log[8]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\log[9]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\LSO[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\MCMarketplace300x250Polite_Shell_160x600[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\menu-bg[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\node[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\OverstreamPlatform[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\ping[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\ping[2].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\popup[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\PortalServe[1].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\site-navigation-update[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\spcjs[1].php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\spc[8].php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\srad[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\trans[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\two[1].php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\viewChannelModule[1].act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\wireframes[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ENZEI705\wrapper[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\10k[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\1125805590@x10[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\1738607207@x15[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\1pix[2].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\2312[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\2312[1].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\409[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\670252[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\72312243001_155383822001_ari-origin06-arc-184-1279489077345[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\742933[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\76dea3ab-1b09-42ee-9de5-efaf7c03e5a3Celebrity_160x600[1].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\7d6c79240672493aa8b00f25dad9af6c[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\AdaptvBrightcoveAdTranslator[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\AdPlayer8-32.6_040638[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\adServerESI[1].aspx
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\AdvertisingAPIModule[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\ad[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\ad[2]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\ad[2].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\ai[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\ajsCA2LQIOX.php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\ajsCAE5QVPO.php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\ajsCAL519TO.php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\ajsCAQI3NQO.php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\background_gradient[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\bg-gradient[1].png
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\bg-mainnav[1].png
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\BrightcoveExperiences[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\comment[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\companions[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\crossdomain[6].xml
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\crossdomain[7].xml
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\crossdomain[8].xml
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\cs[1].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\DocumentDotWrite[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\dot[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\dot[2].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\effects[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\eli[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\ewtrack_9_0_28_0[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\EWTRACK_NEW_V[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\EWTRACK_NEW_V[2]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\exp_Proxy[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\general[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\GEnter_160x24_blk[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\getjs[1].aspx
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\gisele-bundchen-061310-11[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\gisele-bundchen-061310-12[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\gisele-bundchen-061310-3[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\gisele-bundchen-061310-4[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\glamadapt_jsrvCA1I9TSU.act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\glamadapt_jsrvCA4JN81E.act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\glamadapt_jsrvCAALP8M1.act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\glamadapt_jsrvCADVVCTV.act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\glamadapt_jsrvCAH1C27I.act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\glamadapt_jsrvCAJNAAN6.act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\glamadapt_jsrvCASWK7VL.act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\glamadapt_jsrvCAWKNG5L.act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\hottest-stories[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\html-elements[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\ico-tag[1].png
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\ie8[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\ie[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\imp[11]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\info_48[2]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\i[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\jsonpoll[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\json[6]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\JS[5].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\jump2[4].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\logCAGOE0BK
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\logCAXMJYP5
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\log[10]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\log[11]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\log[8]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\log[9]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\MCMarketplace_Shoes_160x600_AutoPnl_052110_Pr02_FH[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\n-hot-categories-2[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\otif[1].do
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\ping[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\ping[2].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\ping[3].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\ping[4].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\poll[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\popup[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\pubsub_glam.ads_glam[1].metrics
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\p[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\rendergadget[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\services[1].xml
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\services[2].xml
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\spc[8].php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\ssInPageAds[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\style[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\superfish[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\swfobject[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\swfobject[2].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\system-menus[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\track[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\Track[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\user[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\Where_You_Need_It_Banner_Revisions_F0___160x600[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\wp-postviews[1].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FBS339JF\yume[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\1713732151@Top1[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\1pix[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\1pix[2].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\1pix[3].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\59766448335578653034774143315043[1].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\5[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\adopt[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\ad[2].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\ai[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\ajsCACGKD6L.php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\ajsCADEL82V.php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\ajsCAQ1PQDQ.php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\ajsCAVZ21VZ.php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\arrow-superfish-right[1].png
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\arrow-superfish[1].png
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\asrefinc11[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\backcookie[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\banners[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\beacon.js[1].jsp
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\beacon[2].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\beacon[3].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\bg-widget-h3[1].png
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\ccl_incl_acc_exp_300x250[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\content-module[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\control[1].xml
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\convpixel[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\cookies.util.opt[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\csjs[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\custom[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\defaults[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\detect[1].act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\dlivelogofooter[1].png
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\dot[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\entertainment-news[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\errorPageStrings[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\ewtrack_8[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\EWTRACK_NEW_V[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\EWTRACK_NEW_V[2]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\EWTRACK_TIME[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\EWTRACK_TIME[2]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\fieldgroup[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\flash3[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\flashswf-89374145[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\getjs[1].aspx
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\gisele-bundchen-061310-1[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\gisele-bundchen-061310-5[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\gisele-bundchen-061310-6[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\gisele-bundchen-061310-7[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\gisele-bundchen-sp-runway[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\glamadapt_jsrvCA9W3FQQ.act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\glamadapt_jsrvCAKV2617.act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\glamadapt_jsrvCAMFRV02.act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\glamadapt_jsrvCAOU2DCI.act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\glamadapt_jsrvCAQ63YDQ.act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\glamadapt_jsrvCAYOI3HW.act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\glam_logo[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\gossip_logo[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\HJQa3YOUngL9RX6dIaLdifa_LWbJeZmvbCl_e3TxvDl6UsrI2STnww==[1].xml
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\iframe2[2].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\if[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\i[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\json[8]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\jstag[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\logCA2RMWUG
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\logCAUIB42J
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\log[10]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\log[11]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\log[8]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\log[9]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\messages[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\me[1].flv
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\middlemen_preroll[1].flv
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\ping[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\ping[2].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\ping[3].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\ping[4].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\PortalServe[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\PRScript[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\qw12451_RatingsandReviews_Reviews_300x250_40k[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\q[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\redirection[2].xml
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\spc[2].php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\spc[3].php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\spc[4].php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\srad[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\tabs[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\thumb[2].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\TidyCats_Profile_300x250_banner[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\top-searches[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\viewChannelModule[2].act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LXFIQYMN\views[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\300x250-advertisement2a_0[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\44-seamless728x90[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\4[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\72312243001_129022879001_ari-origin06-arc-185-1279263606164[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\742821[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\893493[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\895872[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\adifyExelatePixelFreqIFv2[1].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\ad[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\ad[2].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\ad[3].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\ajsCA26CU54.php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\ajsCA68GMPZ.php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\ajsCAD0O4VA.php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\alert-overlay[1].png
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\amf[2]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\AS2BootStrapper[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\b2747317f64cfa1833e9ba97a0435c5f[1].png
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\background4[2].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\blank[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\bootstrap[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\BrightcoveBootloader[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\BrightcoveBootloader[2].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\celebrity-gossip.net.i1[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\click[1].here
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\clk[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\crossdomain[5].xml
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\crossdomain[6].xml
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\crossdomain[7].xml
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\date[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\default[2].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\Deluxe[2].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\dot[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\dot[2].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\ewtrack[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\EWTRACK_NEW_V[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\ewtrack_onload[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\EWTRACK_TIME[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\ewtrack_v[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\EW_BANDWIDTH[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\feed[1].ashx
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\ff2[1].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\fimbid[3].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\fl[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\getad[1].aspx
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\getad[2].aspx
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\getad[3].aspx
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\gisele-bundchen-061310-10[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\gisele-bundchen-061310-9[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\glamadapt_jsrvCAJZGKA2.act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\glamadapt_jsrvCAQPEK8O.act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\glamadapt_jsrvCAR2M114.act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\glamadapt_jsrvCAT9AZOP.act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\glam_reskin[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\glam_widget[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\gossip[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\IM_RM_728x90[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\JS[8].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\JS[9].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\jump1[1].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\latest-headlines-2[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\logCA4YBEC9
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\log[10]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\log[11]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\log[5]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\log[6]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\log[7]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\log[8]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\log[9]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\lr[2].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\mmmss[2].php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\mmtnt[1].php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\partner[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\ping[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\ping[2].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\ping[3].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\ping[4].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\pixel[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\pixel[2].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\PLDR_BlackRed_Button_728x90_F8_Tag_2-3[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\print[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\prWriteCode[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\redirect[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\reset[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\spc[8].php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\srad[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\system[1].css
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\track.buffered[1].php
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\Track[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\viewChannelModule[1].act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\viewChannelModule[2].act
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\Y7eteJs2U7RItueys5Bja7pWg6eqW2KUUme4eusH_ro=[1].xml
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VSVIRUSJ\zmpfc[1].js
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Cookies\sarah_lamont@facebook[5].txt
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{74DC9674-A301-11DF-B678-00038A000015}.dat::$DATA
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\50H0RA36\23246_1638787234_9989_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\50H0RA36\27406_1125256486_3321_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\50H0RA36\27470_1141654653_5477_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\50H0RA36\39087_1353820447207_1282304601_30808661_1273769_s[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\50H0RA36\40432_417851416858_538791858_4691451_3938089_s[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\50H0RA36\40664_417668423939_690988939_4855593_3975268_s[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\50H0RA36\41424_586556061_2565_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\50H0RA36\41429_1042684559_9604_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\50H0RA36\41558_1313596979_7741_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\50H0RA36\41639_842113760_9658_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\50H0RA36\41706_1358649836_691_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\50H0RA36\41777_1467765345_1915_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\50H0RA36\app_2_10471770557_8364[1].gif
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\50H0RA36\app_2_45706744835_5418[1].gif
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\50H0RA36\app_full_proxy[3].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\50H0RA36\app_full_proxy[4].png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\50H0RA36\app_full_proxy[5].png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\50H0RA36\p_1337200413=0[2].txt
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\50H0RA36\q100000139733808_8296[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\50H0RA36\q540328162_1783[1].jpg
seattle
Regular Member
 
Posts: 19
Joined: August 3rd, 2010, 11:37 pm
Advertisement
Register to Remove

Re: My internet is getting away from me!

