can't update antivirus, run spybot, malwarebytes & links re-directed [Archive]

drenda

2009-03-29, 16:13

I wasn't attention the other night and downloaded some junk codec file. :( Now I am having the problems mentioned in my title. I run pctools antivirus as I can't get AVG to install on my vista laptop. Spybot does nothing when I click it and malwarebytes does the same thing. All search links are re-directed also. I ran smitfraudfix, before i found this forum, and it didnt help. Here is my hijack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:55:48, on 3/29/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\drenda\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\drenda\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{16494FCD-8D3E-4D30-9B76-AB009146E634}: NameServer = 85.255.112.189,85.255.112.178
O17 - HKLM\System\CCS\Services\Tcpip\..\{A77D9A6C-272C-43D2-91A4-3491D83B29CE}: NameServer = 85.255.112.189,85.255.112.178
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.189,85.255.112.178
O17 - HKLM\System\CS1\Services\Tcpip\..\{16494FCD-8D3E-4D30-9B76-AB009146E634}: NameServer = 85.255.112.189,85.255.112.178
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.189,85.255.112.178
O17 - HKLM\System\CS2\Services\Tcpip\..\{16494FCD-8D3E-4D30-9B76-AB009146E634}: NameServer = 85.255.112.189,85.255.112.178
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.189,85.255.112.178
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c8c37a28b2c239) (gupdate1c8c37a28b2c239) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12060 bytes

Shaba

2009-03-31, 17:05

Hi drenda

Please try to rename malwarebytes executable and let me know if it works now.

drenda

2009-04-01, 06:53

Sorry I to take so long to reply. I was antsy as I have dealt with this for a week now and I spent most of the day in safemode. I was able to get malwarebytes to update and run as well as spybot, pctools antivirus and pctools spyware doctor. I THINK i may be clean now but I haven't rebooted and rescanned. I do have the log from malwarebytes with the things it found and removed. A second scan came up clean.
Below are the logs.

Malwarebytes' Anti-Malware 1.35
Database version: 1924
Windows 6.0.6001 Service Pack 1

3/31/2009 11:13:57 AM
mbam-log-2009-03-31 (11-13-57).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 243138
Time elapsed: 48 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HDExtrem (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDExtrem (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\drenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDExtrem (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDExtrem (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\HDExtrem (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\HDExtrem\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDExtrem\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\RECYCLER\S-9-2-45-100015448-100020633-100001229-4820.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.

-----------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:50 PM, on 3/31/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\CSHelper.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AIM6\aim6.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\drenda\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\drenda\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c8c37a28b2c239) (gupdate1c8c37a28b2c239) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13372 bytes

drenda

2009-04-01, 07:06

I also have a 'file' from spyware doctor. It saves as an html file so i dont know how readable this will be. It will have to be in a few parts as it's large.

PC Tools Spyware Doctor

Date

Status
3/31/2009 9:45:24 AM:482
Service Started
Spyware Doctor Service Application started
3/31/2009 9:45:24 AM:484
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/31/2009 9:45:24 AM:510
Anti-Malware Engine
Anti-Malware detection engine was disabled
3/31/2009 9:46:02 AM:361
IntelliGuards status
All IntelliGuards were Enabled
3/31/2009 9:46:21 AM:852
Immunizer Results
ActiveX section has been immunized, Processed 3345 items.
3/31/2009 9:52:14 AM:176
IntelliGuards status
All IntelliGuards were Deactivated for 15min
3/31/2009 9:52:15 AM:11
Immunizer Results
The ActiveX section has been Unimmunized, Processed 3345 items.
3/31/2009 9:52:16 AM:142
IntelliGuards status
All IntelliGuards were Enabled
3/31/2009 9:52:20 AM:407
Scan Started
Scan Type - Intelli-Scan
3/31/2009 9:52:21 AM:586
Immunizer Results
ActiveX section has been immunized, Processed 3345 items.
3/31/2009 9:52:52 AM:885
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ar.atwola.com/ ar.atwola.com
3/31/2009 9:52:52 AM:886
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ar.atwola.com/ ar.atwola.com
3/31/2009 9:52:52 AM:907
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - at.atwola.com/ at.atwola.com
3/31/2009 9:52:52 AM:911
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - atwola.com/ atwola.com
3/31/2009 9:52:52 AM:912
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - atwola.com/ atwola.com
3/31/2009 9:52:52 AM:917
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - azjmp.com/ azjmp.com
3/31/2009 9:52:52 AM:978
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - cdn.at.atwola.com/ cdn.at.atwola.com
3/31/2009 9:52:52 AM:978
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - cdn.at.atwola.com/ cdn.at.atwola.com
3/31/2009 9:52:52 AM:978
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - cdn.at.atwola.com/ cdn.at.atwola.com
3/31/2009 9:52:54 AM:309
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ads.belointeractive.com/ ads.belointeractive.com
3/31/2009 9:52:54 AM:523
Infection was detected on this computer
Threat Name - Adware.Powersearch_Toolbar
Type - Cookie
Risk Level - Medium
Infection - aptimus.com/ aptimus.com
3/31/2009 9:52:54 AM:565
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - at.atwola.com/ at.atwola.com
3/31/2009 9:52:54 AM:580
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - atwola.com/ atwola.com
3/31/2009 9:52:54 AM:602
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - azjmp.com/ azjmp.com
3/31/2009 9:52:54 AM:685
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - belointeractive.com/ belointeractive.com
3/31/2009 9:52:54 AM:708
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - bluestreak.com/ bluestreak.com
3/31/2009 9:52:54 AM:796
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - burstnet.com/ burstnet.com
3/31/2009 9:52:55 AM:119
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - com.com/ com.com
3/31/2009 9:52:55 AM:616
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - dotomi.com/ dotomi.com
3/31/2009 9:52:56 AM:87
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - homestore.com/ homestore.com
3/31/2009 9:52:56 AM:146
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ic-live.com/ ic-live.com
3/31/2009 9:52:56 AM:146
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ic-live.com/ ic-live.com
3/31/2009 9:52:56 AM:190
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - imrworldwide.com/ imrworldwide.com
3/31/2009 9:52:56 AM:974
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - nebuad.adjuggler.com/ nebuad.adjuggler.com
3/31/2009 9:52:56 AM:974
Infection was detected on this computer
Threat Name - Adware.Powersearch_Toolbar
Type - Cookie
Risk Level - Medium
Infection - network.aptimus.com/ network.aptimus.com
3/31/2009 9:52:57 AM:17
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - nextag.com/ nextag.com
3/31/2009 9:52:57 AM:100
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - otxresearch.com/ otxresearch.com
3/31/2009 9:52:57 AM:283
Infection was detected on this computer
Threat Name - Adware.Comet_Cursor
Type - Cookie
Risk Level - Low
Infection - popularscreensavers.com/ popularscreensavers.com
3/31/2009 9:52:57 AM:316
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - pricegrabber.com/ pricegrabber.com
3/31/2009 9:52:57 AM:893
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net
3/31/2009 9:52:57 AM:894
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net
3/31/2009 9:52:57 AM:894
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net
3/31/2009 9:52:58 AM:279
Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Cookie
Risk Level - High
Infection - survey.otxresearch.com/ survey.otxresearch.com
3/31/2009 9:52:59 AM:271
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.burstbeacon.com/ www.burstbeacon.com
3/31/2009 9:52:59 AM:808
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.pricegrabber.com/ www.pricegrabber.com
3/31/2009 9:53:00 AM:354
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - yadro.ru/ yadro.ru
3/31/2009 9:53:03 AM:327
Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Favourite
Risk Level - High
Infection - http://www.ebates.com/ : C:\Users\drenda\AppData\Roaming\Mozilla\Firefox\Profiles\ywnk0shs.default\bookmarks.htmlebates.com
3/31/2009 9:53:03 AM:826
Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Favourite
Risk Level - High
Infection - http://www.ebates.com/home.go : C:\Users\drenda\AppData\Roaming\Mozilla\Firefox\Profiles\ywnk0shs.default\bookmarks.htmlEbates - Coupons Discounts plus Rebates, Online Shopping at over 600 stores
3/31/2009 9:56:11 AM:413
Scan Finished
Scan Type - Intelli-Scan
Items Processed - 141441
Threats Detected - 5
Infections Detected - 38
Infections Ignored - 0
3/31/2009 9:57:34 AM:863
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - yadro.ru/ yadro.ru
3/31/2009 9:57:34 AM:865
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.pricegrabber.com/ www.pricegrabber.com
3/31/2009 9:57:34 AM:868
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.burstbeacon.com/ www.burstbeacon.com
3/31/2009 9:57:34 AM:870
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net
3/31/2009 9:57:34 AM:872
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net
3/31/2009 9:57:34 AM:874
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - sales.liveperson.net/ sales.liveperson.net
3/31/2009 9:57:34 AM:876
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - pricegrabber.com/ pricegrabber.com
3/31/2009 9:57:34 AM:878
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - otxresearch.com/ otxresearch.com
3/31/2009 9:57:34 AM:880
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - imrworldwide.com/ imrworldwide.com
3/31/2009 9:57:34 AM:881
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ic-live.com/ ic-live.com
3/31/2009 9:57:34 AM:883
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ic-live.com/ ic-live.com
3/31/2009 9:57:34 AM:885
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - homestore.com/ homestore.com
3/31/2009 9:57:34 AM:887
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - bluestreak.com/ bluestreak.com
3/31/2009 9:57:34 AM:889
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - belointeractive.com/ belointeractive.com
3/31/2009 9:57:34 AM:890
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - atwola.com/ atwola.com
3/31/2009 9:57:34 AM:892
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - at.atwola.com/ at.atwola.com
3/31/2009 9:57:34 AM:893
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ads.belointeractive.com/ ads.belointeractive.com
3/31/2009 9:57:34 AM:895
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - cdn.at.atwola.com/ cdn.at.atwola.com
3/31/2009 9:57:34 AM:897
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - cdn.at.atwola.com/ cdn.at.atwola.com
3/31/2009 9:57:34 AM:898
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - cdn.at.atwola.com/ cdn.at.atwola.com
3/31/2009 9:57:34 AM:900
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - atwola.com/ atwola.com
3/31/2009 9:57:34 AM:901
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - atwola.com/ atwola.com
3/31/2009 9:57:34 AM:903
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - at.atwola.com/ at.atwola.com
3/31/2009 9:57:34 AM:904
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ar.atwola.com/ ar.atwola.com
3/31/2009 9:57:34 AM:906
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ar.atwola.com/ ar.atwola.com
3/31/2009 9:57:35 AM:32
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - nextag.com/ nextag.com
3/31/2009 9:57:35 AM:34
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - nebuad.adjuggler.com/ nebuad.adjuggler.com
3/31/2009 9:57:35 AM:35
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - dotomi.com/ dotomi.com
3/31/2009 9:57:35 AM:37
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - com.com/ com.com
3/31/2009 9:57:35 AM:39
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - burstnet.com/ burstnet.com
3/31/2009 9:57:35 AM:40
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - azjmp.com/ azjmp.com
3/31/2009 9:57:35 AM:42
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - azjmp.com/ azjmp.com
3/31/2009 9:57:35 AM:150
Infection cleaned
Threat Name - Adware.Powersearch_Toolbar
Type - Cookie
Risk Level - Medium
Infection - network.aptimus.com/ network.aptimus.com
3/31/2009 9:57:35 AM:151
Infection cleaned
Threat Name - Adware.Powersearch_Toolbar
Type - Cookie
Risk Level - Medium
Infection - aptimus.com/ aptimus.com
3/31/2009 9:57:35 AM:437
Infection cleaned
Threat Name - Adware.Comet_Cursor
Type - Cookie
Risk Level - Low
Infection - popularscreensavers.com/ popularscreensavers.com
3/31/2009 9:57:35 AM:547
Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Favourite
Risk Level - High
Infection - http://www.ebates.com/home.go : C:\Users\drenda\AppData\Roaming\Mozilla\Firefox\Profiles\ywnk0shs.default\bookmarks.htmlEbates - Coupons Discounts plus Rebates, Online Shopping at over 600 stores
3/31/2009 9:57:35 AM:547
Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Favourite
Risk Level - High
Infection - http://www.ebates.com/ : C:\Users\drenda\AppData\Roaming\Mozilla\Firefox\Profiles\ywnk0shs.default\bookmarks.htmlebates.com
3/31/2009 9:57:35 AM:705
Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Favourite
Risk Level - High
Infection - http://www.ebates.com/home.go : C:\Users\drenda\AppData\Roaming\Mozilla\Firefox\Profiles\ywnk0shs.default\bookmarks.htmlEbates - Coupons Discounts plus Rebates, Online Shopping at over 600 stores
3/31/2009 9:57:35 AM:730
Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Favourite
Risk Level - High
Infection - http://www.ebates.com/ : C:\Users\drenda\AppData\Roaming\Mozilla\Firefox\Profiles\ywnk0shs.default\bookmarks.htmlebates.com
3/31/2009 9:57:35 AM:731
Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Cookie
Risk Level - High
Infection - survey.otxresearch.com/ survey.otxresearch.com
3/31/2009 9:57:37 AM:843
Infections Quarantined/Removed Summary
Quarantined - 2
Quarantine Failed - 0
Removed - 38
Remove Failed - 0
3/31/2009 10:01:45 AM:423
Service Stopped
Spyware Doctor Service Application Stopped
3/31/2009 10:02:50 AM:31
Service Started
Spyware Doctor Service Application started
3/31/2009 10:02:50 AM:32
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/31/2009 10:02:50 AM:40
IntelliGuards status
All IntelliGuards were Enabled
3/31/2009 10:02:54 AM:398
Immunizer Results
ActiveX section has been immunized, Processed 339 items.
3/31/2009 10:02:55 AM:890
Scan Started
Scan Type - Intelli-Scan
3/31/2009 10:03:38 AM:140
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - HumanClickID sales.liveperson.net
3/31/2009 10:03:38 AM:722
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi trb.com
3/31/2009 10:03:40 AM:933
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - HSID homestore.com
3/31/2009 10:03:43 AM:314
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - V5 imrworldwide.com
3/31/2009 10:03:43 AM:315
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - IMRID imrworldwide.com
3/31/2009 10:03:45 AM:403
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - DotomiUser dotomi.com
3/31/2009 10:03:45 AM:403
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - DotomiNet dotomi.com
3/31/2009 10:03:46 AM:485
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - directtrack_contextual_cash4creatives_9362 login.tracking101.com
3/31/2009 10:03:52 AM:633
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - VID yadro.ru
3/31/2009 10:03:53 AM:409
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ngx_userid ic-live.com
3/31/2009 10:03:53 AM:410
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - pid2 ic-live.com
3/31/2009 10:03:53 AM:410
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - cvt318 ic-live.com
3/31/2009 10:03:54 AM:97
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - AZTD azjmp.com
3/31/2009 10:03:54 AM:97
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - OAID azjmp.com
3/31/2009 10:03:54 AM:98
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - 4779_long_tracker azjmp.com
3/31/2009 10:03:54 AM:349
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - didguid did-it.com
3/31/2009 10:03:54 AM:349
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - x_ncookie_tlog did-it.com
3/31/2009 10:03:54 AM:349
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - x_didit_sid did-it.com
3/31/2009 10:03:54 AM:671
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - cvt268 ic-live.com
3/31/2009 10:03:54 AM:694
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi msnonecare.112.2o7.net
3/31/2009 10:03:54 AM:919
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vnum experts-exchange.com
3/31/2009 10:03:54 AM:920
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_nr experts-exchange.com
3/31/2009 10:03:54 AM:920
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_lastvisit experts-exchange.com
3/31/2009 10:03:54 AM:920
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - EECC_0 experts-exchange.com
3/31/2009 10:03:54 AM:921
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - DLC experts-exchange.com
3/31/2009 10:03:54 AM:921
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - REFERRER experts-exchange.com
3/31/2009 10:03:54 AM:921
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi experts-exchange.com
3/31/2009 10:03:54 AM:921
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - WPIDB experts-exchange.com
3/31/2009 10:03:55 AM:59
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_nmnuoibxxix7Eom 2o7.net
3/31/2009 10:03:55 AM:379
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi bonneville.112.2o7.net
3/31/2009 10:03:55 AM:573
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - U serving-sys.com
3/31/2009 10:03:55 AM:637
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi foxinteractivemedia.122.2o7.net
3/31/2009 10:03:55 AM:727
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi msnbc.112.2o7.net
3/31/2009 10:03:55 AM:909
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - NCPID ncp.imrworldwide.com
3/31/2009 10:03:56 AM:156
Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Cookie
Risk Level - High
Infection - SurferID 7search.com
3/31/2009 10:03:56 AM:157
Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Cookie
Risk Level - High
Infection - Conversion 7search.com
3/31/2009 10:03:56 AM:392
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - VisitorInfo stopzilla.com
3/31/2009 10:03:56 AM:404
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - Conversion www.stopzilla.com
3/31/2009 10:03:56 AM:405
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - __utma stopzilla.com
3/31/2009 10:03:56 AM:405
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - __utmz stopzilla.com
3/31/2009 10:03:56 AM:457
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - HumanClickID server.iad.liveperson.net
3/31/2009 10:03:56 AM:529
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi kaspersky.122.2o7.net
3/31/2009 10:03:56 AM:731
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi cadburyschweppesamericas.112.2o7.net
3/31/2009 10:03:56 AM:779
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi brighthouse.122.2o7.net
3/31/2009 10:03:56 AM:832
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi msnportal.112.2o7.net
3/31/2009 10:03:56 AM:840
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi warnerbros.112.2o7.net
3/31/2009 10:03:56 AM:864
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi microsoftwindows.112.2o7.net
3/31/2009 10:03:56 AM:874
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ACOOKIE m.webtrends.com
3/31/2009 10:03:56 AM:886
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi avgtechnologies.112.2o7.net
3/31/2009 10:03:57 AM:551
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - DotomiRR2137 dotomi.com
3/31/2009 10:03:57 AM:625
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_kx7Cmx7Cix7Eacax3Dx3E5 2o7.net
3/31/2009 10:03:57 AM:625
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_nyhylx7B8x3C8 2o7.net
3/31/2009 10:03:57 AM:637
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_jcyonx7Eyjabola 2o7.net
3/31/2009 10:03:58 AM:94
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - idrxvr xiti.com
3/31/2009 10:03:58 AM:479
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - _12451_visitFlag www.w3counter.com
3/31/2009 10:04:11 AM:265
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, avp.exe
3/31/2009 10:04:11 AM:267
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, klif.sys
3/31/2009 10:04:11 AM:268
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, mrt.exe
3/31/2009 10:04:11 AM:270
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, spybotsd.exe
3/31/2009 10:04:11 AM:271
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, sasdifsv.sys
3/31/2009 10:04:11 AM:272
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, saskutil.sys
3/31/2009 10:04:11 AM:274
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, sasenum.sys
3/31/2009 10:04:11 AM:276
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, superantispyware.exe
3/31/2009 10:04:11 AM:277
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, szkg.sys
3/31/2009 10:04:11 AM:278
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, szserver.exe
3/31/2009 10:04:11 AM:280
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, mbam.exe
3/31/2009 10:04:11 AM:281
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, mbamswissarmy.sys
3/31/2009 10:04:11 AM:283
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, pctssvc.sys
3/31/2009 10:04:11 AM:284
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, pctcore.sys
3/31/2009 10:04:11 AM:285
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, mchinjdrv.sys
3/31/2009 10:04:11 AM:286
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed
3/31/2009 10:04:11 AM:287
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx
3/31/2009 10:04:17 AM:806
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\SERVICES\GAOPDXSERV.SYS
3/31/2009 10:04:17 AM:808
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\SERVICES\GAOPDXSERV.SYS
3/31/2009 10:04:17 AM:810
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\GAOPDXSERV.SYS
3/31/2009 10:04:20 AM:671
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_CLASSES_ROOT\videoshow\CLSID, (Default)
3/31/2009 10:04:20 AM:671
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_CLASSES_ROOT\videoshow\CLSID
3/31/2009 10:04:20 AM:672
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_CLASSES_ROOT\videoshow
3/31/2009 10:06:00 AM:148
Infection was detected on this computer
Threat Name - Trojan-PWS.Bancos.PWN
Type - File
Risk Level - Medium
Infection - C:\Windows\SYSTEM32\drivers\ziqbvkb.sys
3/31/2009 10:06:00 AM:149
Infection was detected on this computer
Threat Name - Trojan-PWS.Bancos.PWN
Type - Startup
Risk Level - Medium
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hqrvhhka, ImagePath = system32\drivers\ziqbvkb.sys
3/31/2009 10:06:00 AM:150
Infection was detected on this computer
Threat Name - Trojan-PWS.Bancos.PWN
Type - Startup
Risk Level - Medium
Infection - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hqrvhhka, ImagePath = system32\drivers\ziqbvkb.sys
3/31/2009 10:07:00 AM:236
Scan Finished
Scan Type - Intelli-Scan
Items Processed - 152737
Threats Detected - 5
Infections Detected - 81
Infections Ignored - 0
3/31/2009 10:08:28 AM:452
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - _12451_visitFlag www.w3counter.com
3/31/2009 10:08:28 AM:554
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - idrxvr xiti.com
3/31/2009 10:08:28 AM:735
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_jcyonx7Eyjabola 2o7.net
3/31/2009 10:08:28 AM:752
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_nyhylx7B8x3C8 2o7.net
3/31/2009 10:08:28 AM:769
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_kx7Cmx7Cix7Eacax3Dx3E5 2o7.net
3/31/2009 10:08:28 AM:784
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi avgtechnologies.112.2o7.net
3/31/2009 10:08:28 AM:912
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ACOOKIE m.webtrends.com
3/31/2009 10:08:28 AM:927
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi microsoftwindows.112.2o7.net
3/31/2009 10:08:28 AM:944
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi warnerbros.112.2o7.net
3/31/2009 10:08:28 AM:960
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi msnportal.112.2o7.net
3/31/2009 10:08:28 AM:976
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi brighthouse.122.2o7.net
3/31/2009 10:08:28 AM:992
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi cadburyschweppesamericas.112.2o7.net
3/31/2009 10:08:29 AM:9
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi kaspersky.122.2o7.net
3/31/2009 10:08:29 AM:231
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - __utmz stopzilla.com
3/31/2009 10:08:29 AM:249
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - __utma stopzilla.com
3/31/2009 10:08:29 AM:267
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - Conversion www.stopzilla.com
3/31/2009 10:08:29 AM:284
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - VisitorInfo stopzilla.com
3/31/2009 10:08:29 AM:423
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - NCPID ncp.imrworldwide.com
3/31/2009 10:08:29 AM:441
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi msnbc.112.2o7.net
3/31/2009 10:08:29 AM:469
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi foxinteractivemedia.122.2o7.net
3/31/2009 10:08:29 AM:591
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - U serving-sys.com
3/31/2009 10:08:29 AM:607
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi bonneville.112.2o7.net
3/31/2009 10:08:29 AM:622
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_nmnuoibxxix7Eom 2o7.net
3/31/2009 10:08:29 AM:752
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - WPIDB experts-exchange.com
3/31/2009 10:08:29 AM:767
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi experts-exchange.com
3/31/2009 10:08:29 AM:783
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - REFERRER experts-exchange.com
3/31/2009 10:08:29 AM:799
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - DLC experts-exchange.com
3/31/2009 10:08:29 AM:814
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - EECC_0 experts-exchange.com
3/31/2009 10:08:29 AM:829
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_lastvisit experts-exchange.com
3/31/2009 10:08:29 AM:846
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_nr experts-exchange.com
3/31/2009 10:08:29 AM:863
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vnum experts-exchange.com
3/31/2009 10:08:29 AM:879
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi msnonecare.112.2o7.net
3/31/2009 10:08:30 AM:24
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - cvt268 ic-live.com
3/31/2009 10:08:30 AM:192
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - x_didit_sid did-it.com
3/31/2009 10:08:30 AM:208
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - x_ncookie_tlog did-it.com
3/31/2009 10:08:30 AM:224
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - didguid did-it.com
3/31/2009 10:08:30 AM:245
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - cvt318 ic-live.com
3/31/2009 10:08:30 AM:262
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - pid2 ic-live.com
3/31/2009 10:08:30 AM:278
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ngx_userid ic-live.com
3/31/2009 10:08:30 AM:459
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - VID yadro.ru
3/31/2009 10:08:30 AM:568
Infection cleaned