Unread postby seattle » August 8th, 2010, 1:04 pm

!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\BQQJDBLD\23139_1684664554_8700_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\BQQJDBLD\23201_882475316_566_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\BQQJDBLD\27361_680324064_3247_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\BQQJDBLD\27374_611687398_1180_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\BQQJDBLD\38894_417851431858_538791858_4691452_5930569_s[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\BQQJDBLD\39488_1353664243302_1282304601_30808033_4301427_s[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\BQQJDBLD\39826_560540784725_11401008_32634156_2375318_s[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\BQQJDBLD\41368_100000501063829_9733_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\BQQJDBLD\41418_1089519479_2028_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\BQQJDBLD\41439_586777493_2139_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\BQQJDBLD\41471_574574751_8875_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\BQQJDBLD\41559_100000248247563_8211_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\BQQJDBLD\41618_658422816_5180_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\BQQJDBLD\41715_100000457727183_3878_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\BQQJDBLD\app_2_2318966938_7677[1].gif
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\BQQJDBLD\app_full_proxy[2].png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\BQQJDBLD\p_1337200413=0[2].txt
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\BQQJDBLD\q100000186955149_5801[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\BQQJDBLD\q10643211755_6462[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\BQQJDBLD\safe_image[3].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\D987LLVF\23144_699277839_4675_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\D987LLVF\23157_1513030692_7801_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\D987LLVF\23251_100000097249408_683_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\D987LLVF\27440_1406005272_5160_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\D987LLVF\27461_40104412_3975_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\D987LLVF\38655_417668138939_690988939_4855583_1533634_s[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\D987LLVF\38719_560540754785_11401008_32634152_931487_s[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\D987LLVF\38885_417668478939_690988939_4855594_2390654_s[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\D987LLVF\38941_1450483116499_1665879335_1065085_1662842_s[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\D987LLVF\3nblnwz6[1].png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\D987LLVF\41372_1328975843_793_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\D987LLVF\41409_100000141653216_7266_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\D987LLVF\41426_821810617_9058_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\D987LLVF\41429_525371268_2942_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\D987LLVF\41627_100001441363979_5739_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\D987LLVF\41761_674970387_1896_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\D987LLVF\41772_11401008_2621_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\D987LLVF\q1316028014_4424[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\D987LLVF\safe_image[4].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\th_128745583250890645[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\th_128755481221683325[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\th_128755542780752521[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\th_128761953671934905[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\th_128765473992919672[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\th_128777382458533391[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\th_128781743657106428[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\th_128787493479429355[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\th_128790114170770711[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\th_128797832919518126[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\th_128822509342627566[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\th_128831761654644002[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\th_128838876944037250[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\th_128850584252798798[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\th_128877827008762823[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\th_128896015616287463[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\th_cdadda87-1f5e-43bc-a062-823941a11435[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\th_e61b1b58-14e2-47f8-b99d-b3551207bb93[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\TimeLapse_728x90_Pnl_050409_r02-FH[1].swf
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\TopEmailButton[1].gif
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\topnav_w_04[1].gif
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\tp[1].gif
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\tracking[1].js
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\traffic[1].htm
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\TRD[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\tripAdvisorLogo-11418-0[1].gif
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\twister_promo_sticker._V266267028_[1].gif
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\txt_promotion[1].gif
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\t_hireground_sm[1].gif
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\U71_CEIL[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\ui.core[1].js
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\UIObject_sprites_v3_ltr[1].gif
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\upcoming[2].htm
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\userstatus_2[2].swf
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\utilities[1].js
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\UXI5Z7CAEPF58YCA8G157FCAFRSH04CAVNYZEHCAO5RMK2CA6ZJOMBCAXPYK37CAPVGLBMCAKLHY9NCAFSD8Y3CAXUC9HPCA12N5CICA9UVS7FCA8ZM5MECAAFX2BDCA5Q512MCAWSOG18CARQIJI4.txt
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\V8IEVTCA93Q14ACAMUMHAYCA6GZIUWCAJXB2KOCALJJKI0CAEIC3OYCA4ZZNPKCA0CYONHCA3PWR31CA2V5YJ1CA0541PACAOL92NGCAUASXRICAAEYVX4CAKUDSBCCAN0BOBDCAU38MRRCARBWB9N.txt
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\v=ap[1].png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\v=ap[2].png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\v=ap[3].png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\v=ap[4].png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\v=ap[5].png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\v=ap[6].png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\v=ap[7].png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\v=w2CA79WWKL.png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\v=w2CAD6VDJN.png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\v=w2CAFX4HFW.png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\v=w2CAM6GZFN.png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\v=w2CAMYH2V2.png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\v=w2CAT8945E.png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\v=w2CAUC6CTA.png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\v=w2CAUHSY2V.png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\v=w2CAZS1X12.png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\v=w2[11].png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\v=w2[1].png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\v=w2[2].png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\v=w2[3].png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\v=w2[7].png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\valid-css[1].gif
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\vbulletin_global[1].js
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\vbulletin_post_loader[1].js
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\vbulletin_quick_edit[1].js
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\vbulletin_read_marker[1].js
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\vcn[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\videopostings[1].gif
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\videoreview._V26444116_[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\vp[1]
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\vp[2]
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\vp[3]
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\vp[5]
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\VUB578CAPJ02EGCACV234ZCAH0MDR9CA83EO4GCANFK5EECAK4QCX9CAC7HBSICAEKQSW2CAR28VOYCAAYTYCRCATKHN8ACAK7779FCABC3UTCCA1VSZBDCAV7ZICXCAH9GXN7CAGBOO3PCA7OH3WX.txt
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\VVN101CAKC66TZCA7JMQCNCAZ2B6AYCA5C3W7HCAFMUS5VCA971OQZCAWIXPW2CAGYG3H6CAE6FFSPCA56YLTGCA35VSVWCA1XZ5FZCAO5QZ27CA976ALNCAD5FOOICAO8C8E3CAC58NEVCAOE22QU.txt
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\VZZ72ACAAL26HACAK8XL2NCAIN8YLJCAU3BB8SCAN4BG7ACA6JM2TDCA6B1RFDCAQTV2YLCAQYJ7E3CAFBGS07CAFO879CCA9DBZ0CCAYEEE8FCAI84MU9CAKGZT2DCAXHD5MUCA07NQPQCALVRH3H.txt
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\WC39_small_bw[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\WD3H2GCALDQQW4CAZ40IW9CAMZDY56CAX620Y9CAI7M4WCCAXUG8E9CA3MHWEHCA3064B1CA1BUJ0ZCAL4QSK0CAOSIFRMCA2JAEZCCA22WQQXCA8F8YC5CAKY7SQDCAQLND9MCAQ9RNYBCAUQITV6.txt
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\welcome[1].htm
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\welcome[4].htm
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\wildlife[1].gif
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\WL7QS8CAIKYHHNCAGEITH8CADU8XQNCAXWBV0YCANDP9HCCA25D6LUCAFT6MK1CAYXTR88CAONQB4MCAXC58CKCAUVY9B4CAEGI19OCAUKAY23CA2MW55ECAPF4KBKCAUE1DHPCACAJP7CCA9D7964.txt
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\WWNXC7CAB449V0CAW002ZUCAX1STTVCAE843JFCABN0A0ZCAQY3D9BCANQDPZ2CAKG24IPCAV6IF1PCA5J2FQCCAUIXZR0CAIT9S2CCA99RK0RCAAG28ZWCA1N8M1HCAMMRX1TCA5NHTLHCA6AMDYG.htm
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\yahoo-banner[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\yahoo-dom-event[1].js
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\yhst-70976115414583_2048_1330977[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\YUNHFDCANFI1UACAKI3TNOCA9LXV3FCAKBVXN4CA2PI6CFCA0D7LZRCAI15QAICAAPQTAWCA134MGDCAS16W90CALYLTC3CAU1AZLACAJZXF24CADPZB0ZCATRK3BVCATCYU7LCAK37ZRQCAWOXFI8.txt
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\Z8NM4WCABK112BCAMLTYX2CARX50A6CAAVAS5TCAKSRA7QCA7G041WCAIY98WGCAFTCLFQCAVFCCU3CA017RUFCAWBZZB3CALX4F0XCA4TYUGTCA1ZQ221CALODRCPCA4MZWC9CA43M8AGCASJW421.txt
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\EES236GL\ZNSQCQCAP3LYGKCAII8RFWCAKZ1IWYCADIPSQ2CA8RDE49CA0SD1DQCAG0MJH0CA1MKQ2WCAPJZCEPCAV8MUIDCASXH49HCALGORMECA60BFRFCAU1I23SCAQS0D43CACSWELNCA962FO1CABY2EVG.txt
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\TLYGC0TP\23009_1077176706_6224_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\TLYGC0TP\23209_1402118344_4601_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\TLYGC0TP\23245_588338370_814_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\TLYGC0TP\27364_1282304601_8080_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\TLYGC0TP\39761_417851436858_538791858_4691453_817219_s[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\TLYGC0TP\39826_560540779735_11401008_32634155_162362_s[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\TLYGC0TP\40378_1353664163300_1282304601_30808032_1640062_s[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\TLYGC0TP\41384_1193025531_1187_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\TLYGC0TP\41430_100000280937168_5346_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\TLYGC0TP\41441_1577266201_7448_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\TLYGC0TP\41467_556253681_3420_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\TLYGC0TP\41770_1220312040_5471_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\TLYGC0TP\app_full_proxy[3].png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\TLYGC0TP\app_full_proxy[4].png
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\TLYGC0TP\eu00g0eh[1].gif
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\TLYGC0TP\p_1337200413=0[3].txt
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\TLYGC0TP\q1000837466_4115[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\TLYGC0TP\q1496431775_4279[1].jpg
!-->[Hidden] C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\TLYGC0TP\q1665879335_8042[1].jpg
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_button_lft.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_button_mid.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_button_rt.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_button_sync.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_cancel_lft.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_cancel_mid.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_cancel_rt.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_close.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_defaultimage_closed.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_defaultimage_open.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_deleteimage.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_deviceimage_closed.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_deviceimage_open.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_devicespace.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_fileimage_closed.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_fileimage_open.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_folderimage_closed.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_folderimage_open.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_formatimage.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_help.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_min.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_mmjb.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_mmtheme.ini
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_operation.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_operation_add.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_operation_format.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_operation_remove.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_operation_sync.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_syncimage.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\port_transparentbg.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\PPSOrder.xml
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\preferences.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\PrefPluginSvr.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\PrimoSDK.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\progress_base_center_tile.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\progress_base_dim_center.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\progress_base_dim_left.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\progress_base_dim_right.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\progress_base_left.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\progress_base_right.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\progress_fill_center_tile.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\progress_fill_left.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\progress_fill_right.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\properties.txt
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\ProvisionalCert.mmc
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\pslauncher.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\pxsetup.exe
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rca_image.gif
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rcpbtns2.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rcrbtns2.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\record.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rec_btn_cancel.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rec_btn_lft.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rec_btn_mid.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rec_btn_rt.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rec_btn_start.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rec_btn_tools.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rec_help.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rec_no_over_lft.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rec_no_over_mid.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rec_no_over_rt.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rec_options.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rec_sel_lft.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rec_sel_mid.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rec_sel_rt.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rec_stat_lft.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rec_stat_mid.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rec_stat_rt.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rec_upgrd_lft.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rec_upgrd_mid.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rec_upgrd_rt.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\RefreshIcon.exe
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\ReSample.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\ResourceObject.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\rip.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\Roboex32.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\Services.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\setup.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\setup.exe
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\setup.ibt
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\setup.ini
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\setup.inx
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\setup.iss
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\setup.skin
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\SkinMgr.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\SkinnedCtrls.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\smlminmx.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\smlpknb.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\smlpsld.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\smlvknb.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\smlvsld.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\sonic\pconfig.dcf
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\sonic\Px.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\sonic\pxcpya64.exe
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\sonic\pxcpyi64.exe
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\sonic\PxDrv.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\sonic\PxHelp20.inf
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\sonic\PxHelp20.sys
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\sonic\PxHelp64.sys
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\sonic\PxHelper.inf
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\sonic\PxHelper.sys
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\sonic\PxHelper.vxd
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\sonic\pxhlpa64.sys
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\sonic\Pxhpinst.exe
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\sonic\pxInsa64.exe
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\sonic\pxInsi64.exe
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\sonic\PxMas.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\sonic\PxSetup.exe
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\sonic\Pxsfs.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\sonic\PxWave.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\sonic\VxBlock.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\spkr.out
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\SrcMP3.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\SrcWAV.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\Starburst.mvs
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\Stargazer.mvs
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\Starshot.mvs
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\StatusBar_lft.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\StatusBar_mid.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\StatusBar_rt.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\StopPhilipsRemote.exe
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\stprinter.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\Swflash.ocx
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\SyncManager.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\tbpbtns1.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\tbrbtns1.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TDM\mmgit.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TDM\mmlicmgr.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TDM\mm_TDMEngine.exe
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TDM\properties.txt
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TDM\SrcWMA.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TDM\TDMInstall.exe
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TDM\TDMInstall.W02
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TDM\TDMInstall.W03
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TDM\TDMUI.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TDM\VersionInfo.xml
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TDM\wma.inp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TDM\wma.out
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TDM\WMDMDist.exe
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TDM\WMFDist.exe
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TDM\wmobjmgr.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\template.html
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\ThreadUtils.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\Thumbs.db
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TI.exe
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\tinybtns.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\tinyplbk.bmp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\tips.txt
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TODEngine.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TrackListConfig.ini
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TrackListPrinter.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TrackUtils.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\Transport.xml
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\Trgtdir\Printing\Frames\Aluminum\Front.jpg
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\Trgtdir\Printing\Frames\Amethyst\Front.jpg
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\Trgtdir\Printing\Frames\Ruby\Front.jpg
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\Trgtdir\Printing\Frames\Water\Front.jpg
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\tutorial.chm
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\unicows.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\unzip32.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\Upgrade.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\upper_nav_background.gif
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\UPSELL\properties.txt
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\UPSELL\upsell.mmz
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\UPSELL\VersionInfo.xml
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\vis_slideshow.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\vis_slideshow.int
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\Waiting.html
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\wav.inp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\wav.out
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\Whirly.mvs
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\WMFDist9_5\WMFDist.exe
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\wmv.inp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\xanalyze.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\xaudio.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\xaudio.inp
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\xconn.html
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\xconn1.html
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\xtr.dll
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\zip32.dll
!-->[Hidden] C:\Program Files\Windows Media Components
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00005B22, Type: Inline - RelativeJump 0x804DCB22-->804DCB29 [ntoskrnl.exe]
ntoskrnl.exe+0x0000D974, Type: Inline - RelativeJump 0x804E4974-->804E49E2 [ntoskrnl.exe]
ntoskrnl.exe-->KeFindConfigurationEntry, Type: Inline - DirectJump 0x806B4DE0-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe-->NtCreateFile, Type: Inline - RelativeJump 0x80573DFB-->A260878E [mfehidk.sys]
ntoskrnl.exe-->NtCreateProcess, Type: Inline - RelativeJump 0x805B62C0-->A260873C [mfehidk.sys]
ntoskrnl.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x8059056D-->A2608750 [mfehidk.sys]
ntoskrnl.exe-->NtDeleteKey, Type: Inline - RelativeJump 0x80599783-->A260883B [mfehidk.sys]
ntoskrnl.exe-->NtDeleteValueKey, Type: Inline - RelativeJump 0x805983A2-->A2608867 [mfehidk.sys]
ntoskrnl.exe-->NtEnumerateKey, Type: Inline - RelativeJump 0x8057EC5A-->A26088D5 [mfehidk.sys]
ntoskrnl.exe-->NtEnumerateValueKey, Type: Inline - RelativeJump 0x80594DB6-->A26088BF [mfehidk.sys]
ntoskrnl.exe-->NtMapViewOfSection, Type: Inline - RelativeJump 0x8057A879-->A26087CE [mfehidk.sys]
ntoskrnl.exe-->NtNotifyChangeKey, Type: Inline - RelativeJump 0x805E2166-->A2608901 [mfehidk.sys]
ntoskrnl.exe-->NtOpenKey, Type: Inline - RelativeJump 0x80572BDF-->A2608811 [mfehidk.sys]
ntoskrnl.exe-->NtOpenProcess, Type: Inline - RelativeJump 0x8057F592-->A2608714 [mfehidk.sys]
ntoskrnl.exe-->NtOpenThread, Type: Inline - RelativeJump 0x80584849-->A2608728 [mfehidk.sys]
ntoskrnl.exe-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x8057F1C3-->A26087A2 [mfehidk.sys]
ntoskrnl.exe-->NtQueryKey, Type: Inline - RelativeJump 0x8057E85A-->A260893D [mfehidk.sys]
ntoskrnl.exe-->NtQueryMultipleValueKey, Type: Inline - RelativeJump 0x80655A23-->A26088A9 [mfehidk.sys]
ntoskrnl.exe-->NtQueryValueKey, Type: Inline - RelativeJump 0x80572F19-->A2608893 [mfehidk.sys]
ntoskrnl.exe-->NtRenameKey, Type: Inline - RelativeJump 0x80655EA2-->A2608851 [mfehidk.sys]
ntoskrnl.exe-->NtReplaceKey, Type: Inline - RelativeJump 0x806567FE-->A2608929 [mfehidk.sys]
ntoskrnl.exe-->NtRestoreKey, Type: Inline - RelativeJump 0x80656395-->A2608915 [mfehidk.sys]
ntoskrnl.exe-->NtSetContextThread, Type: Inline - RelativeJump 0x80635C83-->A260877A [mfehidk.sys]
ntoskrnl.exe-->NtSetInformationProcess, Type: Inline - RelativeJump 0x80574B1F-->A2608766 [mfehidk.sys]
ntoskrnl.exe-->NtTerminateProcess, Type: Inline - RelativeJump 0x80593435-->A26087FD [mfehidk.sys]
ntoskrnl.exe-->NtUnloadKey, Type: Inline - RelativeJump 0x806550EA-->A26088EB [mfehidk.sys]
ntoskrnl.exe-->NtUnmapViewOfSection, Type: Inline - RelativeJump 0x8057A401-->A26087E4 [mfehidk.sys]
ntoskrnl.exe-->NtYieldExecution, Type: Inline - RelativeJump 0x80515A92-->A26087B8 [mfehidk.sys]
[1004]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1004]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1004]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1004]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1004]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1004]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1004]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1004]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1004]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1004]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1004]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1004]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1004]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1004]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1004]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1004]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1004]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1004]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1004]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1004]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1004]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1004]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1004]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1004]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1004]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1004]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[1004]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[1004]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[1004]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[1048]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1048]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1048]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1048]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1048]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1048]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1048]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1048]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1048]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1048]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1048]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1048]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1048]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1048]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1048]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1048]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1048]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1048]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1048]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1048]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1048]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1048]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1048]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1048]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1048]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1048]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[1048]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[1048]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[1048]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[1048]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1152]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1152]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1152]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1152]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1152]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1152]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1152]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[1152]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[1152]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[1152]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[1152]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[1152]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1292]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1292]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1292]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1292]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1292]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1292]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1292]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1292]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1292]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[1292]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[1292]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[1292]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[1292]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1396]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1396]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1396]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1396]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1396]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1396]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1396]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1396]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1396]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1396]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1396]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1396]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1396]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1396]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1396]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1396]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1396]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1396]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1396]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1396]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1396]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1396]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1396]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1396]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1396]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1396]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[1396]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[1396]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[1396]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[1396]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1568]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1568]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1568]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1568]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1568]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1568]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1568]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1568]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1568]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[1568]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[1568]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[1568]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[1568]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1676]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [YbSkin2.dll]
[1676]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [YbSkin2.dll]
[1676]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [YbSkin2.dll]
[1676]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [YbSkin2.dll]
[1676]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x004110C4-->00000000 [YbSkin2.dll]
[1676]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x004110BC-->00000000 [YbSkin2.dll]
[1676]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [YbSkin2.dll]
[1676]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [YbSkin2.dll]
[1676]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [YbSkin2.dll]
[1676]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [YbSkin2.dll]
[1676]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [YbSkin2.dll]
[1676]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->AnimateWindow, Type: IAT modification 0x7C9C1D18-->00000000 [YbSkin2.dll]
[1676]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->DefWindowProcA, Type: IAT modification 0x7C9C1D48-->00000000 [YbSkin2.dll]
[1676]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->DefWindowProcW, Type: IAT modification 0x7C9C1EA4-->00000000 [YbSkin2.dll]
[1676]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->GetSysColor, Type: IAT modification 0x7C9C1E3C-->00000000 [YbSkin2.dll]
[1676]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->TrackPopupMenu, Type: IAT modification 0x7C9C1F90-->00000000 [YbSkin2.dll]
[1676]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->TrackPopupMenuEx, Type: IAT modification 0x7C9C1D34-->00000000 [YbSkin2.dll]
[1676]Ymsgr_tray.exe-->user32.dll-->DefWindowProcA, Type: IAT modification 0x00411488-->00000000 [YbSkin2.dll]
[1676]Ymsgr_tray.exe-->user32.dll-->GetSysColor, Type: IAT modification 0x00411454-->00000000 [YbSkin2.dll]
[1676]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [YbSkin2.dll]
[1676]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [YbSkin2.dll]
[1676]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [YbSkin2.dll]
[1676]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [YbSkin2.dll]
[1676]Ymsgr_tray.exe-->user32.dll-->TrackPopupMenu, Type: IAT modification 0x004113D8-->00000000 [YbSkin2.dll]
[2012]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[2012]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[2012]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[2012]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[2012]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[2012]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[2012]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[2012]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[2012]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[2012]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[2012]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[2012]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[2012]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[2052]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[2052]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[2052]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[2052]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[2052]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[2052]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[2052]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[2052]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[2052]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[2052]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[2052]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[2052]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[2052]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[2052]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[2052]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[2052]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[2052]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[2052]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[2052]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[2052]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[2052]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[2052]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[2052]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[2052]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[2052]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[2052]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[2052]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[2052]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[2052]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[2052]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[228]McProxy.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [McProxy.exe]
[228]McProxy.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [McProxy.exe]
[2648]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2648]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[2648]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[2648]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[2648]iexplore.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[2648]iexplore.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[2648]iexplore.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[2648]iexplore.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[2648]iexplore.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[2648]iexplore.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[2648]iexplore.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[2648]iexplore.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[2648]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2648]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[2648]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[2648]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[2648]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[2648]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[2648]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[2648]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[2648]iexplore.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[2648]iexplore.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[2648]iexplore.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[2648]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[2648]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2648]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2648]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2648]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[2648]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[2648]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[2648]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[2648]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E42B3C6-->00000000 [ieframe.dll]
[2648]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[2648]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[2648]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[2648]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[2648]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[2648]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2648]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[2648]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[2648]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[2648]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[2648]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[2648]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[2648]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[2648]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [ieframe.dll]
[2648]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [ieframe.dll]
seattle
Regular Member
 