drenda

2009-04-01, 07:06

part2

Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - IMRID imrworldwide.com
3/31/2009 10:08:30 AM:586
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - V5 imrworldwide.com
3/31/2009 10:08:30 AM:703
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - HSID homestore.com
3/31/2009 10:08:30 AM:826
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi trb.com
3/31/2009 10:08:30 AM:960
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - HumanClickID sales.liveperson.net
3/31/2009 10:08:31 AM:263
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - DotomiRR2137 dotomi.com
3/31/2009 10:08:31 AM:423
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - HumanClickID server.iad.liveperson.net
3/31/2009 10:08:31 AM:582
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - 4779_long_tracker azjmp.com
3/31/2009 10:08:31 AM:598
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - OAID azjmp.com
3/31/2009 10:08:31 AM:615
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - AZTD azjmp.com
3/31/2009 10:08:31 AM:749
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - directtrack_contextual_cash4creatives_9362 login.tracking101.com
3/31/2009 10:08:31 AM:765
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - DotomiNet dotomi.com
3/31/2009 10:08:31 AM:787
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - DotomiUser dotomi.com
3/31/2009 10:08:32 AM:24
Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Cookie
Risk Level - High
Infection - Conversion 7search.com
3/31/2009 10:08:32 AM:41
Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Cookie
Risk Level - High
Infection - SurferID 7search.com
3/31/2009 10:08:32 AM:165
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_CLASSES_ROOT\videoshow
3/31/2009 10:08:32 AM:171
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_CLASSES_ROOT\videoshow\CLSID
3/31/2009 10:08:32 AM:186
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_CLASSES_ROOT\videoshow\CLSID, (Default)
3/31/2009 10:08:32 AM:194
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\GAOPDXSERV.SYS
3/31/2009 10:08:32 AM:202
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\SERVICES\GAOPDXSERV.SYS
3/31/2009 10:08:32 AM:209
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\SERVICES\GAOPDXSERV.SYS
3/31/2009 10:08:32 AM:216
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx
3/31/2009 10:08:32 AM:221
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed
3/31/2009 10:08:32 AM:227
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, mchinjdrv.sys
3/31/2009 10:08:32 AM:232
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, pctcore.sys
3/31/2009 10:08:32 AM:238
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, pctssvc.sys
3/31/2009 10:08:32 AM:243
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, mbamswissarmy.sys
3/31/2009 10:08:32 AM:248
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, mbam.exe
3/31/2009 10:08:32 AM:256
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, szserver.exe
3/31/2009 10:08:32 AM:263
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, szkg.sys
3/31/2009 10:08:32 AM:269
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, superantispyware.exe
3/31/2009 10:08:32 AM:275
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, sasenum.sys
3/31/2009 10:08:32 AM:281
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, saskutil.sys
3/31/2009 10:08:32 AM:287
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, sasdifsv.sys
3/31/2009 10:08:32 AM:293
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, spybotsd.exe
3/31/2009 10:08:32 AM:300
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, mrt.exe
3/31/2009 10:08:32 AM:306
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, klif.sys
3/31/2009 10:08:32 AM:312
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, avp.exe
3/31/2009 10:08:32 AM:477
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_CLASSES_ROOT\videoshow
3/31/2009 10:08:32 AM:478
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_CLASSES_ROOT\videoshow\CLSID
3/31/2009 10:08:32 AM:478
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_CLASSES_ROOT\videoshow\CLSID, (Default)
3/31/2009 10:08:32 AM:479
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\GAOPDXSERV.SYS
3/31/2009 10:08:32 AM:480
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\SERVICES\GAOPDXSERV.SYS
3/31/2009 10:08:32 AM:481
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\SERVICES\GAOPDXSERV.SYS
3/31/2009 10:08:32 AM:482
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx
3/31/2009 10:08:32 AM:483
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed
3/31/2009 10:08:32 AM:483
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, mchinjdrv.sys
3/31/2009 10:08:32 AM:483
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, pctcore.sys
3/31/2009 10:08:32 AM:483
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, pctssvc.sys
3/31/2009 10:08:32 AM:483
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, mbamswissarmy.sys
3/31/2009 10:08:32 AM:485
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, mbam.exe
3/31/2009 10:08:32 AM:485
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, szserver.exe
3/31/2009 10:08:32 AM:485
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, szkg.sys
3/31/2009 10:08:32 AM:486
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, superantispyware.exe
3/31/2009 10:08:32 AM:486
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, sasenum.sys
3/31/2009 10:08:32 AM:486
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, saskutil.sys
3/31/2009 10:08:32 AM:486
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, sasdifsv.sys
3/31/2009 10:08:32 AM:486
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, spybotsd.exe
3/31/2009 10:08:32 AM:487
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, mrt.exe
3/31/2009 10:08:32 AM:487
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, klif.sys
3/31/2009 10:08:32 AM:487
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx\disallowed, avp.exe
3/31/2009 10:08:32 AM:581
Infection quarantined
Threat Name - Trojan-PWS.Bancos.PWN
Type - Startup
Risk Level - Medium
Infection - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hqrvhhka, ImagePath = system32\drivers\ziqbvkb.sys
3/31/2009 10:08:32 AM:594
Infection quarantined
Threat Name - Trojan-PWS.Bancos.PWN
Type - Startup
Risk Level - Medium
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hqrvhhka, ImagePath = system32\drivers\ziqbvkb.sys
3/31/2009 10:08:32 AM:616
Infection quarantined
Threat Name - Trojan-PWS.Bancos.PWN
Type - File
Risk Level - Medium
Infection - C:\Windows\SYSTEM32\drivers\ziqbvkb.sys
3/31/2009 10:08:32 AM:689
Infection cleaned
Threat Name - Trojan-PWS.Bancos.PWN
Type - Startup
Risk Level - Medium
Infection - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hqrvhhka, ImagePath = system32\drivers\ziqbvkb.sys
3/31/2009 10:08:32 AM:690
Infection cleaned
Threat Name - Trojan-PWS.Bancos.PWN
Type - Startup
Risk Level - Medium
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hqrvhhka, ImagePath = system32\drivers\ziqbvkb.sys
3/31/2009 10:08:32 AM:691
Infection cleaned
Threat Name - Trojan-PWS.Bancos.PWN
Type - File
Risk Level - Medium
Infection - C:\Windows\SYSTEM32\drivers\ziqbvkb.sys
3/31/2009 10:08:34 AM:911
Infections Quarantined/Removed Summary
Quarantined - 26
Quarantine Failed - 0
Removed - 81
Remove Failed - 0
3/31/2009 10:10:25 AM:183
Service Stopped
Spyware Doctor Service Application Stopped
3/31/2009 10:12:24 AM:47
Service Started
Spyware Doctor Service Application started
3/31/2009 10:12:24 AM:48
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/31/2009 10:12:33 AM:940
Scan Started
Scan Type - Intelli-Scan
3/31/2009 10:12:33 AM:940
Startup Scan
Initialising Startup Scan:Intelli-Scan of this computer
3/31/2009 10:13:48 AM:771
Scan Finished
Scan Type - Intelli-Scan
Items Processed - 0
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0
3/31/2009 10:36:37 AM:835
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/31/2009 11:15:14 AM:284
Service Stopped
Spyware Doctor Service Application Stopped
3/31/2009 11:17:05 AM:884
Service Started
Spyware Doctor Service Application started
3/31/2009 11:17:05 AM:884
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/31/2009 11:17:05 AM:954
IntelliGuards status
All IntelliGuards were Enabled
3/31/2009 11:17:06 AM:304
Immunizer Results
ActiveX section has been immunized. No items were processed.
3/31/2009 11:17:38 AM:614
Scan Started
Scan Type - Intelli-Scan
3/31/2009 11:17:38 AM:614
Startup Scan
Initialising Startup Scan:Intelli-Scan of this computer
3/31/2009 11:20:20 AM:826
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.ebates.com
3/31/2009 11:20:21 AM:461
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.angelfire.com
3/31/2009 11:20:24 AM:909
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.pcstats.com
3/31/2009 11:20:30 AM:138
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - login.tracking101.com
3/31/2009 11:20:33 AM:380
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - x.azjmp.com
3/31/2009 11:20:37 AM:870
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - m1432.ic-live.com
3/31/2009 11:20:38 AM:77
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.experts-exchange.com
3/31/2009 11:20:38 AM:91
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - secure.experts-exchange.com
3/31/2009 11:20:49 AM:781
Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Cookie
Risk Level - High
Infection - r0001.7search.com
3/31/2009 11:20:51 AM:337
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.stopzilla.com
3/31/2009 11:20:59 AM:837
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - view.atdmt.com
3/31/2009 11:21:01 AM:875
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - jayasd.malremoval.hop.clickbank.net
3/31/2009 11:21:04 AM:327
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - login.dotomi.com
3/31/2009 11:22:26 AM:671
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - File
Risk Level - High
Infection - C:\WINDOWS\SYSTEM32\gaopdxaruxnlmtpvntveiopoeowvwnekcsxhni.dll
3/31/2009 11:22:26 AM:686
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - File
Risk Level - High
Infection - C:\WINDOWS\SYSTEM32\DRIVERS\gaopdxchdidvpupyhrxipvbiiftwpprysosuva.sys
3/31/2009 11:22:35 AM:89
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\SERVICES\GAOPDXSERV.SYS
3/31/2009 11:22:35 AM:91
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\SERVICES\GAOPDXSERV.SYS
3/31/2009 11:22:35 AM:93
Infection was detected on this computer
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\GAOPDXSERV.SYS
3/31/2009 11:26:35 AM:495
Scan Finished
Scan Type - Intelli-Scan
Items Processed - 155200
Threats Detected - 4
Infections Detected - 18
Infections Ignored - 0
3/31/2009 11:31:31 AM:793
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.stopzilla.com
3/31/2009 11:31:31 AM:928
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - secure.experts-exchange.com
3/31/2009 11:31:31 AM:948
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.experts-exchange.com
3/31/2009 11:31:32 AM:53
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - m1432.ic-live.com
3/31/2009 11:31:32 AM:101
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.pcstats.com
3/31/2009 11:31:32 AM:163
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.angelfire.com
3/31/2009 11:31:32 AM:177
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.ebates.com
3/31/2009 11:31:33 AM:592
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - login.dotomi.com
3/31/2009 11:31:33 AM:636
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - jayasd.malremoval.hop.clickbank.net
3/31/2009 11:31:33 AM:645
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - view.atdmt.com
3/31/2009 11:31:33 AM:717
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - x.azjmp.com
3/31/2009 11:31:33 AM:832
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - login.tracking101.com
3/31/2009 11:31:34 AM:934
Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Cookie
Risk Level - High
Infection - r0001.7search.com
3/31/2009 11:31:43 AM:995
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\GAOPDXSERV.SYS
3/31/2009 11:31:44 AM:12
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\SERVICES\GAOPDXSERV.SYS
3/31/2009 11:31:44 AM:52
Infection quarantined
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\SERVICES\GAOPDXSERV.SYS
3/31/2009 11:31:44 AM:137
Infection quarantined
Threat Name - Trojan.TDSServ
Type - File
Risk Level - High
Infection - C:\WINDOWS\SYSTEM32\DRIVERS\gaopdxchdidvpupyhrxipvbiiftwpprysosuva.sys
3/31/2009 11:31:44 AM:199
Infection quarantined
Threat Name - Trojan.TDSServ
Type - File
Risk Level - High
Infection - C:\WINDOWS\SYSTEM32\gaopdxaruxnlmtpvntveiopoeowvwnekcsxhni.dll
3/31/2009 11:31:44 AM:652
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\GAOPDXSERV.SYS
3/31/2009 11:31:44 AM:654
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\SERVICES\GAOPDXSERV.SYS
3/31/2009 11:31:44 AM:655
Infection cleaned
Threat Name - Trojan.TDSServ
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\SERVICES\GAOPDXSERV.SYS
3/31/2009 11:31:44 AM:657
Infection cleaned
Threat Name - Trojan.TDSServ
Type - File
Risk Level - High
Infection - C:\WINDOWS\SYSTEM32\DRIVERS\gaopdxchdidvpupyhrxipvbiiftwpprysosuva.sys
3/31/2009 11:31:44 AM:660
Infection cleaned
Threat Name - Trojan.TDSServ
Type - File
Risk Level - High
Infection - C:\WINDOWS\SYSTEM32\gaopdxaruxnlmtpvntveiopoeowvwnekcsxhni.dll
3/31/2009 11:31:48 AM:351
Infections Quarantined/Removed Summary
Quarantined - 5
Quarantine Failed - 0
Removed - 18
Remove Failed - 0
3/31/2009 11:53:53 AM:600
Service Started
Spyware Doctor Service Application started
3/31/2009 11:53:53 AM:601
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/31/2009 11:54:03 AM:972
Scan Started
Scan Type - Intelli-Scan
3/31/2009 11:54:03 AM:973
Startup Scan
Initialising Startup Scan:Intelli-Scan of this computer
3/31/2009 11:55:29 AM:47
Scan Finished
Scan Type - Intelli-Scan
Items Processed - 0
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0
3/31/2009 4:25:29 PM:148
Service Stopped
Spyware Doctor Service Application Stopped
3/31/2009 4:27:32 PM:207
Service Started
Spyware Doctor Service Application started
3/31/2009 4:27:32 PM:207
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/31/2009 4:27:32 PM:307
IntelliGuards status
All IntelliGuards were Enabled
3/31/2009 4:27:33 PM:57
Immunizer Results
ActiveX section has been immunized. No items were processed.
3/31/2009 4:28:13 PM:327
Scan Started
Scan Type - Intelli-Scan
3/31/2009 4:28:13 PM:327
Startup Scan
Initialising Startup Scan:Intelli-Scan of this computer
3/31/2009 4:31:10 PM:643
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ar.atwola.com/ ar.atwola.com
3/31/2009 4:31:11 PM:5
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - at.atwola.com/ at.atwola.com
3/31/2009 4:31:11 PM:13
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - atwola.com/ atwola.com
3/31/2009 4:31:11 PM:233
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - cdn.at.atwola.com/ cdn.at.atwola.com
3/31/2009 4:32:17 PM:335
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi kaspersky.122.2o7.net
3/31/2009 4:32:17 PM:942
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.ebates.com
3/31/2009 4:32:18 PM:649
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.angelfire.com
3/31/2009 4:32:21 PM:468
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.pcstats.com
3/31/2009 4:32:26 PM:728
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - login.tracking101.com
3/31/2009 4:32:29 PM:465
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - x.azjmp.com
3/31/2009 4:32:34 PM:136
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - m1432.ic-live.com
3/31/2009 4:32:34 PM:344
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.experts-exchange.com
3/31/2009 4:32:34 PM:359
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - secure.experts-exchange.com
3/31/2009 4:32:45 PM:658
Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Cookie
Risk Level - High
Infection - r0001.7search.com
3/31/2009 4:32:46 PM:461
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.stopzilla.com
3/31/2009 4:32:50 PM:689
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - view.atdmt.com
3/31/2009 4:32:53 PM:366
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - jayasd.malremoval.hop.clickbank.net
3/31/2009 4:32:55 PM:163
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - login.dotomi.com
3/31/2009 4:36:11 PM:564
Scan Finished
Scan Type - Intelli-Scan
Items Processed - 155179
Threats Detected - 3
Infections Detected - 18
Infections Ignored - 0
3/31/2009 4:37:30 PM:149
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.stopzilla.com
3/31/2009 4:37:31 PM:431
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - secure.experts-exchange.com
3/31/2009 4:37:31 PM:996
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.experts-exchange.com
3/31/2009 4:37:32 PM:787
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - m1432.ic-live.com
3/31/2009 4:37:33 PM:752
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.pcstats.com
3/31/2009 4:37:34 PM:502
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.angelfire.com
3/31/2009 4:37:35 PM:391
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.ebates.com
3/31/2009 4:37:36 PM:415
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi kaspersky.122.2o7.net
3/31/2009 4:37:36 PM:417
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - cdn.at.atwola.com/ cdn.at.atwola.com
3/31/2009 4:37:36 PM:417
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - atwola.com/ atwola.com
3/31/2009 4:37:36 PM:418
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - at.atwola.com/ at.atwola.com
3/31/2009 4:37:36 PM:420
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ar.atwola.com/ ar.atwola.com
3/31/2009 4:37:37 PM:993
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - login.dotomi.com
3/31/2009 4:37:39 PM:991
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - jayasd.malremoval.hop.clickbank.net
3/31/2009 4:37:41 PM:195
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - view.atdmt.com
3/31/2009 4:37:41 PM:568
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - x.azjmp.com
3/31/2009 4:37:42 PM:36
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - login.tracking101.com
3/31/2009 4:37:42 PM:645
Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Cookie
Risk Level - High
Infection - r0001.7search.com
3/31/2009 4:37:44 PM:928
Infections Quarantined/Removed Summary
Quarantined - 0
Quarantine Failed - 0
Removed - 18
Remove Failed - 0
3/31/2009 4:57:43 PM:187
Immunizer Results
ActiveX section has been immunized. No items were processed.
3/31/2009 6:00:14 PM:139
Scan Started
Scan Type - Intelli-Scan
3/31/2009 6:00:14 PM:164
Scheduled task started
Initializing Scheduled task: Intelli-Scan of this computer
3/31/2009 6:00:43 PM:178
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - atwola.com/ atwola.com
3/31/2009 6:04:12 PM:376
Scan Finished
Scan Type - Intelli-Scan
Items Processed - 152287
Threats Detected - 1
Infections Detected - 1
Infections Ignored - 0
3/31/2009 6:05:28 PM:581
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - atwola.com/ atwola.com
3/31/2009 6:05:30 PM:723
Infections Quarantined/Removed Summary
Quarantined - 0
Quarantine Failed - 0
Removed - 1
Remove Failed - 0
3/31/2009 6:06:24 PM:117
Scan Started
Scan Type - Full Scan
3/31/2009 6:08:05 PM:172
Infection was detected on this computer
Threat Name - Trojan.VB.BFP
Type - File
Risk Level - Elevated
Infection - C:\Config.Msi\35fe3f.rbf
3/31/2009 6:37:03 PM:163
Infection was detected on this computer
Threat Name - Trojan.VB.BFP
Type - File
Risk Level - Elevated
Infection - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
3/31/2009 6:40:24 PM:798
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - File
Risk Level - Info & PUAs
Infection - C:\ProgramData\PC Tools\PC Tools AntiVirus\Temp\COMBOFIX.EXE341\32788R22FWJFW\ERDNT.e_e
3/31/2009 6:40:29 PM:776
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - File
Risk Level - Info & PUAs
Infection - C:\ProgramData\PC Tools\PC Tools AntiVirus\Temp\COMBOFIX.EXE341\32788R22FWJFW\swxcacls.cfexe
3/31/2009 7:07:10 PM:972
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - File
Risk Level - Info & PUAs
Infection - C:\Windows\ERDNT\3-25-2009\ERDNT.EXE
3/31/2009 7:43:44 PM:275
Scan Finished
Scan Type - Full Scan
Items Processed - 331187
Threats Detected - 2
Infections Detected - 5
Infections Ignored - 0
3/31/2009 7:48:24 PM:356
Infection quarantined
Threat Name - Trojan.VB.BFP
Type - File
Risk Level - Elevated
Infection - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
3/31/2009 7:48:24 PM:520
Infection quarantined
Threat Name - Trojan.VB.BFP
Type - File
Risk Level - Elevated
Infection - C:\Config.Msi\35fe3f.rbf
3/31/2009 7:48:25 PM:6
Infection cleaned
Threat Name - Trojan.VB.BFP
Type - File
Risk Level - Elevated
Infection - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
3/31/2009 7:48:25 PM:48
Infection cleaned
Threat Name - Trojan.VB.BFP
Type - File
Risk Level - Elevated
Infection - C:\Config.Msi\35fe3f.rbf
3/31/2009 7:48:26 PM:224
Infection quarantined
Threat Name - Application.NirCmd
Type - File
Risk Level - Info & PUAs
Infection - C:\Windows\ERDNT\3-25-2009\ERDNT.EXE
3/31/2009 7:48:26 PM:963
Infection quarantined
Threat Name - Application.NirCmd
Type - File
Risk Level - Info & PUAs
Infection - C:\ProgramData\PC Tools\PC Tools AntiVirus\Temp\COMBOFIX.EXE341\32788R22FWJFW\swxcacls.cfexe
3/31/2009 7:48:27 PM:257
Infection quarantined
Threat Name - Application.NirCmd
Type - File
Risk Level - Info & PUAs
Infection - C:\ProgramData\PC Tools\PC Tools AntiVirus\Temp\COMBOFIX.EXE341\32788R22FWJFW\ERDNT.e_e
3/31/2009 7:48:27 PM:603
Infection cleaned
Threat Name - Application.NirCmd
Type - File
Risk Level - Info & PUAs
Infection - C:\Windows\ERDNT\3-25-2009\ERDNT.EXE
3/31/2009 7:48:27 PM:604
Infection cleaned
Threat Name - Application.NirCmd
Type - File
Risk Level - Info & PUAs
Infection - C:\ProgramData\PC Tools\PC Tools AntiVirus\Temp\COMBOFIX.EXE341\32788R22FWJFW\swxcacls.cfexe
3/31/2009 7:48:27 PM:605
Infection cleaned
Threat Name - Application.NirCmd
Type - File
Risk Level - Info & PUAs
Infection - C:\ProgramData\PC Tools\PC Tools AntiVirus\Temp\COMBOFIX.EXE341\32788R22FWJFW\ERDNT.e_e
3/31/2009 7:48:30 PM:437
Infections Quarantined/Removed Summary
Quarantined - 5
Quarantine Failed - 0
Removed - 5
Remove Failed - 0
3/31/2009 9:05:03 PM:588
Service Started
Spyware Doctor Service Application started
3/31/2009 9:05:03 PM:588
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/31/2009 9:05:03 PM:648
IntelliGuards status
All IntelliGuards were Enabled
3/31/2009 9:05:03 PM:968
Immunizer Results
ActiveX section has been immunized. No items were processed.
3/31/2009 9:05:35 PM:208
Scan Started
Scan Type - Intelli-Scan
3/31/2009 9:05:35 PM:208
Startup Scan
Initialising Startup Scan:Intelli-Scan of this computer
3/31/2009 9:09:07 PM:538
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi avgtechnologies.112.2o7.net
3/31/2009 9:12:42 PM:172
Scan Finished
Scan Type - Intelli-Scan
Items Processed - 154864
Threats Detected - 1
Infections Detected - 1
Infections Ignored - 0
3/31/2009 9:25:24 PM:935
Immunizer Results
ActiveX section has been immunized. No items were processed.