Posts: 19
Joined: August 3rd, 2010, 11:37 pm

Re: My internet is getting away from me!

Unread postby seattle » August 8th, 2010, 1:04 pm

[3276]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3276]explorer.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[3276]explorer.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[3276]explorer.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[3276]explorer.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[3276]explorer.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[3276]explorer.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[3276]explorer.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[3276]explorer.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[3276]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3276]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[3276]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[3276]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[3276]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[3276]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[3276]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[3276]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3276]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3276]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3624]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3624]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[3624]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[3624]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[3624]iexplore.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[3624]iexplore.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[3624]iexplore.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[3624]iexplore.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[3624]iexplore.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[3624]iexplore.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[3624]iexplore.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[3624]iexplore.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[3624]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3624]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[3624]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[3624]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[3624]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[3624]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[3624]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[3624]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[3624]iexplore.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[3624]iexplore.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[3624]iexplore.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[3624]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[3624]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[3624]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3624]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3624]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[3624]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[3624]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[3624]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[3624]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[3624]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[3624]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[3624]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[3624]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[3624]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3624]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[3624]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[3624]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[3624]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[3624]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[3624]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[3624]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[780]services.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[780]services.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[780]services.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[780]services.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[780]services.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[780]services.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[780]services.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[780]services.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[780]services.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[780]services.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[780]services.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[780]services.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[780]services.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[792]lsass.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[792]lsass.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[792]lsass.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[792]lsass.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[792]lsass.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[792]lsass.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[792]lsass.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[792]lsass.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[792]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[792]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[792]lsass.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[792]lsass.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[792]lsass.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[792]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[792]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[792]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[792]lsass.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[792]lsass.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[792]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[792]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[792]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[792]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[792]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[792]lsass.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[792]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[792]lsass.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[792]lsass.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[792]lsass.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[792]lsass.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[792]lsass.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[988]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[988]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[988]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[988]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[988]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[988]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[988]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[988]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[988]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[988]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[988]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[988]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[988]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[988]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
seattle
Regular Member
 
Posts: 19
Joined: August 3rd, 2010, 11:37 pm

Re: My internet is getting away from me!

Unread postby melboy » August 9th, 2010, 8:11 am

Hi
seattle wrote:my keyboard won't work when I boot in Safe Mode


Does your computer respond to the keyboard when pressing F8, and when you reach the Windows Advanced Options Menu? Are you able to actually boot to safe mode?

Can you give me the exact make and model of your Dell computer.


MBRCheck

Download MBRCheck by a_d_13 from here and save it to your Desktop.

  • Double click MBRCheck.exe
  • A black command type window will open
  • After a short while, a text file will appear on your desktop named MBRCheck_Date_Time.txt
  • Press 'N' on your keyboard , then press 'enter' to close the window.
  • Copy/paste the contents of MBRCheck_Date_Time.txt in your next reply



MBR Rootkit Detector

Please download MBR.exe by GMER
Be sure to download it to the root of your drive, e.g. C:\MBR.exe


Once the download has finished, click Start > Run. Copy and paste the contents of the codebox below into the run box (Do Not include Code:), then click OK :
Code: Select all
CMD /C \mbr -t >Log.txt&Log.txt&del Log.txt

A log will be generated, Post the contents in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: My internet is getting away from me!

Unread postby seattle » August 9th, 2010, 9:46 am

Thank you! My PC is a Dell Dimension 8300. It responds to F8 and seems to go into Safe Mode at first, but once the Windows logon screen appears asking me for my password, neither the keyboard or the mouse will respond, so I can't enter a password or go any farther.



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 131):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF8D36000 \WINDOWS\system32\KDCOM.DLL
0xF8C46000 \WINDOWS\system32\BOOTVID.dll
0xF87E7000 ACPI.sys
0xF8D38000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF87D6000 pci.sys
0xF8836000 isapnp.sys
0xF8DFE000 pciide.sys
0xF8AB6000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8846000 MountMgr.sys
0xF87B7000 ftdisk.sys
0xF8ABE000 PartMgr.sys
0xF8856000 VolSnap.sys
0xF879F000 atapi.sys
0xF8866000 disk.sys
0xF8876000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF877F000 fltmgr.sys
0xF876D000 sr.sys
0xF8886000 Lbd.sys
0xF8AC6000 PxHelp20.sys
0xF8758000 drvmcdb.sys
0xF8741000 KSecDD.sys
0xF86B4000 Ntfs.sys
0xF8687000 NDIS.sys
0xF866D000 Mup.sys
0xF8896000 agp440.sys
0xF89D6000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF8119000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF8105000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF8BF6000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF80E1000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF8BFE000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF7FD4000 \SystemRoot\System32\DRIVERS\BCMSM.sys
0xF7FB1000 \SystemRoot\System32\DRIVERS\ks.sys
0xF8C06000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7F58000 \SystemRoot\system32\DRIVERS\RT61.sys
0xF7F34000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF8C0E000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF89E6000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF8C16000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF8C1E000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF89F6000 \SystemRoot\System32\DRIVERS\serial.sys
0xF8D0A000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF7F20000 \SystemRoot\System32\DRIVERS\parport.sys
0xF8D64000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF8C26000 \SystemRoot\System32\Drivers\MxlW2k.SYS
0xF8A06000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8A16000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF8A26000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF7E92000 \SystemRoot\system32\drivers\smwdm.sys
0xF7E6E000 \SystemRoot\system32\drivers\portcls.sys
0xF8A36000 \SystemRoot\system32\drivers\drmk.sys
0xF8D66000 \SystemRoot\system32\drivers\aeaudio.sys
0xF8A46000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8D16000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF7E57000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF827A000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF826A000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF8C2E000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7E46000 \SystemRoot\System32\DRIVERS\psched.sys
0xF825A000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF8C36000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF8C3E000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF8ADE000 \SystemRoot\System32\DRIVERS\wanatw4.sys
0xF824A000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8D68000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7DE8000 \SystemRoot\System32\DRIVERS\update.sys
0xF8AE6000 \SystemRoot\System32\DRIVERS\omci.sys
0xF8D26000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7D9D000 \SystemRoot\system32\drivers\ATIRWVD.SYS
0xF1717000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF0F35000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8DA8000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF0E74000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF127E000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF8DB4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF3D37000 \SystemRoot\System32\Drivers\Null.SYS
0xF8DB6000 \SystemRoot\System32\Drivers\Beep.SYS
0xF0E64000 \SystemRoot\system32\drivers\ssrtln.sys
0xF0E5C000 \SystemRoot\System32\drivers\vga.sys
0xF8DB8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8DBA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF0E54000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF0C0E000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF127A000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA27AD000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xA2754000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xA272D000 \SystemRoot\System32\Drivers\Mpfp.sys
0xA2707000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF0F15000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF0F05000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xA26DF000 \SystemRoot\System32\DRIVERS\netbt.sys
0xA26BD000 \SystemRoot\System32\drivers\afd.sys
0xF0EF5000 \SystemRoot\System32\DRIVERS\netbios.sys
0xA2692000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xA2622000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xA25EF000 \SystemRoot\system32\drivers\mfehidk.sys
0xF0EC5000 \SystemRoot\System32\Drivers\Fips.SYS
0xA25DE000 \SystemRoot\System32\Drivers\Udfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF719D000 \SystemRoot\System32\drivers\Dxapi.sys
0xF042D000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF0469000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF049000 \SystemRoot\System32\ati2cqag.dll
0xBF081000 \SystemRoot\System32\ati3duag.dll
0xBF290000 \SystemRoot\System32\ativvaxx.dll
0xF821A000 \SystemRoot\system32\drivers\drvnddm.sys
0xF0D77000 \SystemRoot\system32\dla\tfsndres.sys
0xA25C9000 \SystemRoot\system32\dla\tfsnifs.sys
0xF15F0000 \SystemRoot\system32\dla\tfsnopio.sys
0xF8DF4000 \SystemRoot\system32\dla\tfsnpool.sys
0xF7101000 \SystemRoot\system32\dla\tfsnboio.sys
0xF81FA000 \SystemRoot\system32\dla\tfsncofs.sys
0xF0D76000 \SystemRoot\system32\dla\tfsndrct.sys
0xA25B1000 \SystemRoot\system32\dla\tfsnudf.sys
0xA2598000 \SystemRoot\system32\dla\tfsnudfa.sys
0xF48A5000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA247B000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8D56000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA23AC000 \SystemRoot\System32\DRIVERS\srv.sys
0xA1A1E000 \SystemRoot\system32\drivers\wdmaud.sys
0xA1B7B000 \SystemRoot\system32\drivers\sysaudio.sys
0xF0E94000 \SystemRoot\system32\drivers\mfebopk.sys
0xA17A0000 \SystemRoot\system32\drivers\mfeavfk.sys
0xA170F000 \SystemRoot\System32\Drivers\HTTP.sys
0xA1ADB000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA186A000 \SystemRoot\system32\drivers\mfesmfk.sys
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 56):
0 System Idle Process
4 System
612 C:\WINDOWS\SYSTEM32\smss.exe
708 csrss.exe
736 C:\WINDOWS\SYSTEM32\winlogon.exe
784 C:\WINDOWS\SYSTEM32\services.exe
796 C:\WINDOWS\SYSTEM32\lsass.exe
972 C:\WINDOWS\SYSTEM32\ati2evxx.exe
988 C:\WINDOWS\SYSTEM32\svchost.exe
1064 svchost.exe
1156 C:\WINDOWS\SYSTEM32\svchost.exe
1236 svchost.exe
1396 svchost.exe
1416 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1484 C:\WINDOWS\SYSTEM32\spoolsv.exe
1580 svchost.exe
1620 C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
1700 C:\Program Files\Java\jre6\bin\jqs.exe
1756 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
1804 C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
1864 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
1920 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
2016 C:\Program Files\McAfee\MPF\MpfSrv.exe
224 C:\WINDOWS\SYSTEM32\svchost.exe
436 C:\WINDOWS\wanmpsvc.exe
592 C:\WINDOWS\SYSTEM32\svchost.exe
2124 C:\WINDOWS\SYSTEM32\wuauclt.exe
3052 C:\WINDOWS\SYSTEM32\ati2evxx.exe
3256 C:\WINDOWS\explorer.exe
3344 C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
3748 UNSECAPP.EXE
3880 wmiprvse.exe
4024 alg.exe
2340 C:\WINDOWS\BCMSMMSG.exe
2440 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
2244 C:\Program Files\Dell\Media Experience\PCMService.exe
2472 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
2484 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
2552 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
2604 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
2716 C:\Program Files\ATI Multimedia\main\atidtct.exe
2820 C:\Program Files\Java\jre6\bin\jusched.exe
2964 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
352 C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
3316 C:\WINDOWS\SYSTEM32\ctfmon.exe
3640 C:\Program Files\MSI\Common\RaUI.exe
3964 C:\WINDOWS\SYSTEM32\rundll32.exe
264 C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
1144 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
2352 C:\Program Files\OpenOffice.org 2.2\program\soffice.bin
152 C:\WINDOWS\SYSTEM32\svchost.exe
344 C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
3416 C:\Program Files\Internet Explorer\iexplore.exe
3044 C:\Program Files\Internet Explorer\iexplore.exe
2724 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
2748 C:\Documents and Settings\Sarah Lamont\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: Maxtor6Y120M0, Rev: YAR51EW0

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x832E0EC5]<<
kernel: MBR read successfully
user & kernel MBR OK
seattle
Regular Member
 
Posts: 19
Joined: August 3rd, 2010, 11:37 pm

Re: My internet is getting away from me!

Unread postby melboy » August 9th, 2010, 12:38 pm

Hi

Thanks for that.


TDSSKiller
  • Download the file TDSSKiller.zip and save it on your desktop
  • Extract the file tdskiller.zip, it will create a folder named tdsskiller on your desktop. (Zip/UnZip Tutorial)
  • Next double-click the tdsskiller Folder on your desktop.
  • Double click TDSSKiller.exe
  • Click Start scan and allow it to scan for Malicious objects.
  • If Malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.0_20.04.2010_15.31.43_log.txt.
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents in your next reply
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: My internet is getting away from me!