Shaba

2009-04-01, 07:23

Please download GMER (http://gmer.net/gmer.zip) by GMER. An alternate download site (http://www2.gmer.net/).
Unzip it to a folder on your desktop.
Double click on gmer.exe to execute.
If asked, allow the gmer.sys driver load.
If you get a warning prompt about rootkit activity ... asking if you want to run Scan, click OK.
If you don't get a warning then... Click the Rootkit/Malware tab at the top of the GMER window.
Click the Scan button. Once the scan has finished... click Copy. ... Do not close the GMER window yet...
Open Notepad and paste what you copied. Ctrl+V
Select "Save As" in Notepad...saving the file to your desktop as "gmerroot.txt"... then close Notepad.

In the GMER window...
Click on the >>> tab at the top of the GMER window.
This displays the rest of the "selection" tabs for you.
Click on the Autostart tab.
Click on Scan button.
Once the scan has finished... click Copy.
Open Notepad (again) and paste what you copied. Ctrl+V
Select "Save As" in Notepad...saving the file to your desktop as "gmerauto.txt"
Copy and paste the contents of the files gmerroot.txt and gmerauto.txt in you next reply.

drenda

2009-04-01, 17:09

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-01 09:59:46
Windows 6.0.6001 Service Pack 1

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcess [0x8C3BD794]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcessEx [0x8C3BDF1E]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwTerminateProcess [0x8C3BCD0A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0x8C3BC384]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateUserProcess [0x8C3BE6B6]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 43C 81CC7A00 8 Bytes [94, D7, 3B, 8C, 1E, DF, 3B, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 854 81CC7E18 4 Bytes [0A, CD, 3B, 8C]
.text ntkrnlpa.exe!KeSetTimerEx + 8B4 81CC7E78 4 Bytes JMP BD9002FE
.text ntkrnlpa.exe!KeSetTimerEx + 918 81CC7EDC 4 Bytes [B6, E6, 3B, 8C]
? C:\Windows\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\Update\GoogleUpdate.exe[332] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[332] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Google\Update\GoogleUpdate.exe[332] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[332] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[332] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[332] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[332] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[332] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Google\Update\GoogleUpdate.exe[332] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[332] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Google\Update\GoogleUpdate.exe[332] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[332] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[332] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Google\Update\GoogleUpdate.exe[332] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\Update\GoogleUpdate.exe[332] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Google\Update\GoogleUpdate.exe[332] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[348] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[348] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[348] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[348] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[348] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[348] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[348] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[348] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\wbem\wmiprvse.exe[348] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[348] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[348] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[348] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[348] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[348] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[348] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[348] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[352] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[352] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Defender\MSASCui.exe[352] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[352] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Windows Defender\MSASCui.exe[352] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[352] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Windows Defender\MSASCui.exe[352] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[352] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Windows Defender\MSASCui.exe[352] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[352] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Windows Defender\MSASCui.exe[352] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[352] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Windows Defender\MSASCui.exe[352] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[352] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[352] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[352] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\taskeng.exe[428] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[428] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\taskeng.exe[428] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[428] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\taskeng.exe[428] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[428] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\taskeng.exe[428] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[428] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\taskeng.exe[428] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[428] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\taskeng.exe[428] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[428] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\taskeng.exe[428] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\taskeng.exe[428] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[428] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\taskeng.exe[428] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\csrss.exe[496] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[496] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\csrss.exe[496] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[496] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\csrss.exe[496] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[496] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\csrss.exe[496] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[496] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\csrss.exe[496] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[496] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\csrss.exe[496] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[496] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\csrss.exe[496] KERNEL32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\csrss.exe[496] KERNEL32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\csrss.exe[496] KERNEL32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\csrss.exe[496] KERNEL32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\wininit.exe[548] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[548] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\wininit.exe[548] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[548] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\wininit.exe[548] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[548] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\wininit.exe[548] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[548] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\wininit.exe[548] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[548] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\wininit.exe[548] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[548] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\wininit.exe[548] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\wininit.exe[548] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wininit.exe[548] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\wininit.exe[548] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\csrss.exe[560] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[560] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\csrss.exe[560] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[560] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\csrss.exe[560] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[560] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\csrss.exe[560] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[560] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\csrss.exe[560] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[560] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\csrss.exe[560] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[560] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\csrss.exe[560] KERNEL32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\csrss.exe[560] KERNEL32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\csrss.exe[560] KERNEL32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\csrss.exe[560] KERNEL32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\services.exe[592] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[592] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\services.exe[592] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[592] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\services.exe[592] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[592] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\services.exe[592] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[592] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\services.exe[592] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[592] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\services.exe[592] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[592] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\services.exe[592] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\services.exe[592] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\services.exe[592] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\services.exe[592] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\winlogon.exe[620] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[620] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\winlogon.exe[620] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[620] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\winlogon.exe[620] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[620] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\winlogon.exe[620] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[620] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\winlogon.exe[620] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[620] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\winlogon.exe[620] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[620] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\winlogon.exe[620] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\winlogon.exe[620] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\winlogon.exe[620] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\winlogon.exe[620] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\lsm.exe[644] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[644] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\lsm.exe[644] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[644] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\lsm.exe[644] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[644] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\lsm.exe[644] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[644] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\lsm.exe[644] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[644] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\lsm.exe[644] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[644] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\lsm.exe[644] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\lsm.exe[644] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsm.exe[644] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\lsm.exe[644] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\taskeng.exe[776] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[776] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\taskeng.exe[776] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[776] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\taskeng.exe[776] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[776] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\taskeng.exe[776] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[776] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\taskeng.exe[776] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[776] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\taskeng.exe[776] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[776] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\taskeng.exe[776] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\taskeng.exe[776] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[776] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A

drenda

2009-04-01, 17:12

.text C:\Windows\system32\taskeng.exe[776] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[780] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[780] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[780] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[780] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[780] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[780] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[780] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[780] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[780] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[780] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[780] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[780] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[780] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[780] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[780] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[780] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[792] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[792] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[792] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[792] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[792] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[792] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[792] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[792] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[792] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[792] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[792] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[792] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[792] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[792] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[792] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\svchost.exe[792] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Digital Line Detect\DLG.exe[800] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[800] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Digital Line Detect\DLG.exe[800] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[800] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Digital Line Detect\DLG.exe[800] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[800] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Digital Line Detect\DLG.exe[800] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[800] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Digital Line Detect\DLG.exe[800] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[800] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Digital Line Detect\DLG.exe[800] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[800] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Digital Line Detect\DLG.exe[800] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Digital Line Detect\DLG.exe[800] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Digital Line Detect\DLG.exe[800] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Digital Line Detect\DLG.exe[800] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\System32\svchost.exe[888] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\System32\svchost.exe[888] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[888] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\System32\svchost.exe[888] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[968] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[968] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[968] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[968] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[968] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[968] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[968] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[968] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[968] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[968] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[968] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[968] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[968] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[968] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[968] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[968] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\Ati2evxx.exe[1004] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1004] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\Ati2evxx.exe[1004] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1004] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1004] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1004] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1004] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1004] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\Ati2evxx.exe[1004] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1004] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\Ati2evxx.exe[1004] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1004] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1004] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\Ati2evxx.exe[1004] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Ati2evxx.exe[1004] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\Ati2evxx.exe[1004] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[1288] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1288] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1288] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1288] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[1288] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1288] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1288] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1288] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1288] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1288] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[1288] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1288] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[1288] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[1288] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1288] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\svchost.exe[1288] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\Ati2evxx.exe[1400] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1400] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\Ati2evxx.exe[1400] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1400] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1400] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1400] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1400] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1400] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\Ati2evxx.exe[1400] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1400] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\Ati2evxx.exe[1400] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1400] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1400] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\Ati2evxx.exe[1400] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Ati2evxx.exe[1400] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\Ati2evxx.exe[1400] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\WindowsMobile\wmdc.exe[1424] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\WindowsMobile\wmdc.exe[1424] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\WindowsMobile\wmdc.exe[1424] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\WindowsMobile\wmdc.exe[1424] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\WindowsMobile\wmdc.exe[1424] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\WindowsMobile\wmdc.exe[1424] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\WindowsMobile\wmdc.exe[1424] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\WindowsMobile\wmdc.exe[1424] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\WindowsMobile\wmdc.exe[1424] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\WindowsMobile\wmdc.exe[1424] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\WindowsMobile\wmdc.exe[1424] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\WindowsMobile\wmdc.exe[1424] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\WindowsMobile\wmdc.exe[1424] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\WindowsMobile\wmdc.exe[1424] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\WindowsMobile\wmdc.exe[1424] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\WindowsMobile\wmdc.exe[1424] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[1548] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1548] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1548] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1548] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[1548] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1548] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1548] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1548] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1548] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1548] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[1548] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1548] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[1548] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[1548] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1548] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\svchost.exe[1548] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1572] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1572] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1572] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1572] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1572] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1572] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1572] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1572] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1572] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1572] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1572] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1572] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1572] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1572] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1572] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1572] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1744] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1744] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1744] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1744] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1744] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1744] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1744] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1744] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1744] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1744] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1744] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1744] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1744] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1744] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1744] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1744] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1768] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1768] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1768] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1768] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1768] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1768] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1768] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1768] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1768] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1768] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1768] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1768] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1768] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1768] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1768] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1768] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\Dwm.exe[1784] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1784] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\Dwm.exe[1784] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1784] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\Dwm.exe[1784] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1784] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\Dwm.exe[1784] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1784] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\Dwm.exe[1784] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1784] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\Dwm.exe[1784] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1784] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\Dwm.exe[1784] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\Dwm.exe[1784] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Dwm.exe[1784] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\Dwm.exe[1784] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\WLANExt.exe[1832] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WLANExt.exe[1832] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\WLANExt.exe[1832] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WLANExt.exe[1832] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\WLANExt.exe[1832] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WLANExt.exe[1832] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\WLANExt.exe[1832] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WLANExt.exe[1832] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\WLANExt.exe[1832] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WLANExt.exe[1832] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\WLANExt.exe[1832] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WLANExt.exe[1832] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\WLANExt.exe[1832] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\WLANExt.exe[1832] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\WLANExt.exe[1832] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\WLANExt.exe[1832] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\Explorer.EXE[1868] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1868] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\Explorer.EXE[1868] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1868] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\Explorer.EXE[1868] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1868] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\Explorer.EXE[1868] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1868] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\Explorer.EXE[1868] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1868] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\Explorer.EXE[1868] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1868] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\Explorer.EXE[1868] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\Explorer.EXE[1868] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\Explorer.EXE[1868] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\Explorer.EXE[1868] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\System32\spoolsv.exe[1912] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1912] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\System32\spoolsv.exe[1912] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1912] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\System32\spoolsv.exe[1912] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1912] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\System32\spoolsv.exe[1912] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1912] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}

drenda

2009-04-01, 17:14

.text C:\Windows\System32\spoolsv.exe[1912] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1912] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\System32\spoolsv.exe[1912] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1912] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\System32\spoolsv.exe[1912] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\System32\spoolsv.exe[1912] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\spoolsv.exe[1912] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\System32\spoolsv.exe[1912] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\taskeng.exe[1980] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1980] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\taskeng.exe[1980] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1980] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\taskeng.exe[1980] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1980] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\taskeng.exe[1980] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1980] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\taskeng.exe[1980] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1980] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\taskeng.exe[1980] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1980] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\taskeng.exe[1980] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\taskeng.exe[1980] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[1980] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\taskeng.exe[1980] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[2220] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[2220] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[2220] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[2220] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[2220] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[2220] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[2220] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[2220] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[2220] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[2220] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[2220] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[2220] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[2220] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[2220] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[2220] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[2220] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2228] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2228] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[2228] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2228] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2228] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2228] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2228] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2228] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Java\jre6\bin\jusched.exe[2228] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2228] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[2228] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2228] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2228] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2228] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2228] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2228] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2252] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2252] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2252] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2252] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2252] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2252] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2252] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2252] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2252] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2252] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2252] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2252] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2252] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2252] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2252] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2252] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\aestsrv.exe[2292] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\aestsrv.exe[2292] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\aestsrv.exe[2292] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\aestsrv.exe[2292] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\aestsrv.exe[2292] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\aestsrv.exe[2292] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\aestsrv.exe[2292] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\aestsrv.exe[2292] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\aestsrv.exe[2292] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\aestsrv.exe[2292] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\aestsrv.exe[2292] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\aestsrv.exe[2292] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\aestsrv.exe[2292] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\aestsrv.exe[2292] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\aestsrv.exe[2292] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\aestsrv.exe[2292] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2324] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2324] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2324] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2324] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2324] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2324] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2324] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2324] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2324] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2324] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2324] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2324] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2324] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2324] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2324] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2324] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2336] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2336] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[2336] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2336] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2336] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2336] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2336] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2336] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Bonjour\mDNSResponder.exe[2336] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2336] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[2336] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2336] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2336] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2336] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2336] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2336] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[2356] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2356] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[2356] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2356] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[2356] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2356] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[2356] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2356] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[2356] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2356] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[2356] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2356] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[2356] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[2356] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[2356] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\svchost.exe[2356] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\CSHelper.exe[2376] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CSHelper.exe[2376] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\CSHelper.exe[2376] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CSHelper.exe[2376] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\CSHelper.exe[2376] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CSHelper.exe[2376] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\CSHelper.exe[2376] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CSHelper.exe[2376] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\CSHelper.exe[2376] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CSHelper.exe[2376] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\CSHelper.exe[2376] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CSHelper.exe[2376] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\CSHelper.exe[2376] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\CSHelper.exe[2376] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\CSHelper.exe[2376] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\CSHelper.exe[2376] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\wbem\unsecapp.exe[2396] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[2396] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\wbem\unsecapp.exe[2396] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[2396] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\wbem\unsecapp.exe[2396] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[2396] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\wbem\unsecapp.exe[2396] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[2396] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\wbem\unsecapp.exe[2396] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[2396] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\wbem\unsecapp.exe[2396] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[2396] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\wbem\unsecapp.exe[2396] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[2396] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wbem\unsecapp.exe[2396] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\wbem\unsecapp.exe[2396] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A