Unread postby seattle » August 9th, 2010, 10:09 pm

2010/08/09 18:52:35.0843 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
2010/08/09 18:52:35.0843 ================================================================================
2010/08/09 18:52:35.0843 SystemInfo:
2010/08/09 18:52:35.0843
2010/08/09 18:52:35.0843 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/09 18:52:35.0843 Product type: Workstation
2010/08/09 18:52:35.0843 ComputerName: SARAH
2010/08/09 18:52:35.0843 UserName: Sarah Lamont
2010/08/09 18:52:35.0843 Windows directory: C:\WINDOWS
2010/08/09 18:52:35.0843 System windows directory: C:\WINDOWS
2010/08/09 18:52:35.0843 Processor architecture: Intel x86
2010/08/09 18:52:35.0843 Number of processors: 1
2010/08/09 18:52:35.0843 Page size: 0x1000
2010/08/09 18:52:35.0843 Boot type: Normal boot
2010/08/09 18:52:35.0843 ================================================================================
2010/08/09 18:52:36.0593 Initialize success
2010/08/09 18:52:41.0125 ================================================================================
2010/08/09 18:52:41.0125 Scan started
2010/08/09 18:52:41.0125 Mode: Manual;
2010/08/09 18:52:41.0125 ================================================================================
2010/08/09 18:52:44.0437 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2010/08/09 18:52:44.0609 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/09 18:52:44.0656 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/09 18:52:44.0687 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2010/08/09 18:52:44.0828 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/08/09 18:52:44.0984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/09 18:52:45.0046 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/08/09 18:52:45.0250 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/09 18:52:45.0312 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
2010/08/09 18:52:45.0343 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2010/08/09 18:52:45.0406 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2010/08/09 18:52:45.0562 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2010/08/09 18:52:45.0687 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2010/08/09 18:52:45.0890 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2010/08/09 18:52:46.0343 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2010/08/09 18:52:46.0437 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2010/08/09 18:52:46.0546 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2010/08/09 18:52:46.0687 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2010/08/09 18:52:46.0812 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2010/08/09 18:52:46.0937 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2010/08/09 18:52:47.0140 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/09 18:52:47.0234 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/09 18:52:47.0375 ATI Remote Wonder II (368be3db3a6b9621df51216d323cda23) C:\WINDOWS\system32\drivers\ATIRWVD.SYS
2010/08/09 18:52:47.0625 ati2mtag (3729639e9dd14facf8b927240c5236de) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/08/09 18:52:47.0843 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/09 18:52:47.0953 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/09 18:52:48.0093 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
2010/08/09 18:52:48.0187 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/09 18:52:48.0250 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/08/09 18:52:48.0265 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/08/09 18:52:48.0375 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2010/08/09 18:52:48.0437 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/09 18:52:48.0546 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2010/08/09 18:52:48.0703 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/09 18:52:48.0828 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/09 18:52:48.0953 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/09 18:52:49.0125 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2010/08/09 18:52:49.0203 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2010/08/09 18:52:49.0281 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2010/08/09 18:52:49.0328 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2010/08/09 18:52:49.0500 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/09 18:52:49.0578 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/09 18:52:49.0671 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/09 18:52:49.0750 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/09 18:52:49.0828 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/09 18:52:49.0890 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2010/08/09 18:52:49.0968 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/09 18:52:50.0015 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/08/09 18:52:50.0093 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/08/09 18:52:50.0140 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/08/09 18:52:50.0187 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2010/08/09 18:52:50.0359 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/09 18:52:50.0687 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/09 18:52:50.0750 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/09 18:52:50.0812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/09 18:52:50.0906 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/09 18:52:50.0937 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/09 18:52:50.0984 Ftdisk (180ba0b0d6c4086c561a0792c7944c33) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/09 18:52:50.0984 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ftdisk.sys. Real md5: 180ba0b0d6c4086c561a0792c7944c33, Fake md5: 6ac26732762483366c3969c9e4d2259d
2010/08/09 18:52:50.0984 Ftdisk - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/09 18:52:51.0015 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/09 18:52:51.0093 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2010/08/09 18:52:51.0250 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/09 18:52:51.0296 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/08/09 18:52:51.0343 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2010/08/09 18:52:51.0406 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/09 18:52:51.0546 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2010/08/09 18:52:51.0593 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2010/08/09 18:52:51.0640 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2010/08/09 18:52:51.0687 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2010/08/09 18:52:51.0750 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2010/08/09 18:52:51.0796 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2010/08/09 18:52:51.0859 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2010/08/09 18:52:51.0890 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2010/08/09 18:52:51.0968 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2010/08/09 18:52:52.0015 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2010/08/09 18:52:52.0093 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/09 18:52:52.0171 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2010/08/09 18:52:52.0312 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2010/08/09 18:52:52.0390 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/09 18:52:52.0453 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/09 18:52:52.0500 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/09 18:52:52.0546 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/09 18:52:52.0609 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/09 18:52:52.0656 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/09 18:52:52.0687 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/09 18:52:52.0750 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/09 18:52:52.0796 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/09 18:52:52.0843 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/09 18:52:52.0906 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/09 18:52:53.0000 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/08/09 18:52:53.0187 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/08/09 18:52:53.0343 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/08/09 18:52:53.0562 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/08/09 18:52:53.0734 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2010/08/09 18:52:53.0890 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2010/08/09 18:52:54.0062 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/09 18:52:54.0140 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/09 18:52:54.0218 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/08/09 18:52:54.0328 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/09 18:52:54.0390 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/09 18:52:54.0531 MPFP (bc2a92cff784555ed622f861cb34f2e6) C:\WINDOWS\system32\Drivers\Mpfp.sys
2010/08/09 18:52:54.0796 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2010/08/09 18:52:54.0921 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/09 18:52:55.0015 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/09 18:52:55.0093 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/09 18:52:55.0156 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/09 18:52:55.0234 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/09 18:52:55.0328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/09 18:52:55.0421 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/09 18:52:55.0500 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/09 18:52:55.0609 MxlW2k (e91fc8b52d21e38317dc61a3c7ccfa4b) C:\WINDOWS\system32\drivers\MxlW2k.sys
2010/08/09 18:52:55.0859 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/09 18:52:55.0937 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/09 18:52:56.0031 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/09 18:52:56.0109 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/09 18:52:56.0171 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/09 18:52:56.0265 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/09 18:52:56.0343 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/09 18:52:56.0453 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/09 18:52:56.0500 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/09 18:52:56.0593 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/09 18:52:56.0671 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/09 18:52:56.0750 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/09 18:52:56.0843 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/08/09 18:52:57.0000 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/08/09 18:52:57.0046 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/09 18:52:57.0109 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/09 18:52:57.0156 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/09 18:52:57.0187 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/09 18:52:57.0265 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/09 18:52:57.0312 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/09 18:52:57.0718 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2010/08/09 18:52:57.0937 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2010/08/09 18:52:58.0062 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/09 18:52:58.0125 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/08/09 18:52:58.0171 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/09 18:52:58.0203 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/09 18:52:58.0281 PxHelp20 (7e1eacdecba39e0b2a35306426f0decc) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/08/09 18:52:58.0343 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2010/08/09 18:52:58.0421 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2010/08/09 18:52:58.0500 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2010/08/09 18:52:58.0578 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2010/08/09 18:52:58.0671 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2010/08/09 18:52:58.0750 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/09 18:52:58.0828 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/09 18:52:58.0875 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/09 18:52:58.0906 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/09 18:52:58.0937 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/09 18:52:58.0953 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/09 18:52:59.0015 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/09 18:52:59.0046 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/09 18:52:59.0109 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/09 18:52:59.0234 RT61 (1d72a1ab4d4860291b67bffe6862093a) C:\WINDOWS\system32\DRIVERS\RT61.sys
2010/08/09 18:52:59.0421 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/09 18:52:59.0468 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/09 18:52:59.0500 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/09 18:52:59.0531 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/09 18:52:59.0625 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2010/08/09 18:52:59.0703 smwdm (39f9595d2f6f7eb93f45a466789a6f49) C:\WINDOWS\system32\drivers\smwdm.sys
2010/08/09 18:52:59.0937 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2010/08/09 18:53:00.0000 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/09 18:53:00.0062 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/09 18:53:00.0125 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/09 18:53:00.0218 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/08/09 18:53:00.0281 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/08/09 18:53:00.0390 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/09 18:53:00.0421 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/09 18:53:00.0484 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2010/08/09 18:53:00.0640 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2010/08/09 18:53:00.0796 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2010/08/09 18:53:00.0812 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2010/08/09 18:53:00.0937 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/09 18:53:01.0015 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/09 18:53:01.0078 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/09 18:53:01.0109 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/09 18:53:01.0156 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/09 18:53:01.0234 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/08/09 18:53:01.0328 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/08/09 18:53:01.0406 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/08/09 18:53:01.0515 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys
2010/08/09 18:53:01.0656 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/08/09 18:53:01.0750 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/08/09 18:53:01.0843 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/08/09 18:53:01.0953 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/08/09 18:53:02.0046 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/08/09 18:53:02.0234 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2010/08/09 18:53:02.0312 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/09 18:53:02.0375 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2010/08/09 18:53:02.0531 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/09 18:53:02.0593 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/09 18:53:02.0656 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/09 18:53:02.0703 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/09 18:53:02.0734 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/09 18:53:02.0796 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/09 18:53:02.0828 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/09 18:53:02.0875 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2010/08/09 18:53:02.0890 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2010/08/09 18:53:02.0953 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/09 18:53:03.0031 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/09 18:53:03.0093 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/08/09 18:53:03.0156 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/09 18:53:03.0343 ================================================================================
2010/08/09 18:53:03.0343 Scan finished
2010/08/09 18:53:03.0343 ================================================================================
2010/08/09 18:53:03.0375 Detected object count: 1
2010/08/09 19:00:18.0750 Ftdisk (180ba0b0d6c4086c561a0792c7944c33) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/09 19:00:18.0750 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ftdisk.sys. Real md5: 180ba0b0d6c4086c561a0792c7944c33, Fake md5: 6ac26732762483366c3969c9e4d2259d
2010/08/09 19:00:25.0968 Backup copy found, using it..
2010/08/09 19:00:26.0640 C:\WINDOWS\system32\DRIVERS\ftdisk.sys - will be cured after reboot
2010/08/09 19:00:26.0640 Rootkit.Win32.TDSS.tdl3(Ftdisk) - User select action: Cure
2010/08/09 19:01:03.0234 Deinitialize success
seattle
Regular Member
 
Posts: 19
Joined: August 3rd, 2010, 11:37 pm

Re: My internet is getting away from me!

Unread postby melboy » August 10th, 2010, 12:30 pm

Hi seattle

Good job! that looks to have got it. The re-directions should have stopped - Please let me know how the computer is running.


Update Adobe Reader

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 9.3 to your PC's desktop.
  • Uninstall via Start > Control Panel > Add/Remove Programs:
    Adobe Reader 9.2
  • Install the new downloaded updated software.
  • Then using the internal updater update the software to the current increment 9.3.3
    • Open Adobe Reader go to > Help > Check for updates and allow the updater to check.
    • If updates are found click Show Details and check the boxes to click to download and install any necessary updates.



Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 21.

  • Go to Sun Java
  • Scroll down to where it says "JDK 6 Update 21 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • In the Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u21-windows-i586.exe" and save the downloaded file to your desktop.
  • Uninstall all old versions of Java via Start > Control Panel > Add/Remove Programs:
    Java 2 Runtime Environment, SE v1.4.2
    Java(TM) 6 Update 13
    Java(TM) SE Runtime Environment 6
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer



TFC

    You should still have this on your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.



ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)



Check a file
  • Go to VirusTotal
    C:\WINDOWS\system32\drivers\iljjezlm.sys
  • Copy/Paste the file above into the white Upload a file box.
  • Click Send file, and the file will upload to VirusTotal, where it will be scanned by several anti-virus programmes.
    NOTE: if you receive a message stating:
    • File has already been analyzed, click Reanalyze file Now.
  • After a while, a window will open, with details of what the scans found.
  • Copy and paste the results into your next reply.




In your next reply:
  1. VirusTotal results
  2. MBAM log
  3. ESET online scan log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: My internet is getting away from me!

Unread postby seattle » August 11th, 2010, 12:36 am

Thanks! Here's the info:

Antivirus Version Last Update Result
AhnLab-V3 2010.08.11.00 2010.08.10 -
AntiVir 8.2.4.34 2010.08.10 -
Antiy-AVL 2.0.3.7 2010.08.11 -
Authentium 5.2.0.5 2010.08.11 -
Avast 4.8.1351.0 2010.08.10 -
Avast5 5.0.332.0 2010.08.10 -
AVG 9.0.0.851 2010.08.10 -
BitDefender 7.2 2010.08.11 -
CAT-QuickHeal 11.00 2010.08.11 -
ClamAV 0.96.0.3-git 2010.08.11 -
Comodo 5708 2010.08.10 -
DrWeb 5.0.2.03300 2010.08.10 -
Emsisoft 5.0.0.37 2010.08.11 -
eSafe 7.0.17.0 2010.08.09 -
eTrust-Vet 36.1.7780 2010.08.11 -
F-Prot 4.6.1.107 2010.08.10 -
Fortinet 4.1.143.0 2010.08.10 -
GData 21 2010.08.11 -
Ikarus T3.1.1.87.0 2010.08.11 -
Jiangmin 13.0.900 2010.08.10 -
Kaspersky 7.0.0.125 2010.08.11 -
McAfee 5.400.0.1158 2010.08.11 -
McAfee-GW-Edition 2010.1 2010.08.11 Heuristic.LooksLike.Trojan.Patched.I
Microsoft 1.6004 2010.08.10 -
NOD32 5356 2010.08.10 -
Norman 6.05.11 2010.08.10 -
nProtect 2010-08-11.01 2010.08.11 -
Panda 10.0.2.7 2010.08.10 -
PCTools 7.0.3.5 2010.08.11 -
Rising 22.60.02.01 2010.08.11 -
Sophos 4.56.0 2010.08.11 -
Sunbelt 6716 2010.08.11 -
SUPERAntiSpyware 4.40.0.1006 2010.08.11 -
Symantec 20101.1.1.7 2010.08.11 -
TheHacker 6.5.2.1.342 2010.08.11 -
TrendMicro 9.120.0.1004 2010.08.11 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.11 -
VBA32 3.12.12.8 2010.08.10 -
ViRobot 2010.8.9.3978 2010.08.11 -
VirusBuster 5.0.27.0 2010.08.10 -
Additional informationShow all
MD5 : 6ac26732762483366c3969c9e4d2259d
SHA1 : 12b8db7b23bf05c46bce7640b0714bf682b7c2a4
SHA256: ff2c9a23cc17f380093f0bea955b1925794271c2fea16b9b7639668e6999bae3


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4417

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/10/2010 8:25:59 PM
mbam-log-2010-08-10 (20-25-59).txt

Scan type: Quick scan
Objects scanned: 135698
Time elapsed: 15 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=eed430b52d6d594d9cb3cfa0412a17e6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-08-11 04:29:32
# local_time=2010-08-10 09:29:32 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16776613 100 96 673139 34338331 0 0
# compatibility_mode=5892 16776574 100 100 111374706 137667283 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=68126
# found=8
# cleaned=0
# scan_time=2967
C:\Program Files\AIM\aim95.exe Win32/Adware.WBug.A application 00000000000000000000000000000000 I
C:\Program Files\AWS\WeatherBug\WeatherBugInstall.exe a variant of Win32/AdInstaller application 00000000000000000000000000000000 I
C:\Program Files\AWS\WeatherBug\WxBugAutoUpgradeChoiceSAb1.0.0.7.EXE a variant of Win32/AdInstaller application 00000000000000000000000000000000 I
C:\Program Files\AWS\WeatherBug\WxBugAutoUpgradeChoiceSAb1.0.0.8.EXE a variant of Win32/AdInstaller application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0007332.EXE Win32/Adware.WBug.A application 00000000000000000000000000000000 I
C:\WINDOWS\SYSTEM32\stutv.bak1 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\WINDOWS\SYSTEM32\stutv.bak2 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\WINDOWS\SYSTEM32\stutv.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
seattle
Regular Member
 
Posts: 19
Joined: August 3rd, 2010, 11:37 pm

Re: My internet is getting away from me!

Unread postby melboy » August 11th, 2010, 3:45 pm

Hi

Good - A few things to clear up and then we should be just about done.


How are things running?


Uninstall Programs
  • click on start
  • Click on control panel
  • Double click the icon add/remove programs
  • click on the first program below and click Remove
WeatherBug


Backup the Registry:

Modifying the Registry can create unforseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.(System registry & Current user registry)
  • Click on OK
  • When the Question pop-up appears click on Yes to create the folder.
  • After a short duration the Registry backup is complete! popup will appear
  • Now click on OK. A backup has been created.



OTM

Download OTM by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Paste the following code under the Image area. Do not include the word Code.
    Code: Select all
    :Services
    wff
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    ""=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    
    :Files
    C:\WINDOWS\system32\KBUITPIN.dll
    C:\WINDOWS\SYSTEM32\stutv.bak1 
    C:\WINDOWS\SYSTEM32\stutv.bak2 
    C:\WINDOWS\SYSTEM32\stutv.ini 
    C:\WINDOWS\system32\drivers\iljjezlm.sys
    C:\WINDOWS\System32\drivers\wff.sys 
    C:\Program Files\AWS
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
    

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


    After reboot by OTM:


    Re-run - RSIT (Random's System Information Tool)

    You should still have this program on your desktop.

    • Double click on RSIT.exe to run it.
    • Click Continue at the disclaimer screen.
      RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
    • Please post ONLY the "log.txt", file contents in your next reply.




    In your next reply:
    1. RSIT log.txt
    2. OTM log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: My internet is getting away from me!

Unread postby seattle » August 13th, 2010, 12:08 pm

Hi! Thank you for your patience with me. My browser is no longer being redirected, so that's great! I did have a hard time getting the list of programs to uninstall to populate when trying to remove WeatherBug. It took several tries and reboots, but it finally worked, and once the list was up, removing it went fine.

Here are the files:


All processes killed
========== SERVICES/DRIVERS ==========
Service wff stopped successfully!
Service wff deleted successfully!
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\KBUITPIN.dll not found.
C:\WINDOWS\SYSTEM32\stutv.bak1 moved successfully.
C:\WINDOWS\SYSTEM32\stutv.bak2 moved successfully.
C:\WINDOWS\SYSTEM32\stutv.ini moved successfully.
C:\WINDOWS\system32\drivers\iljjezlm.sys moved successfully.
File/Folder C:\WINDOWS\System32\drivers\wff.sys not found.
C:\Program Files\AWS folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 1398 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner

User: Sarah Lamont
->Temp folder emptied: 2921068 bytes
->Temporary Internet Files folder emptied: 27270163 bytes
->Java cache emptied: 156 bytes
->Flash cache emptied: 564 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24557 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 29.00 mb


OTM by OldTimer - Version 3.1.15.0 log created on 08132010_085127

Files moved on Reboot...
File C:\Documents and Settings\Sarah Lamont\Local Settings\Temp\~DFCB55.tmp not found!
File C:\Documents and Settings\Sarah Lamont\Local Settings\Temp\~DFCB66.tmp not found!
File C:\Documents and Settings\Sarah Lamont\Local Settings\Temp\~DFCD29.tmp not found!
File C:\Documents and Settings\Sarah Lamont\Local Settings\Temp\~DFCD91.tmp not found!
C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\Content.IE5\79XSWTZ0\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Sarah Lamont\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File C:\Documents and Settings\Sarah Lamont\Application Data\Sun\Java\Deployment\cache\6.0\49\3c63e7f1-5ebc1430.idx not found!
File C:\WINDOWS\temp\mcu3C.tmp\UpdReq.mcaf not found!
File C:\WINDOWS\temp\mcmsc_9r2B7jx1bEW2vJv not found!

Registry entries deleted on Reboot...