drenda

2009-04-01, 17:16

.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2492] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2492] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2492] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2492] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2492] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2492] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2492] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2492] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2492] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2492] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2492] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2492] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2492] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2492] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2492] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2492] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[2544] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2544] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[2544] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2544] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[2544] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2544] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[2544] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2544] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[2544] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2544] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[2544] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2544] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[2544] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[2544] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[2544] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\svchost.exe[2544] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[2580] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2580] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[2580] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2580] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[2580] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2580] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[2580] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2580] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[2580] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2580] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[2580] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2580] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\svchost.exe[2580] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2592] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2592] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2592] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2592] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2592] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2592] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2592] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2592] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2592] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2592] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2592] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2592] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2592] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2592] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2592] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2592] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\AIM6\aolsoftware.exe[2628] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aolsoftware.exe[2628] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\AIM6\aolsoftware.exe[2628] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aolsoftware.exe[2628] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\AIM6\aolsoftware.exe[2628] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aolsoftware.exe[2628] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\AIM6\aolsoftware.exe[2628] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aolsoftware.exe[2628] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\AIM6\aolsoftware.exe[2628] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aolsoftware.exe[2628] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\AIM6\aolsoftware.exe[2628] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aolsoftware.exe[2628] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\AIM6\aolsoftware.exe[2628] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\AIM6\aolsoftware.exe[2628] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\AIM6\aolsoftware.exe[2628] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\AIM6\aolsoftware.exe[2628] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\ehome\ehmsas.exe[2636] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[2636] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\ehome\ehmsas.exe[2636] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[2636] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\ehome\ehmsas.exe[2636] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[2636] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\ehome\ehmsas.exe[2636] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[2636] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\ehome\ehmsas.exe[2636] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[2636] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\ehome\ehmsas.exe[2636] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[2636] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\ehome\ehmsas.exe[2636] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\ehome\ehmsas.exe[2636] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehmsas.exe[2636] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\ehome\ehmsas.exe[2636] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2712] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2712] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2712] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2712] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2712] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2712] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2712] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2712] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2712] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2712] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2712] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2712] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2712] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2712] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2712] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2712] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[2716] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[2716] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[2716] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[2716] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[2716] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[2716] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[2716] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[2716] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[2716] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[2716] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[2716] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[2716] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[2716] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[2716] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[2716] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[2716] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2744] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2744] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2744] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2744] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2744] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2744] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2744] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2744] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2744] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2744] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2744] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2744] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2744] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2744] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2744] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2744] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[2756] kernel32.dll!CreateThread + 1A 76F146E2 4 Bytes CALL 0044A809 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\Windows\ehome\ehtray.exe[2788] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[2788] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\ehome\ehtray.exe[2788] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[2788] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\ehome\ehtray.exe[2788] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[2788] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\ehome\ehtray.exe[2788] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[2788] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\ehome\ehtray.exe[2788] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[2788] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\ehome\ehtray.exe[2788] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[2788] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\ehome\ehtray.exe[2788] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\ehome\ehtray.exe[2788] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehtray.exe[2788] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\ehome\ehtray.exe[2788] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A

drenda

2009-04-01, 17:17

.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2896] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2896] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2896] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2896] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2896] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2896] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2896] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2896] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2896] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2896] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2896] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2896] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2896] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2896] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2896] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2896] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2904] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2904] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2904] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2904] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2904] kernel32.dll!CreateThread + 1A 76F146E2 4 Bytes CALL 0044A81D C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Windows\system32\STacSV.exe[2920] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\STacSV.exe[2920] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\STacSV.exe[2920] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\STacSV.exe[2920] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\STacSV.exe[2920] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\STacSV.exe[2920] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\STacSV.exe[2920] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\STacSV.exe[2920] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\STacSV.exe[2920] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\STacSV.exe[2920] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\STacSV.exe[2920] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\STacSV.exe[2920] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\STacSV.exe[2920] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\STacSV.exe[2920] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\STacSV.exe[2920] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\STacSV.exe[2920] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[3020] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3020] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[3020] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3020] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[3020] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3020] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[3020] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3020] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[3020] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3020] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[3020] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3020] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[3020] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[3020] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[3020] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\svchost.exe[3020] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3052] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3052] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3052] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3052] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3052] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3052] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3052] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3052] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3052] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3052] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3052] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3052] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3052] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3052] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3052] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3052] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\AIM6\aim6.exe[3064] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aim6.exe[3064] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\AIM6\aim6.exe[3064] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aim6.exe[3064] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\AIM6\aim6.exe[3064] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aim6.exe[3064] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\AIM6\aim6.exe[3064] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aim6.exe[3064] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\AIM6\aim6.exe[3064] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aim6.exe[3064] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\AIM6\aim6.exe[3064] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aim6.exe[3064] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\AIM6\aim6.exe[3064] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\AIM6\aim6.exe[3064] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\AIM6\aim6.exe[3064] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\AIM6\aim6.exe[3064] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3112] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3112] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3112] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3112] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3112] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3112] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3112] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3112] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3112] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3112] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3112] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3112] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3112] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3112] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3112] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3112] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3116] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\System32\svchost.exe[3124] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3124] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\System32\svchost.exe[3124] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3124] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\System32\svchost.exe[3124] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3124] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\System32\svchost.exe[3124] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3124] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\System32\svchost.exe[3124] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3124] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\System32\svchost.exe[3124] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3124] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\System32\svchost.exe[3124] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\System32\svchost.exe[3124] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[3124] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\System32\svchost.exe[3124] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3156] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3156] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3156] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3156] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3156] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3156] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3156] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3156] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3156] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3156] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3156] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3156] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3156] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3156] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3156] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[3156] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\SearchIndexer.exe[3188] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[3188] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\SearchIndexer.exe[3188] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[3188] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\SearchIndexer.exe[3188] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[3188] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\SearchIndexer.exe[3188] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[3188] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\SearchIndexer.exe[3188] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[3188] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\SearchIndexer.exe[3188] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[3188] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\SearchIndexer.exe[3188] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\SearchIndexer.exe[3188] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\SearchIndexer.exe[3188] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\SearchIndexer.exe[3188] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3236] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3236] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[3236] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3236] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3236] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3236] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3236] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3236] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\wbem\wmiprvse.exe[3236] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3236] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[3236] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3236] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3236] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3236] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3236] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3236] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\DRIVERS\xaudio.exe[3376] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\DRIVERS\xaudio.exe[3376] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\DRIVERS\xaudio.exe[3376] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\DRIVERS\xaudio.exe[3376] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\DRIVERS\xaudio.exe[3376] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\DRIVERS\xaudio.exe[3376] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\DRIVERS\xaudio.exe[3376] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\DRIVERS\xaudio.exe[3376] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\DRIVERS\xaudio.exe[3376] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\DRIVERS\xaudio.exe[3376] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\DRIVERS\xaudio.exe[3376] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\DRIVERS\xaudio.exe[3376] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\DRIVERS\xaudio.exe[3376] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\DRIVERS\xaudio.exe[3376] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\DRIVERS\xaudio.exe[3376] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\DRIVERS\xaudio.exe[3376] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3400] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3400] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3400] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3400] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3400] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3400] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3400] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3400] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3400] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3400] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3400] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3400] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3400] KERNEL32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3400] KERNEL32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3400] KERNEL32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3400] KERNEL32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A

drenda

2009-04-01, 17:19

.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[3500] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[3500] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[3500] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[3500] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[3500] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[3500] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[3500] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[3500] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[3500] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[3500] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[3500] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[3500] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[3500] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[3500] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[3500] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[3500] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3508] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3508] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3508] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3508] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3508] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3508] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3508] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3508] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3508] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3508] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3508] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3508] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3508] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3508] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3508] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3508] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Dell\QuickSet\quickset.exe[3712] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\quickset.exe[3712] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Dell\QuickSet\quickset.exe[3712] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\quickset.exe[3712] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Dell\QuickSet\quickset.exe[3712] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\quickset.exe[3712] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Dell\QuickSet\quickset.exe[3712] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\quickset.exe[3712] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Dell\QuickSet\quickset.exe[3712] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\quickset.exe[3712] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Dell\QuickSet\quickset.exe[3712] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\quickset.exe[3712] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Dell\QuickSet\quickset.exe[3712] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Dell\QuickSet\quickset.exe[3712] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Dell\QuickSet\quickset.exe[3712] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Dell\QuickSet\quickset.exe[3712] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3736] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3736] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3736] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3736] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3736] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3736] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3736] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3736] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3736] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3736] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3736] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3736] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3736] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3736] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3736] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3736] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\OEM02Mon.exe[3836] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\OEM02Mon.exe[3836] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\OEM02Mon.exe[3836] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\OEM02Mon.exe[3836] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\OEM02Mon.exe[3836] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\OEM02Mon.exe[3836] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\OEM02Mon.exe[3836] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\OEM02Mon.exe[3836] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\OEM02Mon.exe[3836] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\OEM02Mon.exe[3836] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\OEM02Mon.exe[3836] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\OEM02Mon.exe[3836] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\OEM02Mon.exe[3836] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\OEM02Mon.exe[3836] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\OEM02Mon.exe[3836] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\OEM02Mon.exe[3836] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[3936] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3936] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[3936] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3936] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[3936] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3936] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[3936] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3936] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\iTunes\iTunesHelper.exe[3936] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3936] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[3936] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3936] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[3936] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[3936] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[3936] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[3936] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\wbem\unsecapp.exe[4544] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[4544] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\wbem\unsecapp.exe[4544] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[4544] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\wbem\unsecapp.exe[4544] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[4544] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\wbem\unsecapp.exe[4544] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[4544] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\wbem\unsecapp.exe[4544] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[4544] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\wbem\unsecapp.exe[4544] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[4544] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\wbem\unsecapp.exe[4544] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[4544] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wbem\unsecapp.exe[4544] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\wbem\unsecapp.exe[4544] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4616] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4616] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4616] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4616] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4616] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4616] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4616] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4616] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4616] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4616] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4616] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4616] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4616] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4616] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4616] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4616] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\helppane.exe[5100] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\helppane.exe[5100] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\helppane.exe[5100] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\helppane.exe[5100] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\helppane.exe[5100] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\helppane.exe[5100] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\helppane.exe[5100] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\helppane.exe[5100] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\helppane.exe[5100] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\helppane.exe[5100] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\helppane.exe[5100] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\helppane.exe[5100] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\helppane.exe[5100] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\helppane.exe[5100] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\helppane.exe[5100] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\helppane.exe[5100] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5152] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5152] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Mozilla Firefox\firefox.exe[5152] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5152] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5152] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5152] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5152] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5152] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Mozilla Firefox\firefox.exe[5152] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5152] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Mozilla Firefox\firefox.exe[5152] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5152] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5152] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5152] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5152] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5152] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[5236] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[5236] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[5236] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[5236] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[5236] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[5236] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[5236] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[5236] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[5236] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[5236] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[5236] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[5236] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[5236] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[5236] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[5236] kernel32.dll!ExitProcess 76EF3B54 5 Bytes JMP 05052422 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[5236] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[5236] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[5236] USER32.dll!MessageBoxA 76D5D619 5 Bytes JMP 050523CC C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[5236] USER32.dll!MessageBoxW 76D5D667 5 Bytes JMP 050523F7 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5432] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5432] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5432] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5432] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5432] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5432] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5432] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5432] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5432] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5432] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5432] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5432] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5432] KERNEL32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5432] KERNEL32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5432] KERNEL32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5432] KERNEL32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5496] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5496] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[5496] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5496] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5496] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5496] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5496] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5496] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\iPod\bin\iPodService.exe[5496] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5496] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[5496] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5496] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5496] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5496] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5496] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5496] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\wermgr.exe[5752] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wermgr.exe[5752] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\wermgr.exe[5752] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wermgr.exe[5752] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Windows\system32\wermgr.exe[5752] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wermgr.exe[5752] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Windows\system32\wermgr.exe[5752] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wermgr.exe[5752] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\wermgr.exe[5752] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wermgr.exe[5752] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\wermgr.exe[5752] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wermgr.exe[5752] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Windows\system32\wermgr.exe[5752] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\wermgr.exe[5752] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wermgr.exe[5752] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\wermgr.exe[5752] kernel32.dll!GetCommandLineA

drenda

2009-04-01, 17:20

76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[5900] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[5900] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[5900] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[5900] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[5900] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[5900] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[5900] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[5900] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[5900] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[5900] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[5900] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[5900] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[5900] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[5900] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[5900] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[5900] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A
.text C:\Users\drenda\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[5928] ntdll.dll!NtCreateProcess 776680C8 3 Bytes [FF, 25, 1E]
.text C:\Users\drenda\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[5928] ntdll.dll!NtCreateProcess + 4 776680CC 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Users\drenda\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[5928] ntdll.dll!NtCreateProcessEx 776680D8 3 Bytes [FF, 25, 1E]
.text C:\Users\drenda\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[5928] ntdll.dll!NtCreateProcessEx + 4 776680DC 2 Bytes [11, 5F]
.text C:\Users\drenda\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[5928] ntdll.dll!NtCreateSection 776680F8 3 Bytes [FF, 25, 1E]
.text C:\Users\drenda\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[5928] ntdll.dll!NtCreateSection + 4 776680FC 2 Bytes [05, 5F]
.text C:\Users\drenda\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[5928] ntdll.dll!NtTerminateProcess 77669128 3 Bytes [FF, 25, 1E]
.text C:\Users\drenda\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[5928] ntdll.dll!NtTerminateProcess + 4 7766912C 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Users\drenda\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[5928] ntdll.dll!NtWriteVirtualMemory 776692A8 3 Bytes [FF, 25, 1E]
.text C:\Users\drenda\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[5928] ntdll.dll!NtWriteVirtualMemory + 4 776692AC 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Users\drenda\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[5928] ntdll.dll!NtCreateUserProcess 77669438 3 Bytes [FF, 25, 1E]
.text C:\Users\drenda\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[5928] ntdll.dll!NtCreateUserProcess + 4 7766943C 2 Bytes [0B, 5F]
.text C:\Users\drenda\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[5928] kernel32.dll!GetStartupInfoA 76ED19C9 6 Bytes JMP 5F1D0F5A
.text C:\Users\drenda\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[5928] kernel32.dll!LoadLibraryExW 76EF30C3 6 Bytes JMP 5F070F5A
.text C:\Users\drenda\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[5928] kernel32.dll!CreateMutexA 76EF41C6 6 Bytes JMP 5F190F5A
.text C:\Users\drenda\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[5928] kernel32.dll!GetCommandLineA 76EF4DF8 6 Bytes JMP 5F200F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746A7BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [746E98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [746AD3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7469F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746A7599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7469E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [746DB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [746AD68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746A012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746A0095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746971F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7472D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [746C75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7469DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7469668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746966BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [746A1E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A21C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A14E] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139B0C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A18E] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A21C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A14E] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A18E] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139B0C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [61138F3A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A18E] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A21C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A14E] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139B0C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [61138F3A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138E7D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139723] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139723] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A21C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139B0C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A18E] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A14E] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [61138F3A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138E3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138E01] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [61138F40] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138E7D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139723] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61138F78] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [6113A14E] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2200] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [61139B0C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2628] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2756] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044A960] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2756] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044A960] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2904] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044A974] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044A974] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] [0291E070] c:\program files\aim6\services\imApp\ver6_8_14_6\imAppService.dll (imAppService EE Application Service/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3064] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.)

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\LogFiles\Scm\SCM.EVM (size mismatch) 393216/360448 bytes

---- EOF - GMER 1.0.15 ----

drenda

2009-04-01, 17:22

GMER 1.0.15.14966 - http://www.gmer.net
Autostart scan 2009-04-01 10:02:07
Windows 6.0.6001 Service Pack 1

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * lsdelete /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\Windows\system32\userinit.exe, = C:\Windows\system32\userinit.exe,
@Shellexplorer.exe = explorer.exe
Windows@AppInit_DLLs = C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AdobeActiveFileMonitor5.0@ = C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
AeLookupSvc@ = %systemroot%\system32\svchost.exe -k netsvcs
AESTFilters@ = C:\Windows\system32\aestsrv.exe
Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Ati External Event Utility@ = %SystemRoot%\system32\Ati2evxx.exe
AudioEndpointBuilder@ = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Audiosrv@ = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
BFE@ = %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
BITS@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
Browser@ = %SystemRoot%\System32\svchost.exe -k netsvcs
BthServ@ = %SystemRoot%\system32\svchost.exe -k bthsvcs
CryptSvc@ = %SystemRoot%\system32\svchost.exe -k NetworkService
CSHelper@ = C:\Windows\system32\CSHelper.exe
DcomLaunch@ = %SystemRoot%\system32\svchost.exe -k DcomLaunch
Dhcp@ = %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Dnscache@ = %SystemRoot%\system32\svchost.exe -k NetworkService
DPS@ = %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
ehstart@ = %windir%\system32\svchost.exe -k LocalServiceNoNetwork
EMDMgmt@ = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Eventlog@ = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
EventSystem@ = %SystemRoot%\system32\svchost.exe -k LocalService
FDResPub@ = %SystemRoot%\system32\svchost.exe -k LocalService
gpsvc@ = %systemroot%\system32\svchost.exe -k netsvcs
gupdate1c8c37a28b2c239@ = "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
gusvc@ = "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
IKEEXT@ = %systemroot%\system32\svchost.exe -k netsvcs
iphlpsvc@ = %SystemRoot%\System32\svchost.exe -k NetSvcs
KtmRm@ = %SystemRoot%\System32\svchost.exe -k NetworkService
LanmanServer@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LanmanWorkstation@ = %SystemRoot%\System32\svchost.exe -k LocalService
Lavasoft Ad-Aware Service@ = "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe"
lmhosts@ = %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
MMCSS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
MpsSvc@ = %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
netprofm@ = %SystemRoot%\System32\svchost.exe -k LocalService
NlaSvc@ = %SystemRoot%\System32\svchost.exe -k NetworkService
nsi@ = %systemroot%\system32\svchost.exe -k LocalService
PcaSvc@ = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
PCTAVSvc@ = C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
PlugPlay@ = %SystemRoot%\system32\svchost.exe -k DcomLaunch
PolicyAgent@ = %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
ProfSvc@ = %systemroot%\system32\svchost.exe -k netsvcs
RapiMgr@ = %SystemRoot%\system32\svchost.exe -k WindowsMobile
RoxWatch9@ = "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
RpcSs@ = %SystemRoot%\system32\svchost.exe -k rpcss
SamSs@ = %SystemRoot%\system32\lsass.exe
Schedule@ = %systemroot%\system32\svchost.exe -k netsvcs
sdAuxService@ = C:\Program Files\Spyware Doctor\pctsAuxs.exe
sdCoreService@ = C:\Program Files\Spyware Doctor\pctsSvc.exe
seclogon@ = %windir%\system32\svchost.exe -k netsvcs
SENS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection@ = %SystemRoot%\System32\svchost.exe -k netsvcs
slsvc@ = %SystemRoot%\system32\SLsvc.exe
Spooler@ = %SystemRoot%\System32\spoolsv.exe
sprtsvc_dellsupportcenter@ = C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter /*file not found*/
STacSV@ = C:\Windows\system32\STacSV.exe
stisvc@ = %SystemRoot%\system32\svchost.exe -k imgsvc
SysMain@ = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
TabletInputService@ = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
TBS@ = %SystemRoot%\System32\svchost.exe -k LocalService
TermService@ = %SystemRoot%\System32\svchost.exe -k NetworkService
Themes@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks@ = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
upnphost@ = %SystemRoot%\system32\svchost.exe -k LocalService
UxSms@ = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Viewpoint Manager Service@ = "C:\Program Files\Viewpoint\Common\ViewpointService.exe"
W32Time@ = %SystemRoot%\system32\svchost.exe -k LocalService
WcesComm@ = %SystemRoot%\system32\svchost.exe -k WindowsMobile
WebClient@ = %SystemRoot%\system32\svchost.exe -k LocalService
WerSvc@ = %SystemRoot%\System32\svchost.exe -k WerSvcGroup
WinDefend@ = %SystemRoot%\System32\svchost.exe -k secsvcs
Winmgmt@ = %systemroot%\system32\svchost.exe -k netsvcs
Wlansvc@ = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
WMPNetworkSvc@ = "%ProgramFiles%\Windows Media Player\wmpnetwk.exe"
WPDBusEnum@ = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
wscsvc@ = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding
wuauserv@ = %systemroot%\system32\svchost.exe -k netsvcs
wudfsvc@ = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
XAudioService@ = %SystemRoot%\system32\DRIVERS\xaudio.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Windows Defender%ProgramFiles%\Windows Defender\MSASCui.exe -hide /*file not found*/ = %ProgramFiles%\Windows Defender\MSASCui.exe -hide /*file not found*/
@ECenterC:\Dell\E-Center\EULALauncher.exe = C:\Dell\E-Center\EULALauncher.exe
@SynTPEnhC:\Program Files\Synaptics\SynTP\SynTPEnh.exe = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
@OEM02Mon.exeC:\Windows\OEM02Mon.exe = C:\Windows\OEM02Mon.exe
@Windows Mobile Device Center%windir%\WindowsMobile\wmdc.exe = %windir%\WindowsMobile\wmdc.exe
@StartCCCC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
@DELL Webcam Manager"C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s = "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
@ISUSScheduler"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
@PCMService"C:\Program Files\Dell\MediaDirect\PCMService.exe" = "C:\Program Files\Dell\MediaDirect\PCMService.exe"
@dscactivate"C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" = "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
@Google Desktop Search"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
@Adobe Photo Downloader"C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" = "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
@DellSupportCenter"C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter = "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
@SigmatelSysTrayApp%ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe /*file not found*/ = %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe /*file not found*/
@QuickTime Task"C:\Program Files\QuickTime\QTTask.exe" -atboottime = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
@AppleSyncNotifierC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
@iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
@SunJavaUpdateSched"C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe"
@BlackBerryAutoUpdateC:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background /*file not found*/ = C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background /*file not found*/
@Ad-WatchC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe = C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
@Malwarebytes Anti-Malware (reboot)"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript = "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
@ISTray"C:\Program Files\Spyware Doctor\pctsTray.exe" = "C:\Program Files\Spyware Doctor\pctsTray.exe"
@PCTAVApp"C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN = "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Aim6"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp = "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
@DellSupportCenter"C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter = "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
@ehTray.exeC:\Windows\ehome\ehTray.exe = C:\Windows\ehome\ehTray.exe
@DW6C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe = C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
@swgC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
@googletalkC:\Users\drenda\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart /*file not found*/ = C:\Users\drenda\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart /*file not found*/
@Messenger (Yahoo!)"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
@SpybotSD TeaTimerC:\Program Files\Spybot - Search & Destroy\TeaTimer.exe = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
@WMPNSCFGC:\Program Files\Windows Media Player\WMPNSCFG.exe = C:\Program Files\Windows Media Player\WMPNSCFG.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WebCheck = C:\Windows\system32\webcheck.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler@{8C7461EF-2B13-11d2-BE35-3078302C2030} = %SystemRoot%\system32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\Windows\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/%CommonProgramFiles%\System\Ole DB\oledb32.dll /*file not found*/ = %CommonProgramFiles%\System\Ole DB\oledb32.dll /*file not found*/
@{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} /*Computers and Devices*/%systemroot%\system32\NetworkExplorer.dll = %systemroot%\system32\NetworkExplorer.dll
@{E7DE9B1A-7533-4556-9484-B26FB486475E} /**/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\system32\mmcshext.dll = %SystemRoot%\system32\mmcshext.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/C:\Windows\system32\webcheck.dll = C:\Windows\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/C:\Windows\system32\webcheck.dll = C:\Windows\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/C:\Windows\system32\webcheck.dll = C:\Windows\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/C:\Windows\system32\webcheck.dll = C:\Windows\system32\webcheck.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/C:\Windows\system32\webcheck.dll = C:\Windows\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/C:\Windows\system32\webcheck.dll = C:\Windows\system32\webcheck.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Network Connections*/%SystemRoot%\System32\netshell.dll = %SystemRoot%\System32\netshell.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Network Connections*/%SystemRoot%\System32\netshell.dll = %SystemRoot%\System32\netshell.dll
@{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486} /*IGD Property Sheet Handler*/%SystemRoot%\System32\icsigd.dll = %SystemRoot%\System32\icsigd.dll
@{92dbad9f-5025-49b0-9078-2d78f935e341} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{b9815375-5d7f-4ce2-9245-c9d4da436930} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{f8b8412b-dea3-4130-b36c-5e8be73106ac} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{5FA29220-36A1-40f9-89C6-F4B384B7642E} /*Shell Message Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3050f3d9-98b5-11cf-bb82-00aa00bdce0b} /*MSHTML Document*/C:\Windows\system32\mshtml.dll = C:\Windows\system32\mshtml.dll
@{25336920-03f9-11cf-8fd0-00aa00686f13} /*HTML Document*/C:\Windows\system32\mshtml.dll = C:\Windows\system32\mshtml.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Mail Service*/%SystemRoot%\System32\sendmail.dll = %SystemRoot%\System32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Desktop Shortcut*/%SystemRoot%\System32\sendmail.dll = %SystemRoot%\System32\sendmail.dll
@{00020d75-0000-0000-c000-000000000046} /*lnkfile*/(null) =
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{b2c761c6-29bc-4f19-9251-e6195265baf1} /*Color Control Panel Applet*/(null) =
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%systemroot%\system32\dsuiext.dll = %systemroot%\system32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%systemroot%\system32\dsuiext.dll = %systemroot%\system32\dsuiext.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Printers Security Page*/rshx32.dll = rshx32.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*NTFS Security Page*/rshx32.dll = rshx32.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Web Printer Shell Extension*/%systemroot%\system32\printui.dll = %systemroot%\system32\printui.dll
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*DS Security Page*/dssec.dll = dssec.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll
@{36eef7db-88ad-4e81-ad49-0e313f0c35f8} /*Windows Update*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{74246bfc-4c96-11d0-abef-0020af6b0b7a} /*Device Manager*/%SystemRoot%\System32\devmgr.dll = %SystemRoot%\System32\devmgr.dll
@{7A979262-40CE-46ff-AEEE-7884AC3B6136} /*Add New Hardware*/(null) =
@{7b81be6a-ce2b-4676-a29e-eb907a5126c5} /*Programs and Features*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{15eae92e-f17a-4431-9f28-805e482dafd4} /*Install New Programs*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd} /*Installed Updates*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{ceefea1b-3e29-4ef1-b34c-fec79c4f70af} /*New Shortcut Wizard*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{0BFCF7B7-E7B6-433a-B205-2904FCF040DD} /*New Shortcut Wizard Modal*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{3e7efb4c-faf1-453d-89eb-56026875ef90} /*Get Programs Online*/(null) =
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Disk Copy Extension*/diskcopy.dll = diskcopy.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyFolder Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{44f3dab6-4392-4186-bb7b-6282ccb7a9f6} /*MyDocuments menu and properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Taskbar and Start Menu*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Search*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Run...*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*E-mail*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0} /*Start Menu OEM Command*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{3080F90D-D7AD-11D9-BD98-0000947B0257} /*Show Desktop*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{3080F90E-D7AD-11D9-BD98-0000947B0257} /*Window Switcher*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{eb124705-128b-40d4-8dd8-d93ed12589a4} /*WPL property store*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{3c2654c6-7372-4f6b-b310-55d6128f49d2} /*Alphabetical Categorizer*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{708e1662-b832-42a8-bbe1-0a77121e3908} /*Tree property value folder*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{71f96385-ddd6-48d3-a0c1-ae06e8b055fb} /*Explorer Browser*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{b2952b16-0e07-4e5a-b993-58c52cb94cae} /*Search Folders*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{437ff9c0-a07f-4fa0-af80-84b6c6440a16} /*Command Folder*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{90f8c90b-04e0-4e92-a186-e6e9c125d664} /*Property Labels*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{1b24a030-9b20-49bc-97ac-1be4426f9e59} /*ActiveDirectory Folder*/(null) =
@{34449847-FD14-4fc8-A75A-7432F5181EFB} /*ActiveDirectory Folder*/(null) =
@{C8494E42-ACDD-4739-B0FB-217361E4894F} /*Sam Account Folder*/(null) =
@{E29F9716-5C08-4FCD-955A-119FDB5A522D} /*Sam Account Folder*/(null) =
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Fonts*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Administrative Tools*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{b155bdf8-02f0-451e-9a26-ae317cfd7779} /*nethood delegate folder*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{DFFACDC5-679F-4156-8947-C5C76BC0B67F} /*users files delegate folder*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{ed50fc29-b964-48a9-afb3-15ebb9b97f36} /*printhood delegate folder*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{328B0346-7EAF-4BBE-A479-7CB88A095F5B} /*Layout Folder*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} /*Control Panel command object for Start menu*/(null) =
@{E44E5D18-0652-4508-A4E2-8A090067BCB0} /*Default Programs command object for Start menu*/(null) =
@{4336a54d-038b-4685-ab02-99bb52d3fb8b} /*Public Folder*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{00021401-0000-0000-C000-000000000046} /*Shortcut*/shell32.dll = shell32.dll
@{C73F6F30-97A0-4AD1-A08F-540D4E9BC7B9} /*Search Folder*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{0AFCCBA6-BF90-4A4E-8482-0AC960981F5B} /*.fon, .otf, .ttc or .ttf files*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{66742402-F9B9-11D1-A202-0000F81FEDEE} /*.cpl, .dll, .exe, .ocx, .rll or .sys files*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{D34A6CA6-62C2-4C34-8A7C-14709C1AD938} /*Common Places Folder*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{865e5e76-ad83-4dca-a109-50dc2113ce9a} /*Programs Folder and Fast Items*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{21ec2020-3aea-1069-a2dd-08002b30309d} /*Control Panel*/shell32.dll = shell32.dll
@{25585dc7-4da0-438d-ad04-e42c8d2d64b9} /*Client application shell extension*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{6dfd7c5c-2451-11d3-a299-00c04f8ef6af} /*Folder Options*/(null) =
@{a42c2ccb-67d3-46fa-abe6-7d2f3488c7a3} /*Microsoft Windows RTF Preview Handler*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{1531d583-8375-4d3f-b5fb-d23bbd169f22} /*Window TXT Preview Handler*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*ActiveX Cache Folder*/C:\Windows\system32\occache.dll = C:\Windows\system32\occache.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Microsoft Internet Toolbar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{056440FD-8568-48e7-A632-72157243B55B} /*Explorer Navigation Bar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{C4EC38BD-4E9E-4b5e-935A-D1BFF237D980} /*Explorer Travel Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6D8BB3D3-9D87-4a91-AB56-4F30CFFEFE9F} /*Explorer Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{2C2577C2-63A7-40e3-9B7F-586602617ECB} /*Explorer Query Band*/(null) =
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*In-pane search*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Registry Tree Options Utility*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Address*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{a542e116-8088-4146-a352-b0d06e7f6af6} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Microsoft AutoComplete*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{596742A5-1393-4e13-8765-AE1DF71ACAFB} /*Microsoft Breadcrumb Bar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*MRU AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Custom MRU AutoCompleted List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Microsoft History AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Microsoft Shell Folder AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Microsoft Multiple AutoComplete List Container*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*User Assist*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Global Folder Settings*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} /*Search Control*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{4d5c8c2a-d075-11d0-b416-00c04fb90376} /*Microsoft CommBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} /*File Open Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{C0B4E2F3-BA21-4773-8DBA-335EC946EB8B} /*File Save Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{92337A8C-E11D-11D0-BE48-00C04FC30DF6} /*OlePrn.PrinterURL*/%SystemRoot%\system32\oleprn.dll = %SystemRoot%\system32\oleprn.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft XPS Properties*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft XPS Thumbnail*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b} /*View Available Networks*/(null) =
@{13D3C4B8-B179-4ebb-BF62-F704173E7448} /*Windows Contact Preview Handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*For &People...*/%ProgramFiles%\Windows Mail\wabfind.dll /*file not found*/ = %ProgramFiles%\Windows Mail\wabfind.dll /*file not found*/
@{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} /*Contacts folder*/(null) =
@{4F58F63F-244B-4c07-B29F-210BE59BE9B4} /*.group shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{8082C5E6-4C27-48ec-A809-B8E1122E8F97} /*.contact shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{16C2C29D-0E5F-45f3-A445-03E03F587B7D} /*group_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{CF67796C-F57F-45F8-92FB-AD698826C602} /*contact_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Crypto PKO Extension*/%SystemRoot%\system32\cryptext.dll = %SystemRoot%\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Crypto Sign Extension*/%SystemRoot%\system32\cryptext.dll = %SystemRoot%\system32\cryptext.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Property Page*/%windir%\system32\acppage.dll = %windir%\system32\acppage.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/%SystemRoot%\system32\remotepg.dll = %SystemRoot%\system32\remotepg.dll
@{4026492f-2f69-46b8-b9bf-5654fc07e423} /*Windows Firewall*/(null) =
@{D555645E-D4F8-4c29-A827-D93C859C4F2A} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\Windows\system32\extmgr.dll = C:\Windows\system32\extmgr.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Shell extensions for Windows Script Host*/C:\Windows\system32\wshext.dll = C:\Windows\system32\wshext.dll
@{fcfeecae-ee1b-4849-ae50-685dcf7717ec} /*Problem Reports and Solutions*/(null) =
@{a304259d-52b8-4526-8b1a-a1d6cecc8243} /*iSCSI Initiator*/(null) =
@{8E908FC9-BECC-40f6-915B-F4CA0E70D03D} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/%SystemRoot%\MSAgent\agentpsh.dll = %SystemRoot%\MSAgent\agentpsh.dll
@{025A5937-A6BE-4686-A844-36FE4BEC8B6D} /*Microsoft Power Options*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{BB06C0E4-D293-4f75-8A90-CB05B6477EEE} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{ED834ED6-4B5A-4bfe-8F11-A626DCB6A921} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{17cd9488-1228-4b2f-88ce-4298e93e0966} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{60632754-c523-4b62-b45c-4172da012619} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9C60DE1E-E5FC-40f4-A487-460851A8D915} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Display Adapter CPL Extension*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Display Monitor CPL Extension*/deskmon.dll = deskmon.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*OLE Docfile Property Page*/docprop.dll = docprop.dll
@{11dbb47c-a525-400b-9e80-a54615a090c0} /*Execute Folder*/ExplorerFrame.dll = ExplorerFrame.dll
@{90b9bce2-b6db-4fd3-8451-35917ea1081b} /*Search Execute Command*/ExplorerFrame.dll = ExplorerFrame.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Microsoft Windows Font Folder*/%SystemRoot%\system32\fontext.dll = %SystemRoot%\system32\fontext.dll
@{2BC0DA0E-F1BC-43AB-B4B5-738EB6B51E7E} /*Microsoft Windows Font File Icon Handler*/fontext.dll = fontext.dll
@{1a184871-359e-4f67-aad9-5b9905d62232} /*Microsoft Windows Font File Context Menu Handler*/fontext.dll = fontext.dll
@{8a7cae0e-5951-49cb-bf20-ab3fa1e44b01} /*Microsoft Windows Font Previewer*/fontext.dll = fontext.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/%SystemRoot%\system32\msieftp.dll = %SystemRoot%\system32\msieftp.dll
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Compressed (zipped) Folder*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} /*Compressed (zipped) Folder Context Menu*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{ed9d80b9-d157-457b-9192-0e7280313bf0} /*Compressed (zipped) Folder Drop Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{911051fa-c21c-4246-b470-070cd8df6dc4} /*.cab or .zip files*/(null) =
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Shell extensions for Microsoft Windows Network objects*/ntlanui2.dll = ntlanui2.dll
@{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) =
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell.DfsShell Property Sheet*/DfsShlEx.dll = DfsShlEx.dll
@{a38b883c-1682-497e-97b0-0a3a9e801682} /*IPropertyStore Handler for Images*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{C7657C4A-9F68-40fa-A4DF-96BC08EB3551} /*Photo Thumbnail Provider*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*Photo Thumbnail Extractor*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{BC65FB43-1958-4349-971A-210290480130} /*Network Explorer Property Sheet Handler*/%SystemRoot%\System32\NcdProp.dll = %SystemRoot%\System32\NcdProp.dll
@{d3e34b21-9d75-101a-8c3d-00aa001a1652} /*Bitmap Image*/(null) =
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{E598560B-28D5-46aa-A14A-8A3BEA34B576} /*Windows Photo Gallery Viewer Video Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3} /*Microsoft.ScannersAndCameras*/(null) =
@{0a4286ea-e355-44fb-8086-af3df7645bd9} /*Windows Media Player*/C:\PROGRA~1\WI4EB4~1\wmpband.dll = C:\PROGRA~1\WI4EB4~1\wmpband.dll
@{BB6B2374-3D79-41DB-87F4-896C91846510} /*EMDFileProperties*/emdmgmt.dll = emdmgmt.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{E95A4861-D57A-4be1-AD0F-35267E261739} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{89D83576-6BD1-4c86-9454-BEB04E94C819} /*MAPI Search Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{7A0F6AB7-ED84-46B6-B47E-02AA159A152B} /*Sync Center Simple Conflict Presenter*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9D687A4C-1404-41ef-A089-883B6FBECDE6} /*Windows Photo Gallery Viewer Autoplay Handler*/(null) =
@{BE122A0E-4503-11DA-8BDE-F66BAD1E3F3A} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*DropTarget Object for Photo Printing Wizard*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll
@{37efd44d-ef8d-41b1-940d-96973a50e9e0} /*Windows Sidebar Properties*/(null) =
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\system32\audiodev.dll = %SystemRoot%\system32\audiodev.dll
@{00f20eb5-8fd6-4d9d-b75e-36801766c8f1} /*PhotoAcqDropTarget*/%ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/
@{BC48B32F-5910-47F5-8570-5074A8A5636A} /*Sync Results Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{ED228FDF-9EA8-4870-83B1-96B02CFE0D52} /*Games Folder*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/%SystemRoot%\system32\wmpshell.dll = %SystemRoot%\system32\wmpshell.dll
@{E413D040-6788-4C22-957E-175D1C513A34} /*Sync Center Conflict Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{67718415-c450-4f3c-bf8a-b487642dc39b} /*Windows Features*/(null) =
@{335a31dd-f04b-4d76-a925-d6b47cf360df} /**/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{91ADC906-6722-4B05-A12B-471ADDCCE132} /*Touch Band*/%SystemRoot%\System32\TouchX.dll = %SystemRoot%\System32\TouchX.dll
@{7D4734E6-047E-41e2-AEAA-E763B4739DC4} /*Windows Media Player Play as Playlist Context Menu Handler*/%SystemRoot%\system32\wmpshell.dll = %SystemRoot%\system32\wmpshell.dll
@{2781761E-28E0-4109-99FE-B9D127C57AFE} /*Windows Defender IOfficeAntiVirus implementation*/%ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/ = %ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/
@{96AE8D84-A250-4520-95A5-A47A7E3C548B} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} /*Windows Photo Gallery Viewer Image Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Play as Playlist Context Menu Handler*/%SystemRoot%\system32\wmpshell.dll = %SystemRoot%\system32\wmpshell.dll
@{4B534112-3AF6-4697-A77C-D62CE9B9E7CF} /*Sync Center Event Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C} /*Sync Setup Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Briefcase*/syncui.dll = syncui.dll
@{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A} /*GameUX.RichGameMediaThumbnail*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{d8559eb9-20c0-410e-beda-7ed416aecc2a} /*Windows Defender*/(null) =
@{576C9E85-1300-4EF5-BF6B-D00509F4EDCD} /*Sync Center Handler Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{5ea4f148-308c-46d7-98a9-49041b1dd468} /*Mobility Center Control Panel*/(null) =
@{289978AC-A101-4341-A817-21EBA7FD046D} /*Sync Center Conflict Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{877ca5ac-cb41-4842-9c69-9136e42d47e2} /*File Backup Index*/%systemroot%\system32\sdshext.dll = %systemroot%\system32\sdshext.dll
@{71D99464-3B6B-475C-B241-E15883207529} /*Sync Results Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{B32D3949-ED98-4DBB-B347-17A144969BBA} /*Sync Center Item Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Burn Audio CD Context Menu Handler*/%SystemRoot%\system32\wmpshell.dll = %SystemRoot%\system32\wmpshell.dll
@{2E9E59C0-B437-4981-A647-9C34B9B90891} /*Sync Setup Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{58E3C745-D971-4081-9034-86E34B30836A} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF} /*Sync Center Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1} /*Welcome Center*/oobefldr.dll = oobefldr.dll
@{15D633E2-AD00-465b-9EC7-F56B7CDF8E27} /*Tablet PC Input Panel*/%CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/ = %CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/
@{78F3955E-3B90-4184-BD14-5397C15F1EFC} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{F04CC277-03A2-4277-96A9-77967471BDFF} /*Sync Center Conflict Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{53BEDF0B-4E5B-4183-8DC9-B844344FA104} /*Microsoft Windows MAPI Preview Handler*/%SystemRoot%\system32\mssvp.dll = %SystemRoot%\system32\mssvp.dll
@{6b9228da-9c15-419e-856c-19e768a13bdc} /*Windows gadget DropTarget*/%ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/ = %ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/
@{8E25992B-373E-486E-80E5-BD23AE417E66} /*Sync Center Device Notification Sink*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{031EE060-67BC-460d-8847-E4A7C5E45A27} /*Windows Media Player Rich Preview Handler*/(null) =
@{1FA9085F-25A2-489B-85D4-86326EEDCD87} /*Manage Wireless Networks*/%SystemRoot%\system32\wlanpref.dll = %SystemRoot%\system32\wlanpref.dll
@{7dda204b-2097-47c9-8323-c40bb840ae44} /*XPS document*/(null) =
@{ECDD6472-2B9B-4b4b-AE36-F316DF3C8D60} /*RichGameMediaPropertyStore Class*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{BD7A2E7B-21CB-41b2-A086-B309680C6B7E} /*Client Side Cache Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{8A734961-C4AA-4741-AC1E-791ACEBF5B39} /*Windows Media Player Shop Music Context Menu Handler*/%SystemRoot%\system32\wmpshell.dll = %SystemRoot%\system32\wmpshell.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*User Accounts*/(null) =
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Program Files\Synaptics\SynTP\SynTPCpl.dll = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
@{5E2121EE-0300-11D4-8D3B-444553540000} /*Catalyst Context Menu extension*/C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
BriefcaseMenu@{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
LavasoftShellExt@{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} = C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
PCTAVShellExtension@{AEEAEC2D-7EE9-4C66-937C-80BF8B03FD54} = C:\Program Files\PC Tools AntiVirus\PCTAVShellExtension.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\shell32.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
PCTAVShellExtension@{AEEAEC2D-7EE9-4C66-937C-80BF8B03FD54} = C:\Program Files\PC Tools AntiVirus\PCTAVShellExtension.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
BriefcaseMenu@{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
LavasoftShellExt@{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} = C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre6\bin\ssv.dll = C:\Program Files\Java\jre6\bin\ssv.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll = C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll = C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
@{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll = C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
@{CA6319C0-31B7-401E-A518-A07C3DB8F777}C:\Program Files\Dell\BAE\BAE.dll = C:\Program Files\Dell\BAE\BAE.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\Windows\system32\PhotoScreensaver.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local PageC:\windows\system32\blank.htm = C:\windows\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Local PageC:\windows\system32\blank.htm = C:\windows\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = mscoree.dll
application/x-complus@CLSID = mscoree.dll
application/x-msdownload@CLSID = mscoree.dll
deflate@CLSID = C:\Windows\system32\urlmon.dll
gzip@CLSID = C:\Windows\system32\urlmon.dll

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = C:\Windows\system32\mshtml.dll
cdl@CLSID = C:\Windows\system32\urlmon.dll
dvd@CLSID = C:\Windows\System32\msvidctl.dll
file@CLSID = C:\Windows\system32\urlmon.dll
ftp@CLSID = C:\Windows\system32\urlmon.dll
http@CLSID = C:\Windows\system32\urlmon.dll
https@CLSID = C:\Windows\system32\urlmon.dll
its@CLSID = %SystemRoot%\System32\itss.dll
javascript@CLSID = C:\Windows\system32\mshtml.dll
local@CLSID = C:\Windows\system32\urlmon.dll
mailto@CLSID = C:\Windows\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = C:\Windows\system32\urlmon.dll
ms-its@CLSID = %SystemRoot%\System32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
res@CLSID = C:\Windows\system32\mshtml.dll
tv@CLSID = C:\Windows\System32\msvidctl.dll
vbscript@CLSID = C:\Windows\system32\mshtml.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\system32\NLAapi.dll
000000000002@LibraryPath = %SystemRoot%\system32\napinsp.dll
000000000003@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
000000000004@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
000000000005@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000006@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000007@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
000000000002@PackedCatalogItem = C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
000000000003@PackedCatalogItem = C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000021@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000022@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000023@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000024@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000025@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000026@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000027@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000028@PackedCatalogItem = C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup >>>
Desktop Manager.lnk = Desktop Manager.lnk
Digital Line Detect.lnk = Digital Line Detect.lnk
Kodak EasyShare software.lnk = Kodak EasyShare software.lnk
QuickSet.lnk = QuickSet.lnk

---- EOF - GMER 1.0.15 ----

Thanks for your help!

Shaba

2009-04-01, 17:29

Looks like mbam and spyware doctor did well.

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

drenda

2009-04-01, 18:05

*phew* good to know. I have a friend with the same issues except she can't even update in safemode. I will have to direct her here also. Only other issue I seem to have is my internet connection seems pretty slow now.

This is the only log that was produced. I notice that there are a few programs listed that i tried to install but never ran so I guess I need to delete those.

Logfile of random's system information tool 1.06 (written by random/random)
Run by drenda at 2009-04-01 11:01:20
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 193 GB (86%) free of 226 GB
Total RAM: 1917 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:44 AM, on 4/1/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\CSHelper.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\drenda\Downloads\RSIT.exe
C:\Users\drenda\Downloads\drenda.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\drenda\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c8c37a28b2c239) (gupdate1c8c37a28b2c239) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13669 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\AWC Startup.job
C:\Windows\tasks\EasyShare Registration Task.job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-12 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-03-12 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-12 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"ECenter"=C:\Dell\E-Center\EULALauncher.exe [2007-05-25 17920]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-04-27 857648]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-08-29 36864]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"DELL Webcam Manager"=C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-04-16 184320]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-08 29744]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [2006-09-14 61440]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-09-07 405504]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2008-09-19 615696]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-06 515416]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-03-26 1277584]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-03-31 1168264]
"PCTAVApp"=C:\Program Files\PC Tools AntiVirus\PCTAV.exe [2009-02-19 1374096]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"DW6"=C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe [2008-03-17 801904]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-12-02 68856]
"googletalk"=C:\Users\drenda\AppData\Roaming\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCTAVSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-04-01 10:53:47 ----D---- C:\rsit
2009-04-01 00:22:08 ----D---- C:\Program Files\Common Files\PC Tools
2009-04-01 00:21:56 ----D---- C:\ProgramData\PC Tools
2009-03-31 09:44:26 ----D---- C:\Program Files\Spyware Doctor
2009-03-31 09:10:17 ----A---- C:\Program Files\grlmjw.txt
2009-03-30 15:21:59 ----D---- C:\Users\drenda\AppData\Roaming\SUPERAntiSpyware.com
2009-03-30 14:22:09 ----SHD---- C:\Config.Msi
2009-03-30 14:22:09 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-30 14:12:41 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-30 11:53:49 ----D---- C:\Users\drenda\AppData\Roaming\PC Tools
2009-03-30 10:03:19 ----D---- C:\Users\drenda\AppData\Roaming\Malwarebytes
2009-03-29 09:38:47 ----D---- C:\Users\drenda\AppData\Roaming\HouseCall 6.6
2009-03-25 22:38:05 ----D---- C:\Windows\ERDNT
2009-03-25 16:22:03 ----A---- C:\Users\drenda\AppData\Roaming\SetValue.bat
2009-03-25 16:22:03 ----A---- C:\Users\drenda\AppData\Roaming\GetValue.vbs
2009-03-25 16:22:02 ----A---- C:\Windows\system32\tmp.txt
2009-03-25 16:21:36 ----A---- C:\rapport.txt
2009-03-25 16:21:16 ----A---- C:\Windows\system32\WS2Fix.exe
2009-03-25 16:21:16 ----A---- C:\Windows\system32\VCCLSID.exe
2009-03-25 16:21:16 ----A---- C:\Windows\system32\swxcacls.exe
2009-03-25 16:21:16 ----A---- C:\Windows\system32\swsc.exe
2009-03-25 16:21:16 ----A---- C:\Windows\system32\swreg.exe
2009-03-25 16:21:16 ----A---- C:\Windows\system32\SrchSTS.exe
2009-03-25 16:21:16 ----A---- C:\Windows\system32\Process.exe
2009-03-25 16:21:16 ----A---- C:\Windows\system32\IEDFix.exe
2009-03-25 16:21:16 ----A---- C:\Windows\system32\dumphive.exe
2009-03-25 15:50:28 ----D---- C:\Windows\system32\SmitfraudFix
2009-03-25 13:40:02 ----A---- C:\Windows\ntbtlog.txt
2009-03-25 13:19:24 ----D---- C:\ProgramData\Malwarebytes
2009-03-25 13:19:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-23 23:31:33 ----D---- C:\Users\drenda\AppData\Roaming\IObit
2009-03-23 23:31:32 ----D---- C:\Program Files\IObit
2009-03-22 22:33:16 ----D---- C:\RECYCLER
2009-03-10 22:33:55 ----A---- C:\Windows\system32\wmp.dll
2009-03-10 22:33:54 ----A---- C:\Windows\system32\wmploc.DLL
2009-03-10 22:33:54 ----A---- C:\Windows\system32\spwmp.dll
2009-03-10 22:33:54 ----A---- C:\Windows\system32\dxmasf.dll
2009-03-10 22:32:58 ----A---- C:\Windows\system32\schannel.dll
2009-03-06 22:53:30 ----A---- C:\Windows\system32\lsdelete.exe

======List of files/folders modified in the last 1 months======

2009-04-01 11:01:35 ----D---- C:\Windows\Prefetch
2009-04-01 11:01:32 ----D---- C:\Windows\Temp
2009-04-01 10:32:22 ----D---- C:\Windows\Tasks
2009-04-01 10:32:14 ----D---- C:\ProgramData\Google Updater
2009-04-01 10:28:35 ----AD---- C:\ProgramData\TEMP
2009-04-01 09:17:16 ----D---- C:\Program Files\PC Tools AntiVirus
2009-04-01 00:22:17 ----D---- C:\Windows\system32\drivers
2009-04-01 00:22:08 ----D---- C:\Program Files\Common Files
2009-04-01 00:21:56 ----HD---- C:\ProgramData
2009-04-01 00:19:26 ----D---- C:\Windows\System32
2009-04-01 00:19:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-04-01 00:19:25 ----D---- C:\Windows\inf
2009-04-01 00:18:30 ----D---- C:\Program Files\Mozilla Firefox
2009-03-31 22:22:56 ----SHD---- C:\Windows\Installer
2009-03-31 22:22:12 ----D---- C:\Program Files\Google
2009-03-31 22:21:04 ----SHD---- C:\System Volume Information
2009-03-31 13:27:58 ----SD---- C:\ProgramData\Microsoft
2009-03-31 11:13:57 ----RD---- C:\Program Files
2009-03-30 16:12:56 ----D---- C:\Windows\Minidump
2009-03-30 16:12:50 ----D---- C:\Windows
2009-03-30 13:59:13 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-30 13:48:56 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-03-30 13:07:36 ----D---- C:\Windows\system32\Tasks
2009-03-25 16:29:05 ----D---- C:\Windows\system32\catroot2
2009-03-12 19:10:40 ----D---- C:\ProgramData\Google
2009-03-11 03:22:03 ----D---- C:\Windows\winsxs
2009-03-11 03:11:45 ----D---- C:\Windows\system32\catroot
2009-03-11 03:08:07 ----D---- C:\Program Files\Windows Media Player
2009-03-11 03:08:07 ----D---- C:\Program Files\Windows Mail
2009-03-06 20:00:23 ----DC---- C:\Windows\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2009-03-31 66952]
R1 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2009-03-31 81288]
R2 AVFilter;AVFilter; C:\Windows\system32\drivers\AVFilter.sys [2009-02-10 21904]
R2 dsunidrv;DellSupport UniDriver; C:\Windows\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-14 2593280]
R3 AVHook;AVHook; C:\Windows\system32\drivers\AVHook.sys [2009-02-10 28560]
R3 AVRec;AVRec; C:\Windows\system32\drivers\AVRec.sys [2009-02-10 21904]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-09 1044472]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-02 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-02 206848]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-29 7424]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-09-07 330240]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-04-27 182456]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-02 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [2006-10-05 4736]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 inyafakj;inyafakj; \??\C:\Users\drenda\AppData\Local\Temp\inyafakj.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-14 2593280]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-09-14 102400]
R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-08-29 73728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-08-14 593920]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 CSHelper;CopySafe Helper Service; C:\Windows\system32\CSHelper.exe [2009-02-18 266240]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-03-31 1079176]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-09-07 102400]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S2 gupdate1c8c37a28b2c239;Google Update Service (gupdate1c8c37a28b2c239); C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-31 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 PCTAVSvc;PC Tools AntiVirus Engine; C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe [2009-03-13 826600]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-08 29744]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]

-----------------EOF-----------------

Shaba

2009-04-01, 18:09

Please check if there is info.txt in c:\rsit folder :)

drenda

2009-04-01, 18:13

Found it.

info.txt logfile of random's system information tool 1.06 2009-04-01 10:54:11

======Uninstall list======

-->C:\Program Files\PC Tools AntiVirus\unins000.exe /LOG
-->MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
Ad-Aware-->"C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 2.1-->MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Photoshop Elements 5.0-->msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
AIM 6-->C:\Program Files\AIM6\uninst.exe
AOL Install-->MsiExec.exe /I{2357B8BC-88C9-4A72-818C-050CC4EB0778}
Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArtistScope Plugin FX 42-->"C:\Windows\ArtistScope Plugin FX 42\uninstall.exe" "/U:C:\Program Files\Mozilla Firefox\plugins\Uninstall\uninstall.xml"
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x9
ATI PCI Express (3GIO) Filter Driver-->C:\Program Files\InstallShield Installation Information\{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}\Setup.exe -runfromtemp -l0x0009 -removeonly
Autostar Suite Astronomers Edition-->C:\PROGRA~1\Meade\ASTROW~1\UNWISE.EXE C:\PROGRA~1\Meade\ASTROW~1\INSTALL.LOG
BlackBerry Desktop Software 4.7-->MsiExec.exe /I{9833D727-8FF5-40AE-A193-525747555FF1}
BlackBerry Desktop Software 4.7-->MsiExec.exe /i{9833D727-8FF5-40AE-A193-525747555FF1}
BlackBerry Device Software Updater-->MsiExec.exe /X{1A0F7DFF-6F13-458C-8EC3-5386E8C251C6}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom Management Programs-->MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Catalyst Control Center - Branding-->MsiExec.exe /I{EFBE2318-89B7-4A5F-8912-23DB04761C31}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
EarthLink Setup Files-->MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Game Booster-->"C:\Program Files\IObit\Game Booster\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth Plugin-->MsiExec.exe /I{9491C880-1C35-11DE-97B2-005056806466}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HDView for Firefox-->MsiExec.exe /I{E6445FCC-EAF6-4E35-9E72-6EF105A4C177}
Hello (remove only)-->"C:\Program Files\Hello\Uninstall.exe"
HijackThis 2.0.2-->"C:\Users\drenda\Downloads\HijackThis.exe" /uninstall
Internet Service Offers Launcher-->MsiExec.exe /I{CCFF1E13-77A2-4032-8B12-7566982A27DF}
IsoBuster 2.4-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
Kodak EasyShare software-->C:\ProgramData\Kodak\EasyShareSetup\$SETUP_3c0002_d07fb\Setup.exe /APR-REMOVE
Laptop Integrated Webcam Driver (1.04.01.1011) -->C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Music, Photos & Videos Launcher-->MsiExec.exe /I{D7769185-9A7C-48D4-8874-5388743A1DE2}
MyPublisher-->C:\Program Files\MyPublisher\MyPublisher\MyPublisher.exe -uninstall
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Noiseware Community Edition-->MsiExec.exe /I{CB3B7C24-30A1-4961-8039-94919F5ED2EE}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC Inspector smart recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9A87D86-FDFD-418B-BF96-EF09320973B3}\Setup.exe" -l0x9
PC Tools AntiVirus 6.0-->"C:\Program Files\PC Tools AntiVirus\unins000.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Product Documentation Launcher-->MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
QuickSet-->MsiExec.exe /I{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
The Weather Channel Desktop 6-->C:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
V CAST Music with Rhapsody-->C:\PROGRA~1\VCASTM~1\Unwise32.exe /A C:\PROGRA~1\VCASTM~1\install.log
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtual Earth 3D (Beta)-->MsiExec.exe /I{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WebEx Support Manager for Internet Explorer-->MsiExec.exe /I{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Windows Mobile Device Center-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Lavasoft Ad-Watch Live!
AS: Windows Defender

======System event log======

Computer Name: drenda-laptop
Event Code: 7
Message: The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 16 seconds since the last report.
Record Number: 133300
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20090401141658.930352-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: drenda-laptop
Event Code: 7
Message: The speed of processor 1 is being limited by system firmware. The processor has been in this reduced performance state for 15 seconds since the last report.
Record Number: 133301
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20090401141658.972352-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: drenda-laptop
Event Code: 7
Message: The device, \Device\Harddisk0\DR0, has a bad block.
Record Number: 133302
Source Name: disk
Time Written: 20090401142113.946352-000
Event Type: Error
User:

Computer Name: drenda-laptop
Event Code: 7034
Message: The PC Tools AntiVirus Engine service terminated unexpectedly. It has done this 1 time(s).
Record Number: 133303
Source Name: Service Control Manager
Time Written: 20090401142123.000000-000
Event Type: Error
User:

Computer Name: drenda-laptop
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {97157172-3753-4D80-ADC8-249BF6A2871F}
User: DRENDA-LAPTOP\drenda
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: driver:inyafakj
Alert Type: Unclassified software
Detection Type:
Record Number: 133304
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090401142216.000000-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: drenda-laptop
Event Code: 64
Message: Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 c

Shaba

2009-04-01, 18:38

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select ''Run as administrator'' to perform this scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)

drenda

2009-04-01, 21:40

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, April 1, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, April 01, 2009 18:41:40
Records in database: 1993382
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 137311
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:16:37

No malware has been detected. The scan area is clean.

The selected area was scanned.
------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:55 PM, on 4/1/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\CSHelper.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\drenda\Downloads\avg_free_stf_en_85_285a1462.exe
C:\Users\drenda\AppData\Local\Temp\7zSCFD8.tmp\avgsetup.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Users\drenda\AppData\Local\Temp\jkos-drenda\binaries\ScanningProcess.exe
C:\Users\drenda\AppData\Local\Temp\jkos-drenda\binaries\ScanningProcess.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\drenda\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\drenda\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c8c37a28b2c239) (gupdate1c8c37a28b2c239) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13978 bytes

Shaba

2009-04-02, 06:16

That looks good :)

Still problems?

drenda

2009-04-02, 06:25

No, no problems. Would you suggest turning off, and back on, system restore to create a clean restore point?

Shaba

2009-04-02, 07:21

That is one step, yes.

For more, see below:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (http://www.personalfirewall.comodo.com/download_firewall.html) (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) PC Tools (http://www.pctools.com/firewall/download/)
4) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
5) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Next we remove all used tools.

Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows Vista then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows Vista System Restore Guide (http://www.bleepingcomputer.com/tutorials/tutorial143.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide (http://bfccomputers.com/index.php?showtopic=1644)

Malwarebytes' Anti-Malware Scanning Guide (http://bfccomputers.com/index.php?showtopic=1645)

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)

Happy surfing and stay clean! :bigthumb:

drenda

2009-04-03, 04:33

Thanks for your help! I'll do as you suggested.

Shaba

2009-04-05, 11:03

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.