Logfile of random's system information tool 1.08 (written by random/random)
Run by Sarah Lamont at 2010-08-13 09:04:09
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 99 GB (86%) free of 114 GB
Total RAM: 511 MB (7% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:06:08 AM, on 8/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\notepad.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\Common\RaUI.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sarah Lamont\Desktop\RSIT.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\trend micro\Sarah Lamont.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: MSI Wireless Utility.lnk = C:\Program Files\MSI\Common\RaUI.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {466FE5FE-9B04-4BD8-9993-C4FBDAEB7122} (JMWiseCam Control) - http://74.168.102.22/JMWiseCam.cab
O16 - DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} (Snapfish Activia3) - http://www1.snapfish.com/SnapfishActivia3.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6314801000
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} (Image Uploader Control) - http://community.weightwatchers.com/Scr ... oader6.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 12557 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
UberButton Class - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2003-08-06 106548]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}]
YahooTaggedBM Class - C:\Program Files\Yahoo!\Common\YIeTagBm.dll [2006-07-28 120312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-10 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2003-08-06 114741]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2003-08-26 204800]
"mmtask"=c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe [2003-10-06 53248]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2004-02-18 77824]
"MMTray"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [2003-10-06 118784]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-04-03 777424]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-07-10 339968]
""= []
"ATI DeviceDetect"=C:\Program Files\ATI Multimedia\main\ATIDtct.EXE [2004-06-15 69705]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-01-03 185896]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-19 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"= []
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"ATI Launchpad"=C:\Program Files\ATI Multimedia\main\launchpd.exe [2004-06-15 106571]
"ATI Remote Control"=C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe [2004-04-16 196608]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 []
"E6TaskPanel"=C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [2004-01-16 733184]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe
MSI Wireless Utility.lnk - C:\Program Files\MSI\Common\RaUI.exe

C:\Documents and Settings\Sarah Lamont\Start Menu\Programs\Startup
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-07-10 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-04-03 81616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:TaskPanl"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\SYSTEM32\fxsclnt.exe"="C:\WINDOWS\SYSTEM32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe"="C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe:*:Enabled:Adobe Download Manager"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2010-08-13 08:51:27 ----D---- C:\_OTM
2010-08-13 08:47:37 ----D---- C:\WINDOWS\ERDNT
2010-08-13 08:47:18 ----D---- C:\Program Files\ERUNT
2010-08-13 03:08:31 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-13 03:08:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-13 03:08:08 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-13 03:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-13 03:07:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-13 03:06:52 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-13 03:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-13 03:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-10 19:42:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-10 19:40:07 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-08-10 19:39:32 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-10 19:39:32 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-10 19:39:32 ----A---- C:\WINDOWS\system32\java.exe
2010-08-10 19:39:32 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-08-09 18:52:35 ----A---- C:\TDSSKiller.2.4.1.0_09.08.2010_18.52.35_log.txt
2010-08-09 06:43:37 ----A---- C:\mbr.exe
2010-08-07 14:35:43 ----ASH---- C:\hiberfil.sys
2010-08-06 18:14:34 ----D---- C:\WINDOWS\system32\LogFiles
2010-08-06 17:50:37 ----D---- C:\rsit
2010-08-06 17:31:02 ----D---- C:\Documents and Settings\Sarah Lamont\Application Data\Malwarebytes
2010-08-06 17:30:25 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-06 17:30:24 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-08-06 17:30:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-06 17:30:23 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-06 17:05:53 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2010-08-01 19:38:58 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-08-01 16:40:02 ----A---- C:\WINDOWS\system32\drivers\Lbd.sys
2010-08-01 16:39:43 ----A---- C:\WINDOWS\system32\drivers\SBREDrv.sys
2010-08-01 16:02:30 ----HDC---- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-01 16:01:10 ----D---- C:\Program Files\Lavasoft
2010-08-01 16:01:10 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-08-01 15:42:48 ----D---- C:\security
2010-07-17 14:01:58 ----D---- C:\Program Files\Trend Micro
2010-07-16 07:40:35 ----D---- C:\WINDOWS\system32\MpEngineStore
2010-07-16 03:06:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$

======List of files/folders modified in the last 1 months======

2010-08-13 09:05:41 ----D---- C:\WINDOWS\Temp
2010-08-13 09:04:03 ----D---- C:\WINDOWS\Prefetch
2010-08-13 09:03:55 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-13 09:03:51 ----SD---- C:\WINDOWS\Tasks
2010-08-13 09:00:19 ----D---- C:\Documents and Settings\Sarah Lamont\Application Data\OpenOffice.org2
2010-08-13 08:56:05 ----A---- C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt
2010-08-13 08:54:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-13 08:51:41 ----RD---- C:\Program Files
2010-08-13 08:51:41 ----D---- C:\WINDOWS\system32\DRIVERS
2010-08-13 08:51:41 ----D---- C:\WINDOWS\SYSTEM32
2010-08-13 08:47:37 ----D---- C:\WINDOWS
2010-08-13 03:25:23 ----D---- C:\Program Files\Internet Explorer
2010-08-13 03:08:34 ----HD---- C:\WINDOWS\INF
2010-08-13 03:08:33 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2010-08-13 03:08:28 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-13 03:08:26 ----A---- C:\WINDOWS\imsins.BAK
2010-08-13 03:07:26 ----D---- C:\WINDOWS\ie8updates
2010-08-13 03:02:19 ----D---- C:\Program Files\Movie Maker
2010-08-10 20:33:07 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-08-10 19:44:35 ----D---- C:\Config.Msi
2010-08-10 19:40:05 ----SHD---- C:\WINDOWS\Installer
2010-08-10 19:40:03 ----D---- C:\Program Files\Common Files\Java
2010-08-10 19:38:59 ----D---- C:\Program Files\Java
2010-08-10 18:04:35 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-08-10 17:58:47 ----D---- C:\Program Files\Common Files\Adobe
2010-08-10 17:58:01 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-08-10 17:54:37 ----D---- C:\Program Files\Adobe
2010-08-10 17:54:20 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-08-08 14:44:16 ----D---- C:\WINDOWS\system32\FxsTmp
2010-08-07 13:57:02 ----A---- C:\WINDOWS\ntbtlog.txt
2010-08-06 17:44:51 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2010-08-03 11:09:31 ----A---- C:\WINDOWS\system32\MRT.exe
2010-08-01 16:40:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-08-01 16:00:59 ----D---- C:\WINDOWS\WinSxS
2010-07-26 23:30:35 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-26 06:29:04 ----D---- C:\Program Files\McAfee
2010-07-23 05:23:53 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-16 03:05:09 ----A---- C:\WINDOWS\system32\MRT.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 drvmcdb;drvmcdb; C:\WINDOWS\system32\drivers\drvmcdb.sys [2003-07-31 84576]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [2003-07-30 17168]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2010-07-15 120136]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2003-07-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2003-07-14 23219]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-10-10 20747]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2003-06-20 40448]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2003-08-06 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2003-08-06 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2003-08-06 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2003-08-06 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2003-08-06 83284]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2003-08-06 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2003-08-06 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2003-08-06 98068]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2003-08-06 100373]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ATI Remote Wonder II;ATI Remote Wonder II; C:\WINDOWS\system32\drivers\ATIRWVD.SYS [2003-12-15 257872]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-07-10 747008]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2007-02-17 28256]
R3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-01-19 363008]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-18 578176]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S0 rseb;rseb; C:\WINDOWS\system32\drivers\rseb.sys []
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [2003-08-06 1376360]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-07-10 385024]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-08-10 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-11 1355416]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2010-06-10 865832]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-01-10 65536]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S2 ATI Smart;ATI Smart; C:\WINDOWS\SYSTEM32\ati2sgag.exe [2004-07-10 516096]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 x10nets;X10 Device Network Service; C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe []
S4 WinDefend;Windows Defender Service; C:\Program Files\Windows Defender\MsMpEng.exe [2006-04-03 14032]

-----------------EOF-----------------
seattle
Regular Member
 
Posts: 19
Joined: August 3rd, 2010, 11:37 pm

Re: My internet is getting away from me!

Unread postby melboy » August 13th, 2010, 8:47 pm

Hi


I notice you use Ad-Aware. Please be informed that the latest versions of Ad-Aware now have Anti-virus protection included. It is not recommended to have more than one anti-virus installed on a system, and that doing so not only does not provide better protection, it can actually cause additional problems. Anti-virus programs patch into the system kernel. Having more than one anti-virus patching into the system kernel will not only destabilize a system, it can corrupt system files and can cause crashes!

You can turn off the anti-virus engine as follows:
  • Open Ad-Aware
  • Click on switch to advanced mode
  • Click on Settings
  • Click on the Ad-watch live! tab and under Detection layers ensure Antivirus engine is UNchecked
  • Click OK and close Ad-Aware

------------------------------------

Your log now appears to be clean. Congratulations!
This is my general post for when your logs show no more signs of malware ;) - Please let me know if you still are having problems with your computer and what these problems are. If not, please continue with the instructions below.


OTM by OldTimer

You should still have this on your Desktop.

  • Double-click OTM.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

If not already deleted, you can delete RKUnhookerLE.EXE & it's associated log file(s) and also MBRcheck.exe & it's associated log file(s)


----------------------------------------------------------------


General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.


Clear Infected System Restore Points

  • Turn System Restore off
  • On the Desktop, right click on the My Computer icon.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
    Restart your computer
    -
  • Turn System Restore on
  • On the Desktop, right click on the My Computer icon.
  • Click Properties.
  • Click the System Restore tab.
  • Uncheck Turn off System Restore on all drives.
  • Click Apply
  • Click each drive in turn where system restore is not required and click Settings
    Note: System restore is only needed on drives with an operating system installed
  • For each drive without an operating system, check Turn off system restore on this drive, click Yes then click OK.
Note: only do this once, and not on a regular basis


  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Uninstall Tools for Major Antivirus Products
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.


Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
  • Malwarebytes' Anti-Malware
    As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. (TIP: Cleaning out temp files can reduce scanning times.)
    Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.
  • Use an alternative Internet Browser
    Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
    Firefox
    Opera


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: My internet is getting away from me!

Unread postby seattle » August 13th, 2010, 9:21 pm

Thank you!! I will follow the steps in your last post. I appreciate SO MUCH the time you've taken to help me. You're the best!
seattle
Regular Member
 
Posts: 19
Joined: August 3rd, 2010, 11:37 pm

Re: My internet is getting away from me!

Unread postby melboy » August 14th, 2010, 6:13 am

You're most welcome! :)
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: My internet is getting away from me!

Unread postby Dakeyras » August 14th, 2010, 6:57 am

As it appears this issue has been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware