Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help! Having major computer issues - shows up mostly when I'm

Started by coyotehunnie , Jul 08 2010 09:05 PM

Please log in to reply

#1
coyotehunnie

Posted 08 July 2010 - 09:05 PM

New Member

Member
4 posts

I have issues opening in safe mode, so the fixes I was going to try and make wouldn't work. I went through your steps. To note, recently I was using Limewire and downloading movies. So that may be the cause of this I bet, as I rarely use Limewire. And I usually don't update it, this time I downloaded the more recent version. Typically I use it for music.

After running all the tests, the computer seems to be working better now. Has been since I ran the first one. MBAM? One thing I also want to note is that Google Chrome won't work on my computer. I've tried all of their listed fixes and I'm wondering if it's because of a virus/malware that it's recognizing that IE and Firefox aren't picking up. Anyways, here's the report.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4294

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

7/8/2010 11:37:22 PM
mbam-log-2010-07-08 (23-37-22).txt

Scan type: Quick scan
Objects scanned: 147513
Time elapsed: 15 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

And here's the Rootkit log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-09 07:19:16
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\kxldykog.sys

---- System - GMER 1.0.15 ----

SSDT 88BF5109 ZwCreateThread

---- User code sections - GMER 1.0.15 ----

.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 73000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 6D000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 70000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 6A000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 76000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 46000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 5B000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 5E000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 4C000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 49000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 3A000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 43000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 61000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 55000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 3D000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 52000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 4F000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 58000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 40000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 28000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 2E000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 37000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WS2_32.dll!send 71AB4C27 8 Bytes JMP 34000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 64000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 2B000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WS2_32.dll!recv 71AB676F 8 Bytes JMP 67000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 31000025
.text C:\WINDOWS\system32\ctfmon.exe[200] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 45000025
.text C:\WINDOWS\system32\ctfmon.exe[200] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 3F000025
.text C:\WINDOWS\system32\ctfmon.exe[200] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 42000025
.text C:\WINDOWS\system32\ctfmon.exe[200] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 3C000025
.text C:\WINDOWS\system32\ctfmon.exe[200] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 48000025
.text C:\WINDOWS\system32\ctfmon.exe[200] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\WINDOWS\system32\ctfmon.exe[200] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP F9000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP FF000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 08000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WS2_32.dll!send 71AB4C27 8 Bytes JMP 05000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 36000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP FC000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WS2_32.dll!recv 71AB676F 8 Bytes JMP 39000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 02000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 17000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 2C000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 2F000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 1D000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 1A000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 0B000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 14000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 32000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 26000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 0E000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 23000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 20000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 29000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 11000025
.text C:\WINDOWS\system32\wscntfy.exe[204] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 3F000025
.text C:\WINDOWS\system32\wscntfy.exe[204] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 39000025
.text C:\WINDOWS\system32\wscntfy.exe[204] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 3C000025
.text C:\WINDOWS\system32\wscntfy.exe[204] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 36000025
.text C:\WINDOWS\system32\wscntfy.exe[204] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 42000025
.text C:\WINDOWS\system32\wscntfy.exe[204] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\WINDOWS\system32\wscntfy.exe[204] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP F2000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP F8000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 03000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WS2_32.dll!send 71AB4C27 8 Bytes JMP FF000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 30000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP F5000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WS2_32.dll!recv 71AB676F 8 Bytes JMP 33000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP FB000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 12000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 27000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 2A000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 18000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 15000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 06000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 0F000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 2D000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 21000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 09000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 1E000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 1B000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 24000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 0C000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP CE000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP C8000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP CB000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP C5000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP D1000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 83000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 89000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 92000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WS2_32.dll!send 71AB4C27 8 Bytes JMP 8F000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP BF000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 86000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WS2_32.dll!recv 71AB676F 8 Bytes JMP C2000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 8C000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP A1000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP B6000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP B9000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP A7000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP A4000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 95000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 9E000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP BC000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP B0000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 98000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP AD000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP AA000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP B3000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 9B000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 7F000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 79000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 7C000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 76000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 82000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 34000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 3A000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 43000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WS2_32.dll!send 71AB4C27 8 Bytes JMP 40000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 70000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 37000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WS2_32.dll!recv 71AB676F 8 Bytes JMP 73000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 3D000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 52000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 67000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 6A000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 58000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 55000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 46000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 4F000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 6D000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 61000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 49000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 5E000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 5B000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 64000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 4C000025
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP B0000025
.text C:\WINDOWS\Explorer.EXE[564] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP AA000025
.text C:\WINDOWS\Explorer.EXE[564] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP AD000025
.text C:\WINDOWS\Explorer.EXE[564] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP A7000025
.text C:\WINDOWS\Explorer.EXE[564] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP B3000025
.text C:\WINDOWS\Explorer.EXE[564] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 83000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 98000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 9B000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 89000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 86000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 0C75FFD0
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 80000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 9E000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 92000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 7A000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 8F000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 8C000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 95000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP F1FFEEEE
.text C:\WINDOWS\Explorer.EXE[564] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 65000025
.text C:\WINDOWS\Explorer.EXE[564] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 6B000025
.text C:\WINDOWS\Explorer.EXE[564] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 74000025
.text C:\WINDOWS\Explorer.EXE[564] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] WS2_32.dll!send 71AB4C27 8 Bytes JMP 71000025
.text C:\WINDOWS\Explorer.EXE[564] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP A1000025
.text C:\WINDOWS\Explorer.EXE[564] WS2_32.dll!gethostbyname 71AB5355 8 Bytes [55, 90, FF, 25, 00, 00, 68, ...] {PUSH EBP; NOP ; JMP [0x1680000]}
.text C:\WINDOWS\Explorer.EXE[564] WS2_32.dll!recv 71AB676F 8 Bytes JMP A4000025
.text C:\WINDOWS\Explorer.EXE[564] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 6E000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP B8000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP B2000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP B5000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP AF000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP BB000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 3C000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 42000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 7C000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WS2_32.dll!send 71AB4C27 8 Bytes JMP 79000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP A9000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 3F000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WS2_32.dll!recv 71AB676F 8 Bytes JMP AC000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 76000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 8B000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP A0000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP A3000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 91000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 8E000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 7F000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 88000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP A6000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 9A000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 82000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 97000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 94000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 9D000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 85000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 9A000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 94000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 97000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 91000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 9D000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 4F000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 55000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 5E000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WS2_32.dll!send 71AB4C27 8 Bytes JMP 5B000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 8B000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 52000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WS2_32.dll!recv 71AB676F 8 Bytes JMP 8E000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 58000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 6D000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 82000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 85000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 73000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 70000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 61000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 6A000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 88000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 7C000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 64000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 79000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 76000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 7F000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 67000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP BE000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP B8000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP BB000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP B5000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP C1000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 73000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 79000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 82000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WS2_32.dll!send 71AB4C27 8 Bytes JMP 7F000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP AF000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 76000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WS2_32.dll!recv 71AB676F 8 Bytes JMP B2000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 7C000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 91000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP A6000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP A9000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 97000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 94000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 85000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 8E000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP AC000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP A0000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 88000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 9D000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 9A000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP A3000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 8B000025
.text C:\WINDOWS\system32\hkcmd.exe[940] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP C4000025
.text C:\WINDOWS\system32\hkcmd.exe[940] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP BE000025
.text C:\WINDOWS\system32\hkcmd.exe[940] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP C1000025
.text C:\WINDOWS\system32\hkcmd.exe[940] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP BB000025
.text C:\WINDOWS\system32\hkcmd.exe[940] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP C7000025
.text C:\WINDOWS\system32\hkcmd.exe[940] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\WINDOWS\system32\hkcmd.exe[940] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 37000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 3D000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 87000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WS2_32.dll!send 71AB4C27 8 Bytes JMP 84000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP B5000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 3A000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WS2_32.dll!recv 71AB676F 8 Bytes JMP B8000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 81000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 96000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP AB000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP AE000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 9C000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 99000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 8A000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 93000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP B1000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP A5000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 8D000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP A2000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 9F000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP A8000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 90000025
.text C:\WINDOWS\system32\igfxpers.exe[948] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP CB000025
.text C:\WINDOWS\system32\igfxpers.exe[948] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP C5000025
.text C:\WINDOWS\system32\igfxpers.exe[948] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP C8000025
.text C:\WINDOWS\system32\igfxpers.exe[948] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP C2000025
.text C:\WINDOWS\system32\igfxpers.exe[948] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP CE000025
.text C:\WINDOWS\system32\igfxpers.exe[948] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\WINDOWS\system32\igfxpers.exe[948] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 67006E00
.text C:\WINDOWS\system32\igfxpers.exe[948] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 44000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 8E000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WS2_32.dll!send 71AB4C27 8 Bytes JMP 8B000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP BC000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 41000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WS2_32.dll!recv 71AB676F 8 Bytes JMP BF000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 88000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 9D000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP B2000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP B5000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP A3000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP A0000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 91000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 9A000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP B8000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP AC000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 94000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP A9000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP A6000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP AF000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 97000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP C6000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP C0000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP C3000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP BD000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP C9000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP F5000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 81000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 8A000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WS2_32.dll!send 71AB4C27 8 Bytes JMP 87000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP B7000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP F8000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WS2_32.dll!recv 71AB676F 8 Bytes JMP BA000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 84000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 99000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP AE000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP B1000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 9F000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 9C000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 8D000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 96000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP B4000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP A8000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 90000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP A5000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP A2000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP AB000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 93000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP D8000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP D2000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP D5000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP CF000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP DB000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 8D000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 93000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 9C000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WS2_32.dll!send 71AB4C27 8 Bytes JMP 99000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP C9000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 90000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WS2_32.dll!recv 71AB676F 8 Bytes JMP CC000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 96000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP AB000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP C0000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP C3000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP B1000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP AE000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 9F000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP A8000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP C6000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP BA000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP A2000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP B7000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP B4000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP BD000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP A5000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 45000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 3F000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 42000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 3C000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 48000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP B9000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP BF000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 09000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WS2_32.dll!send 71AB4C27 8 Bytes JMP 06000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 36000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP BC000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WS2_32.dll!recv 71AB676F 8 Bytes JMP 39000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 03000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 18000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 2D000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 30000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 1E000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 1B000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 0C000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 15000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 33000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 27000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 0F000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 24000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 21000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 2A000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 12000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP AE000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP A8000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP AB000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP A5000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP B1000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 63000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 69000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 72000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WS2_32.dll!send 71AB4C27 8 Bytes JMP 6F000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 9F000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 66000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WS2_32.dll!recv 71AB676F 8 Bytes JMP A2000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 6C000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 81000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 96000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 99000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 87000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 84000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 75000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 7E000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 9C000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 90000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 78000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 8D000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 8A000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 93000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 7B000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP DB000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP D5000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP D8000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP D2000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP DE000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 90000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 96000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 9F000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WS2_32.dll!send 71AB4C27 8 Bytes JMP 9C000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP CC000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 93000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WS2_32.dll!recv 71AB676F 8 Bytes JMP CF000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 99000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP AE000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP C3000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP C6000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP B4000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP B1000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP A2000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP AB000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP C9000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP BD000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP A5000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP BA000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP B7000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP C0000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP A8000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP E4000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP DE000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP E1000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP DB000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP E7000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 99000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 9F000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP A8000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WS2_32.dll!send 71AB4C27 8 Bytes JMP A5000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP D5000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 9C000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WS2_32.dll!recv 71AB676F 8 Bytes JMP D8000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP A2000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP B7000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP CC000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP CF000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP BD000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP BA000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP AB000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP B4000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP D2000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP C6000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP AE000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP C3000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP C0000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP C9000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP B1000025
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 7E000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 78000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 7B000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 75000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 81000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 33000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 39000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 42000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WS2_32.dll!send 71AB4C27 8 Bytes JMP 3F000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 6F000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 36000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WS2_32.dll!recv 71AB676F 8 Bytes JMP 72000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 3C000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!InternetCloseHandle 3D944261 6 Bytes JMP 51000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!InternetCloseHandle + 7 3D944268 1 Byte [01]
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 66000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 69000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 57000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 54000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 45000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 4E000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 6C000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 60000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 48000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 5D000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 5A000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 63000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 4B000025
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP BF000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP B9000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP BC000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP B6000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP C2000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 74000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 7A000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 83000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WS2_32.dll!send 71AB4C27 8 Bytes JMP 80000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP B0000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 0C75FFD0
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WS2_32.dll!recv 71AB676F 8 Bytes JMP B3000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP F1FFEEEE
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 92000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP A7000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP AA000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 98000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 95000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 86000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 8F000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP AD000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP A1000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 89000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 9E000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 9B000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP A4000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 8C000025
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\QuickTime\QTTask.exe[1616] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 63000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 5D000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 60000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 5A000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 66000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\QuickTime\QTTask.exe[1616] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 18000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 1E000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 27000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WS2_32.dll!send 71AB4C27 8 Bytes JMP 24000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 54000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 1B000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WS2_32.dll!recv 71AB676F 8 Bytes JMP 57000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 21000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 36000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 4B000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 4E000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 3C000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 39000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 2A000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 33000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 51000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 45000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 2D000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 42000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 3F000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 48000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 30000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 0E000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 23000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 26000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 14000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 11000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!HttpSendRequestA 3D953558 8 Bytes [55, 90, FF, 25, 00, 00, 02, ...] {PUSH EBP; NOP ; JMP [0xa020000]}
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 0B000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 29000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 1D000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes [55, 90, FF, 25, 00, 00, 05, ...] {PUSH EBP; NOP ; JMP [0xa050000]}
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 1A000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 17000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 20000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes [55, 90, FF, 25, 00, 00, 08, ...] {PUSH EBP; NOP ; JMP [0xa080000]}
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 3B000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 35000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 38000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 32000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 67006E00 C:\Program Files\QuickTime\QTSystem\QuickTime.qts (QuickTime/Apple Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP F0000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP F6000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP FF000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WS2_32.dll!send 71AB4C27 8 Bytes JMP FC000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 2C000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP F3000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WS2_32.dll!recv 71AB676F 8 Bytes JMP 2F000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP F9000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 4D000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 47000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 4A000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 44000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 50000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 02000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 08000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 11000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WS2_32.dll!send 71AB4C27 8 Bytes JMP 0E000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 67006E00
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 05000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WS2_32.dll!recv 71AB676F 8 Bytes JMP 41000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 0B000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 20000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 35000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 38000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 26000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 23000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 14000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 1D000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 3B000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 2F000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 17000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 2C000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 29000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 32000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 1A000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP C0000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP BA000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP BD000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP B7000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP C3000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 75000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 7B000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 84000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WS2_32.dll!send 71AB4C27 8 Bytes JMP 81000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP B1000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 78000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WS2_32.dll!recv 71AB676F 8 Bytes JMP B4000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 7E000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 93000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP A8000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP AB000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 99000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 96000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 87000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 90000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP AE000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP A2000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 8A000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 9F000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 9C000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP A5000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 8D000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] USER32.dll!GetMessageW 7E4191C6 8 Bytes [55, 90, FF, 25, 00, 00, 6C, ...] {PUSH EBP; NOP ; JMP [0x26c0000]}
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 66000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 69000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 63000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 6F000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 20000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 26000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 2F000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WS2_32.dll!send 71AB4C27 8 Bytes JMP 2C000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 5C000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 23000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WS2_32.dll!recv 71AB676F 8 Bytes JMP 60000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 29000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 67006E00
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 53000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 56000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 44000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 41000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 32000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 3B000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 59000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 4D000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 35000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 4A000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 47000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 50000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 38000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 59000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 53000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 56000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 50000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 5C000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 0E000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 14000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 1D000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WS2_32.dll!send 71AB4C27 8 Bytes JMP 1A000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 4A000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WS2_32.dll!gethostbyname 71AB5355 8 Bytes [55, 90, FF, 25, 00, 00, 11, ...] {PUSH EBP; NOP ; JMP [0x5110000]}
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WS2_32.dll!recv 71AB676F 8 Bytes JMP 4D000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 17000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 2C000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 41000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 44000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 32000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 2F000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP C4815B5E
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 29000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 47000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 3B000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 23000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 38000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 35000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 67006E00
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 26000025
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 63000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 69000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 72000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] WS2_32.dll!send 71AB4C27 8 Bytes JMP 6F000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 7C000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 66000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] WS2_32.dll!recv 71AB676F 8 Bytes JMP 7F000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 6C000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 8E000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 88000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 8B000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 85000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 91000025
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP BA000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP B4000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP B7000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP B1000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP BD000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 6E000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 74000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP F1FFEEEE
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WS2_32.dll!send 71AB4C27 8 Bytes JMP 7A000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP AA000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 71000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WS2_32.dll!recv 71AB676F 8 Bytes JMP AE000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 77000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 8C000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP A1000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP A4000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 92000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 8F000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 80000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 89000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP A7000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 9B000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 83000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 98000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 95000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 9E000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 86000025
.text C:\WINDOWS\System32\svchost.exe[6096] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 88F26FC5

AttachedDevice \FileSystem\Ntfs \Ntfs CtxSbx.sys (Citrix Application Isolation Environment Driver/Citrix Systems, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat CtxSbx.sys (Citrix Application Isolation Environment Driver/Citrix Systems, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.)

---- Threads - GMER 1.0.15 ----

Thread System [4:572] 88F267CA
Thread System [4:596] 88F2657C
Thread System [4:600] 88F2757D

---- EOF - GMER 1.0.15 ----

And the OTL info:

OTL logfile created on: 7/9/2010 7:24:09 AM - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Jocelyn\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 45.14 Gb Total Space | 3.62 Gb Free Space | 8.01% Space Free | Partition Type: NTFS
Drive D: | 9.73 Gb Total Space | 1.52 Gb Free Space | 15.59% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOCELYNSLAPTOP
Current User Name: Jocelyn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/08 23:31:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jocelyn\Desktop\OTL.exe
PRC - [2009/10/30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/10/29 11:00:50 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files\AGI\core\4.0\AGCoreService.exe
PRC - [2009/03/23 10:47:10 | 003,458,376 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\3.1.5.7613\Webshots.scr
PRC - [2008/12/09 13:37:02 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/08 11:21:05 | 000,112,072 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2008/09/08 11:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/24 15:40:40 | 000,180,224 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe
PRC - [2006/05/12 13:33:22 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/05/12 13:32:14 | 001,265,748 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/05/09 20:24:16 | 000,050,760 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe
PRC - [2005/09/24 11:42:32 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/08/11 19:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/03/17 11:10:32 | 000,536,576 | ---- | M] (Panicware, Inc.) -- C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
PRC - [2004/09/22 20:00:00 | 000,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\mcshield.exe
PRC - [2004/09/22 20:00:00 | 000,094,208 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\shstat.exe
PRC - [2004/09/22 20:00:00 | 000,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
PRC - [2004/08/06 03:50:00 | 000,237,623 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2004/08/06 03:50:00 | 000,139,320 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
PRC - [2004/08/06 03:50:00 | 000,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2003/10/07 09:48:56 | 000,147,514 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
PRC - [2001/07/03 10:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe
PRC - [2001/07/03 10:11:52 | 000,057,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

========== Modules (SafeList) ==========

MOD - [2010/07/08 23:31:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jocelyn\Desktop\OTL.exe
MOD - [2008/04/13 20:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/05/12 13:34:36 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2005/03/10 16:33:48 | 000,053,248 | ---- | M] (Panicware, Inc.) -- C:\Program Files\Panicware\Pop-Up Stopper Free Edition\XAHook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2009/10/30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/29 11:00:50 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files\AGI\core\4.0\AGCoreService.exe -- (AGCoreService)
SRV - [2008/12/09 13:37:02 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/08 11:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2007/07/05 15:56:00 | 000,237,568 | ---- | M] (Citrix Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Citrix\Streaming Client\RadeSvc.exe -- (RadeSvc)
SRV - [2007/05/24 15:40:40 | 000,180,224 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe -- (CdfSvc)
SRV - [2006/06/12 16:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2005/10/06 21:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2004/09/22 20:00:00 | 000,221,191 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\VirusScan\mcshield.exe -- (McShield)
SRV - [2004/09/22 20:00:00 | 000,028,672 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\VirusScan\vstskmgr.exe -- (McTaskManager)
SRV - [2004/08/06 03:50:00 | 000,102,463 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/09 12:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 15:15:53 | 000,295,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AAAAAAA.sys -- (AAAAAAA)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/05 16:50:20 | 000,161,352 | ---- | M] (Citrix Systems, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\CtxSbx.sys -- (CtxSbx)
DRV - [2007/07/05 15:45:36 | 000,020,424 | ---- | M] (Citrix Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ctxpidmn.sys -- (ctxpidmn)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/24 15:40:18 | 000,022,968 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdfdrv.sys -- (cdfdrv)
DRV - [2007/03/22 15:59:46 | 000,625,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/06/17 00:40:56 | 000,193,120 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/05/12 13:21:22 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/12 13:19:04 | 001,342,602 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/12 13:17:18 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/12 13:16:44 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/12 13:13:46 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/03/14 14:02:54 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/22 20:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 23:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 21:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/13 05:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/09/19 17:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/08/22 12:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 12:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/22 12:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/10/18 20:00:00 | 000,008,320 | ---- | M] (Network Associates, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\entdrv51.sys -- (EntDrv51)
DRV - [2004/10/15 20:00:00 | 000,058,464 | ---- | M] (Network Associates, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mvstdi5x.sys -- (NaiAvTdi1)
DRV - [2004/09/22 20:00:00 | 000,108,256 | ---- | M] (Network Associates, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/18 01:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 01:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 01:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 01:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 01:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 00:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 00:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 00:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 00:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 00:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 00:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 00:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 00:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 00:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 00:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {0C7E3F01-99E9-4095-9BDC-F84724960B57}:5.0.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/08 21:22:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/08 21:19:04 | 000,000,000 | ---D | M]

[2009/03/29 14:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Extensions
[2009/03/29 14:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Extensions\[email protected]
[2010/07/08 23:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\gzrtjsc2.default\extensions
[2009/04/27 12:27:03 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\gzrtjsc2.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2009/08/23 10:05:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\gzrtjsc2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/03 00:10:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\gzrtjsc2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/08 21:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\rvvezany.coyotehunnie\extensions
[2010/07/08 21:53:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\rvvezany.coyotehunnie\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/08 23:51:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/06/21 19:38:54 | 000,079,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2007/06/21 19:38:56 | 000,071,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2007/06/21 19:39:18 | 000,034,376 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/06/21 19:39:34 | 000,325,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/07/05 16:36:14 | 000,015,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\nprade.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/06/21 19:40:02 | 000,030,280 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2010/07/08 21:47:15 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [CXMon] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Network Associates Error Reporting Service] C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (Network Associates, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [PopUpStopperFreeEdition] C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (Panicware, Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\Jocelyn\Start Menu\Programs\StartUp\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe (Webshots.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2007/09/06 20:37:59 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2007/09/06 20:37:59 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2007/09/06 20:37:59 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2007/09/06 20:37:59 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.micr...0367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} http://h50203.www5.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jocelyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jocelyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465003472846848)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/08 23:31:10 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jocelyn\Desktop\OTL.exe
[2010/07/08 23:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jocelyn\Application Data\Malwarebytes
[2010/07/08 23:21:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/08 23:21:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/08 23:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/08 23:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/08 23:20:19 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jocelyn\My Documents\mbam-setup.exe
[2010/07/08 23:20:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/08 23:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/08 23:19:09 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Jocelyn\My Documents\erunt_setup.exe
[2010/07/08 23:07:10 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jocelyn\My Documents\TFC.exe
[2010/07/08 22:53:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/08 22:47:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jocelyn\Recent
[2010/07/08 22:44:34 | 003,396,176 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Jocelyn\My Documents\ccsetup233.exe
[2010/07/08 21:37:36 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2010/07/08 21:37:36 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2010/07/08 21:37:36 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2010/07/08 21:37:36 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2010/07/08 21:37:36 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2010/07/08 21:37:36 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2010/07/08 21:37:35 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2010/07/08 21:37:35 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2010/07/08 21:37:35 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010/07/08 21:37:35 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010/07/08 21:37:35 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2010/07/08 21:36:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jocelyn\Desktop\SmitfraudFix
[2010/07/08 21:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/07/08 21:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\afreeCodecVT
[2010/07/08 21:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\Convert AVI to MP4
[2010/07/08 21:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
[2010/07/08 21:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TiVo Shared
[2010/07/08 21:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2010/07/08 21:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/08 21:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 4.0
[2010/07/08 21:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jocelyn\Application Data\Viewpoint
[2010/07/07 20:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jocelyn\My Documents\Downloads
[2010/07/07 18:40:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\afreeCodecVT
[2010/07/07 08:36:26 | 002,833,691 | ---- | C] (convertavitomp3.com ) -- C:\Documents and Settings\Jocelyn\My Documents\convertavitomp4_setup.exe
[2010/05/08 19:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jocelyn\Desktop\102ND200
[2010/05/07 09:44:54 | 024,184,872 | ---- | C] (Lime Wire LLC) -- C:\Documents and Settings\Jocelyn\My Documents\LimeWireWin(4).exe
[2010/04/18 22:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/04/18 22:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games

========== Files - Modified Within 90 Days ==========

[2010/07/09 07:06:14 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/09 06:47:14 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1252877270-681193528-834207150-1005UA.job
[2010/07/08 23:47:05 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1252877270-681193528-834207150-1005Core.job
[2010/07/08 23:43:33 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Desktop\Google Chrome.lnk
[2010/07/08 23:43:33 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/08 23:40:28 | 000,001,591 | ---- | M] () -- C:\hpqp.ini
[2010/07/08 23:40:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/08 23:39:39 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/07/08 23:38:59 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2010/07/08 23:38:55 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/08 23:38:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/08 23:38:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/08 23:38:43 | 2137,116,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/08 23:31:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jocelyn\Desktop\OTL.exe
[2010/07/08 23:23:55 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\gmer.zip
[2010/07/08 23:21:20 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/08 23:20:54 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jocelyn\My Documents\mbam-setup.exe
[2010/07/08 23:19:33 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Desktop\NTREGOPT.lnk
[2010/07/08 23:19:33 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Desktop\ERUNT.lnk
[2010/07/08 23:19:07 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Jocelyn\My Documents\erunt_setup.exe
[2010/07/08 23:06:37 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jocelyn\My Documents\TFC.exe
[2010/07/08 22:56:36 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Desktop\HiJackThis.lnk
[2010/07/08 22:52:35 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\HiJackThis.msi
[2010/07/08 22:45:15 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Desktop\CCleaner.lnk
[2010/07/08 22:44:37 | 003,396,176 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Jocelyn\My Documents\ccsetup233.exe
[2010/07/08 22:40:03 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2010/07/08 22:23:48 | 004,583,424 | ---- | M] () -- C:\Documents and Settings\Jocelyn\NTUSER.DAT
[2010/07/08 22:23:48 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jocelyn\ntuser.ini
[2010/07/08 21:47:20 | 000,006,012 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/07/08 21:19:10 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/08 21:19:10 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/08 00:44:44 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\TD homers [bleep].doc
[2010/07/07 18:40:35 | 002,915,212 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\afreeCodecVT2_Setup.exe
[2010/07/07 18:39:02 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/07 08:36:32 | 002,833,691 | ---- | M] (convertavitomp3.com ) -- C:\Documents and Settings\Jocelyn\My Documents\convertavitomp4_setup.exe
[2010/07/04 03:05:57 | 000,254,384 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\WebshotsDesktopSetup(2).exe
[2010/07/04 02:49:47 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Start Menu\Programs\StartUp\Webshots.lnk
[2010/06/23 20:39:48 | 000,519,584 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 20:39:48 | 000,454,986 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 20:39:48 | 000,075,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/14 22:23:56 | 000,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/03 21:08:56 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/29 10:34:46 | 002,323,239 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\espn stuff for auction.JPG
[2010/05/26 19:51:22 | 000,052,402 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\tattoo.jpg
[2010/05/25 22:15:26 | 000,014,923 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\orange shirt.jpg
[2010/05/25 22:14:56 | 000,012,173 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\me and jen cropped.jpg
[2010/05/25 22:14:04 | 000,013,836 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\standing up.jpg
[2010/05/25 22:12:54 | 000,048,924 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\me and ness.jpg
[2010/05/25 22:11:52 | 000,034,580 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\kevin's close up.jpg
[2010/05/25 22:11:23 | 000,067,825 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\me and jen.jpg
[2010/05/23 20:36:12 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\bachelorette party cost.xls
[2010/05/22 11:33:48 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\ChaLEAN Extreme.xls
[2010/05/16 19:10:57 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/13 21:03:20 | 000,053,379 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\tattoo 5.11.10.jpg
[2010/05/08 19:55:57 | 000,006,148 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\.DS_Store
[2010/05/07 09:45:52 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Desktop\LimeWire 5.5.8.lnk
[2010/05/07 09:45:07 | 024,184,872 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Jocelyn\My Documents\LimeWireWin(4).exe
[2010/04/30 21:26:26 | 000,104,887 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\Bruins tickets Game 2 Home.pdf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/24 11:30:41 | 000,436,736 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\tattoo designs with ivy.doc
[2010/04/24 10:14:32 | 000,101,792 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design 5.jpg
[2010/04/24 10:14:18 | 000,112,680 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design 4.jpg
[2010/04/24 10:14:02 | 000,111,257 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design 3.jpg
[2010/04/24 10:13:25 | 000,036,667 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design2.jpg
[2010/04/24 10:13:06 | 000,030,497 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design.jpg
[2010/04/18 22:35:44 | 000,000,024 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/04/18 22:27:59 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled Blitz.lnk
[2010/04/18 22:27:59 | 000,000,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2010/04/18 22:27:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\popcreg.dat
[2010/04/18 22:27:00 | 058,723,112 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\BejeweledBlitzSetup_FB.exe
[2010/04/14 19:14:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk

========== Files Created - No Company Name ==========

[2010/07/08 23:43:33 | 000,002,300 | ---- | C] () -- C:\Documents and Settings\Jocelyn\Desktop\Google Chrome.lnk
[2010/07/08 23:43:33 | 000,002,278 | ---- | C] () -- C:\Documents and Settings\Jocelyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/08 23:42:19 | 000,000,986 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1252877270-681193528-834207150-1005UA.job
[2010/07/08 23:42:19 | 000,000,934 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1252877270-681193528-834207150-1005Core.job
[2010/07/08 23:23:55 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\gmer.zip
[2010/07/08 23:21:20 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/08 23:19:33 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Jocelyn\Desktop\NTREGOPT.lnk
[2010/07/08 23:19:33 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Jocelyn\Desktop\ERUNT.lnk
[2010/07/08 22:53:36 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\Jocelyn\Desktop\HiJackThis.lnk
[2010/07/08 22:52:33 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\HiJackThis.msi
[2010/07/08 22:31:32 | 2137,116,672 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/08 21:38:05 | 000,006,012 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/07/08 21:37:35 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2010/07/08 21:37:35 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010/07/08 21:37:35 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2010/07/08 00:44:44 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\TD homers [bleep].doc
[2010/07/07 18:40:11 | 002,915,212 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\afreeCodecVT2_Setup.exe
[2010/07/04 03:06:02 | 000,254,384 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\WebshotsDesktopSetup(2).exe
[2010/05/29 10:34:46 | 002,323,239 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\espn stuff for auction.JPG
[2010/05/26 19:51:22 | 000,052,402 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\tattoo.jpg
[2010/05/25 22:14:56 | 000,012,173 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\me and jen cropped.jpg
[2010/05/25 22:14:04 | 000,013,836 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\standing up.jpg
[2010/05/25 22:12:53 | 000,048,924 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\me and ness.jpg
[2010/05/25 22:11:52 | 000,034,580 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\kevin's close up.jpg
[2010/05/25 22:11:22 | 000,067,825 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\me and jen.jpg
[2010/05/25 22:10:03 | 000,014,923 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\orange shirt.jpg
[2010/05/16 19:10:57 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/15 13:34:06 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\bachelorette party cost.xls
[2010/05/13 21:03:20 | 000,053,379 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\tattoo 5.11.10.jpg
[2010/05/08 19:50:20 | 000,006,148 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\.DS_Store
[2010/05/07 09:45:52 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\Jocelyn\Desktop\LimeWire 5.5.8.lnk
[2010/04/30 21:26:26 | 000,104,887 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\Bruins tickets Game 2 Home.pdf
[2010/04/24 11:30:41 | 000,436,736 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\tattoo designs with ivy.doc
[2010/04/24 10:14:32 | 000,101,792 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design 5.jpg
[2010/04/24 10:14:18 | 000,112,680 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design 4.jpg
[2010/04/24 10:14:02 | 000,111,257 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design 3.jpg
[2010/04/24 10:13:25 | 000,036,667 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design2.jpg
[2010/04/24 10:13:06 | 000,030,497 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design.jpg
[2010/04/18 22:27:59 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled Blitz.lnk
[2010/04/18 22:27:59 | 000,000,194 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2010/04/18 22:27:38 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/04/18 22:27:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/04/18 22:24:01 | 058,723,112 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\BejeweledBlitzSetup_FB.exe
[2010/03/11 08:55:45 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/09/30 23:09:23 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2007/08/24 12:06:30 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/09/14 15:29:58 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/08 14:41:06 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/08 14:36:34 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/08 14:22:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/08 14:17:49 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/12 13:23:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/05/10 17:51:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/10 17:01:12 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/10 16:57:30 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/12/02 14:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/05 22:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2008/11/19 21:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/11/07 13:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2006/09/16 15:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2010/04/18 22:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/07/08 22:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/08 20:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/06/21 15:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/03/15 11:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/21 19:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/09/14 15:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\acccore
[2009/11/09 00:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\AGI
[2006/09/14 16:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\Aim
[2008/07/21 12:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\ICAClient
[2010/07/08 21:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\Viewpoint
[2006/09/14 16:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\Webshots

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/15 01:02:16 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2007/07/26 17:33:04 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
[2010/07/08 23:38:43 | 2137,116,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/08 23:40:28 | 000,001,591 | ---- | M] () -- C:\hpqp.ini
[2006/09/14 10:18:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/11/19 21:50:18 | 000,001,629 | -H-- | M] () -- C:\IPH.PH
[2006/09/14 10:18:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/07/13 17:33:32 | 000,001,111 | ---- | M] () -- C:\net_save.dna
[2004/08/04 17:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2008/08/30 14:27:13 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2009/06/01 20:56:37 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/06/01 20:56:37 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2010/07/08 23:38:35 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2010/07/08 21:51:35 | 000,002,133 | ---- | M] () -- C:\rapport.txt
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2010/07/08 23:38:59 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2007/08/11 20:19:22 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2005/09/24 11:49:16 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2006/12/19 14:04:48 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/06/18 20:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/05/10 09:27:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/05/10 09:27:00 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-24 00:41:03

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

And the extras

OTL Extras logfile created on: 7/9/2010 7:24:09 AM - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Jocelyn\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 45.14 Gb Total Space | 3.62 Gb Free Space | 8.01% Space Free | Partition Type: NTFS
Drive D: | 9.73 Gb Total Space | 1.52 Gb Free Space | 15.59% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOCELYNSLAPTOP
Current User Name: Jocelyn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\HP Games\Wheel of Fortune\Wheel of Fortune.exe" = C:\Program Files\HP Games\Wheel of Fortune\Wheel of Fortune.exe:*:Enabled:Wheel of Fortune -- (Sony Pictures Digital Networks Inc.)
"E:\install.exe" = E:\install.exe:*:Enabled:install -- File not found
"C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" = C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Disabled:Framework Service -- (Network Associates, Inc.)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{214ED689-3F31-4ABC-A79D-870A73ECB086}" = TurboTax 2008 wctiper
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 B1
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48AFBB60-8CF5-4605-BB04-704DD8702B80}" = VZAccess Manager for RIM
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5A5F02DA-D200-4E6E-B469-45866D5CB207}" = Citrix Streaming Client 1.1 for Windows
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5DF3D1BB-894E-4DCD-8275-159AC9829B43}" = McAfee VirusScan Enterprise
"{63A3856B-5C0E-4BC1-B508-629AE74B6BBA}" = HP User Guides 0027
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{a454c267-70b9-3bfc-af15-628bcc82d578}" = Webshots Desktop
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"afreeCodecVT2" = afreeCodecVT
"AIM_6" = AIM 6
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Audit Support Center" = Audit Support Center 1.0
"Bejeweled Blitz" = Bejeweled Blitz
"CCleaner" = CCleaner
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_wis30B2m" = HDAUDIO Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"home box office" = home box office Screen Saver
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Photo Imaging Software" = HP Photo Imaging Software
"HP Photo Printing Software" = HP Photo Printing Software
"HP Rhapsody" = HP Rhapsody
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"LimeWire" = LimeWire 5.5.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pop-Up Stopper Free Edition" = Pop-Up Stopper Free Edition
"PROSet" = Intel® PRO Network Connections Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax 2008" = TurboTax 2008
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Viewpoint Toolbar" = Viewpoint Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WGA" = Windows Genuine Advantage Validation Tool
"WildTangent CDA" = WildTangent Web Driver
"WildTangent hplaptop Master Uninstall" = My HP Games
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 7/8/2010 11:09:09 PM | Computer Name = JOCELYNSLAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Apple Mobile Device service
to connect.

Error - 7/8/2010 11:09:09 PM | Computer Name = JOCELYNSLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%1053

Error - 7/8/2010 11:09:39 PM | Computer Name = JOCELYNSLAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Bluetooth Service service
to connect.

Error - 7/8/2010 11:09:39 PM | Computer Name = JOCELYNSLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Bluetooth Service service failed to start due to the following
error: %%1053

Error - 7/8/2010 11:10:12 PM | Computer Name = JOCELYNSLAPTOP | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 7/8/2010 11:13:09 PM | Computer Name = JOCELYNSLAPTOP | Source = Service Control Manager | ID = 7034
Description = The Network Associates McShield service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/8/2010 11:16:59 PM | Computer Name = JOCELYNSLAPTOP | Source = Service Control Manager | ID = 7038
Description = The RadeSvc service was unable to log on as .\Ctx_StreamingSvc with
the currently configured password due to the following error: %%1326 To ensure that
the service is configured properly, use the Services snap-in in Microsoft Management
Console
(MMC).

Error - 7/8/2010 11:16:59 PM | Computer Name = JOCELYNSLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Citrix Streaming Service service failed to start due to the following
error: %%1069

Error - 7/8/2010 11:39:54 PM | Computer Name = JOCELYNSLAPTOP | Source = Service Control Manager | ID = 7038
Description = The RadeSvc service was unable to log on as .\Ctx_StreamingSvc with
the currently configured password due to the following error: %%1326 To ensure that
the service is configured properly, use the Services snap-in in Microsoft Management
Console
(MMC).

Error - 7/8/2010 11:39:54 PM | Computer Name = JOCELYNSLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Citrix Streaming Service service failed to start due to the following
error: %%1069

< End of report >

Edited by coyotehunnie, 09 July 2010 - 06:15 AM.
removed email. --ST

#2
RKinner

Posted 09 July 2010 - 01:27 PM

Malware Expert

Expert
24,625 posts

mostly when what?

Copy the text in the code box by highlighting and Ctrl + c

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/d/4...0367/wmavax.CAB  (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
	 
:Commands
[purity]
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Go to this page and Download TDSSKiller.zip to your Desktop.
Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
Start >All Programs> Accessories> Command Prompt. Copythe following bolded command, then right click and Paste then hit Enter.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:

OTL Log x 2

Combofix log

TDSSKiller log

Ron

#3
coyotehunnie

Posted 09 July 2010 - 02:26 PM

New Member

Topic Starter
Member
4 posts

Thanks. I must've gotten cut off in the subject box. It was freezing when I was typing text into boxes on my browser. So I could browse all I wanted but as soon as I tried to type say a facebook comment, or a reply in this box here, when I went to go hit send, it would freeze Firefox up. Sometimes it would completely close the browser with no warning. Oh, and Google Chrome will not run on the machine at all (I tried after thinking it was a Firefox problem). Keep getting the "oh snap" message. I even uninstalled firefox and reinstalled. Created a new firefox profile as well, per the directions on their website. Still no fix. Super annoying. It's working better today so I'm guessing that all the stuff I ran last night per the instructions might have helped.

I'll run all of these once I get home. On a work computer at the moment. Thanks for helping!

#4
coyotehunnie

Posted 10 July 2010 - 11:57 AM

New Member

Topic Starter
Member
4 posts

Ok here you go...

OTL first run

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25BC7718-0BFA-40EA-B381-4B2D9732D686}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25BC7718-0BFA-40EA-B381-4B2D9732D686}\ deleted successfully.
C:\Program Files\Yahoo!\Search Protection\ysp.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ deleted successfully.
C:\Program Files\Yahoo!\Common\yiesrvc.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Aim6 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection deleted successfully.
Starting removal of ActiveX control {0000000A-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\WMAVAX.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0000000A-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000000A-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0000000A-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000000A-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
D:\Autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
HidServ removed from NetSvcs value successfully!
Service HidServ stopped successfully!
Service HidServ deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Ctx_StreamingSvc
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jocelyn
->Temp folder emptied: 4207994 bytes
->Temporary Internet Files folder emptied: 583807 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 87909662 bytes
->Google Chrome cache emptied: 4788592 bytes
->Flash cache emptied: 1016 bytes

User: LocalService
->Temp folder emptied: 66016 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55095909 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 12952900 bytes

Total Files Cleaned = 158.00 mb

OTL by OldTimer - Version 3.2.8.1 log created on 07102010_125243

Files\Folders moved on Reboot...
C:\WINDOWS\temp\WFV80.tmp moved successfully.

Registry entries deleted on Reboot...

OTL2 run

OTL logfile created on: 7/10/2010 1:07:07 PM - Run 2
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Jocelyn\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 45.14 Gb Total Space | 3.60 Gb Free Space | 7.97% Space Free | Partition Type: NTFS
Drive D: | 9.73 Gb Total Space | 1.52 Gb Free Space | 15.59% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOCELYNSLAPTOP
Current User Name: Jocelyn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/08 23:31:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jocelyn\Desktop\OTL.exe
PRC - [2010/06/26 04:41:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/10/29 11:00:50 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files\AGI\core\4.0\AGCoreService.exe
PRC - [2009/03/23 10:47:10 | 003,458,376 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\3.1.5.7613\Webshots.scr
PRC - [2008/12/09 13:37:02 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/08 11:21:05 | 000,112,072 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2008/09/08 11:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/24 15:40:40 | 000,180,224 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe
PRC - [2006/05/12 13:33:22 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/05/12 13:32:14 | 001,265,748 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/05/09 20:24:16 | 000,050,760 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe
PRC - [2005/09/24 11:42:32 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/08/11 19:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/03/17 11:10:32 | 000,536,576 | ---- | M] (Panicware, Inc.) -- C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
PRC - [2004/09/22 20:00:00 | 000,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\mcshield.exe
PRC - [2004/09/22 20:00:00 | 000,094,208 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\shstat.exe
PRC - [2004/09/22 20:00:00 | 000,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
PRC - [2004/08/06 03:50:00 | 000,237,623 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2004/08/06 03:50:00 | 000,139,320 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
PRC - [2004/08/06 03:50:00 | 000,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2003/10/07 09:48:56 | 000,147,514 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
PRC - [2001/07/03 10:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe
PRC - [2001/07/03 10:11:52 | 000,057,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

========== Modules (SafeList) ==========

MOD - [2010/07/08 23:31:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jocelyn\Desktop\OTL.exe
MOD - [2008/04/13 20:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/03/10 16:33:48 | 000,053,248 | ---- | M] (Panicware, Inc.) -- C:\Program Files\Panicware\Pop-Up Stopper Free Edition\XAHook.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/10/30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/29 11:00:50 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files\AGI\core\4.0\AGCoreService.exe -- (AGCoreService)
SRV - [2008/12/09 13:37:02 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/08 11:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2007/07/05 15:56:00 | 000,237,568 | ---- | M] (Citrix Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Citrix\Streaming Client\RadeSvc.exe -- (RadeSvc)
SRV - [2007/05/24 15:40:40 | 000,180,224 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe -- (CdfSvc)
SRV - [2006/06/12 16:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2005/10/06 21:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2004/09/22 20:00:00 | 000,221,191 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\VirusScan\mcshield.exe -- (McShield)
SRV - [2004/09/22 20:00:00 | 000,028,672 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\VirusScan\vstskmgr.exe -- (McTaskManager)
SRV - [2004/08/06 03:50:00 | 000,102,463 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/09 12:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 15:15:53 | 000,295,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AAAAAAA.sys -- (AAAAAAA)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/05 16:50:20 | 000,161,352 | ---- | M] (Citrix Systems, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\CtxSbx.sys -- (CtxSbx)
DRV - [2007/07/05 15:45:36 | 000,020,424 | ---- | M] (Citrix Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ctxpidmn.sys -- (ctxpidmn)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/24 15:40:18 | 000,022,968 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdfdrv.sys -- (cdfdrv)
DRV - [2007/03/22 15:59:46 | 000,625,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/06/17 00:40:56 | 000,193,120 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/05/12 13:21:22 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/12 13:19:04 | 001,342,602 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/12 13:17:18 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/12 13:16:44 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/12 13:13:46 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/03/14 14:02:54 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/22 20:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 23:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 21:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/13 05:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/09/19 17:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/08/22 12:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 12:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/22 12:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/10/18 20:00:00 | 000,008,320 | ---- | M] (Network Associates, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\entdrv51.sys -- (EntDrv51)
DRV - [2004/10/15 20:00:00 | 000,058,464 | ---- | M] (Network Associates, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mvstdi5x.sys -- (NaiAvTdi1)
DRV - [2004/09/22 20:00:00 | 000,108,256 | ---- | M] (Network Associates, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/18 01:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 01:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 01:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 01:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 01:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 00:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 00:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 00:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 00:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 00:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 00:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 00:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 00:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 00:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 00:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {0C7E3F01-99E9-4095-9BDC-F84724960B57}:5.0.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/08 21:22:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/08 21:19:04 | 000,000,000 | ---D | M]

[2009/03/29 14:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Extensions
[2009/03/29 14:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Extensions\[email protected]
[2010/07/08 23:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\gzrtjsc2.default\extensions
[2009/04/27 12:27:03 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\gzrtjsc2.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2009/08/23 10:05:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\gzrtjsc2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/03 00:10:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\gzrtjsc2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/08 21:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\rvvezany.coyotehunnie\extensions
[2010/07/08 21:53:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\rvvezany.coyotehunnie\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/08 23:51:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/06/21 19:38:54 | 000,079,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2007/06/21 19:38:56 | 000,071,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2007/06/21 19:39:18 | 000,034,376 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/06/21 19:39:34 | 000,325,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/07/05 16:36:14 | 000,015,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\nprade.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/06/21 19:40:02 | 000,030,280 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2010/07/08 21:47:15 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [CXMon] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Network Associates Error Reporting Service] C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (Network Associates, Inc.)
O4 - HKCU..\Run: [PopUpStopperFreeEdition] C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (Panicware, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\Jocelyn\Start Menu\Programs\StartUp\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe (Webshots.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2007/09/06 20:37:59 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2007/09/06 20:37:59 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2007/09/06 20:37:59 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2007/09/06 20:37:59 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key error. File not found
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - Reg Error: Key error. File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} http://h50203.www5.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jocelyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jocelyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/10 12:52:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/08 23:31:10 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jocelyn\Desktop\OTL.exe
[2010/07/08 23:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jocelyn\Application Data\Malwarebytes
[2010/07/08 23:21:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/08 23:21:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/08 23:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/08 23:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/08 23:20:19 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jocelyn\My Documents\mbam-setup.exe
[2010/07/08 23:20:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/08 23:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/08 23:19:09 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Jocelyn\My Documents\erunt_setup.exe
[2010/07/08 23:07:10 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jocelyn\My Documents\TFC.exe
[2010/07/08 22:53:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/08 22:47:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jocelyn\Recent
[2010/07/08 22:44:34 | 003,396,176 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Jocelyn\My Documents\ccsetup233.exe
[2010/07/08 21:37:36 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2010/07/08 21:37:36 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2010/07/08 21:37:36 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2010/07/08 21:37:36 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2010/07/08 21:37:36 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2010/07/08 21:37:36 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2010/07/08 21:37:35 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2010/07/08 21:37:35 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2010/07/08 21:37:35 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010/07/08 21:37:35 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010/07/08 21:37:35 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2010/07/08 21:36:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jocelyn\Desktop\SmitfraudFix
[2010/07/08 21:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/07/08 21:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\afreeCodecVT
[2010/07/08 21:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\Convert AVI to MP4
[2010/07/08 21:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
[2010/07/08 21:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TiVo Shared
[2010/07/08 21:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2010/07/08 21:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/08 21:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 4.0
[2010/07/08 21:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jocelyn\Application Data\Viewpoint
[2010/07/07 20:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jocelyn\My Documents\Downloads
[2010/07/07 18:40:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\afreeCodecVT
[2010/07/07 08:36:26 | 002,833,691 | ---- | C] (convertavitomp3.com ) -- C:\Documents and Settings\Jocelyn\My Documents\convertavitomp4_setup.exe
[2010/05/08 19:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jocelyn\Desktop\102ND200
[2010/05/07 09:44:54 | 024,184,872 | ---- | C] (Lime Wire LLC) -- C:\Documents and Settings\Jocelyn\My Documents\LimeWireWin(4).exe
[2010/04/18 22:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/04/18 22:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games

========== Files - Modified Within 90 Days ==========

[2010/07/10 13:06:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/10 13:04:42 | 000,001,591 | ---- | M] () -- C:\hpqp.ini
[2010/07/10 13:04:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/10 13:04:20 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/07/10 13:03:44 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2010/07/10 13:03:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/10 13:03:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/10 13:03:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/10 13:03:24 | 2137,116,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/09 19:47:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1252877270-681193528-834207150-1005UA.job
[2010/07/08 23:47:05 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1252877270-681193528-834207150-1005Core.job
[2010/07/08 23:43:33 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Desktop\Google Chrome.lnk
[2010/07/08 23:43:33 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/08 23:31:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jocelyn\Desktop\OTL.exe
[2010/07/08 23:23:55 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\gmer.zip
[2010/07/08 23:21:20 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/08 23:20:54 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jocelyn\My Documents\mbam-setup.exe
[2010/07/08 23:19:33 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Desktop\NTREGOPT.lnk
[2010/07/08 23:19:33 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Desktop\ERUNT.lnk
[2010/07/08 23:19:07 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Jocelyn\My Documents\erunt_setup.exe
[2010/07/08 23:06:37 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jocelyn\My Documents\TFC.exe
[2010/07/08 22:56:36 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Desktop\HiJackThis.lnk
[2010/07/08 22:52:35 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\HiJackThis.msi
[2010/07/08 22:45:15 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Desktop\CCleaner.lnk
[2010/07/08 22:44:37 | 003,396,176 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Jocelyn\My Documents\ccsetup233.exe
[2010/07/08 22:40:03 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2010/07/08 22:23:48 | 004,583,424 | ---- | M] () -- C:\Documents and Settings\Jocelyn\NTUSER.DAT
[2010/07/08 22:23:48 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jocelyn\ntuser.ini
[2010/07/08 21:47:20 | 000,006,012 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/07/08 21:19:10 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/08 21:19:10 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/08 00:44:44 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\TD homers [bleep].doc
[2010/07/07 18:40:35 | 002,915,212 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\afreeCodecVT2_Setup.exe
[2010/07/07 18:39:02 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/07 08:36:32 | 002,833,691 | ---- | M] (convertavitomp3.com ) -- C:\Documents and Settings\Jocelyn\My Documents\convertavitomp4_setup.exe
[2010/07/04 03:05:57 | 000,254,384 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\WebshotsDesktopSetup(2).exe
[2010/07/04 02:49:47 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Start Menu\Programs\StartUp\Webshots.lnk
[2010/06/23 20:39:48 | 000,519,584 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 20:39:48 | 000,454,986 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 20:39:48 | 000,075,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/14 22:23:56 | 000,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/03 21:08:56 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/29 10:34:46 | 002,323,239 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\espn stuff for auction.JPG
[2010/05/26 19:51:22 | 000,052,402 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\tattoo.jpg
[2010/05/25 22:15:26 | 000,014,923 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\orange shirt.jpg
[2010/05/25 22:14:56 | 000,012,173 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\me and jen cropped.jpg
[2010/05/25 22:14:04 | 000,013,836 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\standing up.jpg
[2010/05/25 22:12:54 | 000,048,924 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\me and ness.jpg
[2010/05/25 22:11:52 | 000,034,580 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\kevin's close up.jpg
[2010/05/25 22:11:23 | 000,067,825 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\me and jen.jpg
[2010/05/23 20:36:12 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\bachelorette party cost.xls
[2010/05/22 11:33:48 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\ChaLEAN Extreme.xls
[2010/05/16 19:10:57 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/13 21:03:20 | 000,053,379 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\tattoo 5.11.10.jpg
[2010/05/08 19:55:57 | 000,006,148 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\.DS_Store
[2010/05/07 09:45:52 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Desktop\LimeWire 5.5.8.lnk
[2010/05/07 09:45:07 | 024,184,872 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Jocelyn\My Documents\LimeWireWin(4).exe
[2010/04/30 21:26:26 | 000,104,887 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\Bruins tickets Game 2 Home.pdf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/24 11:30:41 | 000,436,736 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\tattoo designs with ivy.doc
[2010/04/24 10:14:32 | 000,101,792 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design 5.jpg
[2010/04/24 10:14:18 | 000,112,680 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design 4.jpg
[2010/04/24 10:14:02 | 000,111,257 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design 3.jpg
[2010/04/24 10:13:25 | 000,036,667 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design2.jpg
[2010/04/24 10:13:06 | 000,030,497 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design.jpg
[2010/04/18 22:35:44 | 000,000,024 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/04/18 22:27:59 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled Blitz.lnk
[2010/04/18 22:27:59 | 000,000,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2010/04/18 22:27:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\popcreg.dat
[2010/04/18 22:27:00 | 058,723,112 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\BejeweledBlitzSetup_FB.exe
[2010/04/14 19:14:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk

========== Files Created - No Company Name ==========

[2010/07/08 23:43:33 | 000,002,300 | ---- | C] () -- C:\Documents and Settings\Jocelyn\Desktop\Google Chrome.lnk
[2010/07/08 23:43:33 | 000,002,278 | ---- | C] () -- C:\Documents and Settings\Jocelyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/08 23:42:19 | 000,000,986 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1252877270-681193528-834207150-1005UA.job
[2010/07/08 23:42:19 | 000,000,934 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1252877270-681193528-834207150-1005Core.job
[2010/07/08 23:23:55 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\gmer.zip
[2010/07/08 23:21:20 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/08 23:19:33 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Jocelyn\Desktop\NTREGOPT.lnk
[2010/07/08 23:19:33 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Jocelyn\Desktop\ERUNT.lnk
[2010/07/08 22:53:36 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\Jocelyn\Desktop\HiJackThis.lnk
[2010/07/08 22:52:33 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\HiJackThis.msi
[2010/07/08 22:31:32 | 2137,116,672 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/08 21:38:05 | 000,006,012 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/07/08 21:37:35 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2010/07/08 21:37:35 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010/07/08 21:37:35 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2010/07/08 00:44:44 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\TD homers [bleep].doc
[2010/07/07 18:40:11 | 002,915,212 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\afreeCodecVT2_Setup.exe
[2010/07/04 03:06:02 | 000,254,384 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\WebshotsDesktopSetup(2).exe
[2010/05/29 10:34:46 | 002,323,239 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\espn stuff for auction.JPG
[2010/05/26 19:51:22 | 000,052,402 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\tattoo.jpg
[2010/05/25 22:14:56 | 000,012,173 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\me and jen cropped.jpg
[2010/05/25 22:14:04 | 000,013,836 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\standing up.jpg
[2010/05/25 22:12:53 | 000,048,924 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\me and ness.jpg
[2010/05/25 22:11:52 | 000,034,580 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\kevin's close up.jpg
[2010/05/25 22:11:22 | 000,067,825 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\me and jen.jpg
[2010/05/25 22:10:03 | 000,014,923 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\orange shirt.jpg
[2010/05/16 19:10:57 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/15 13:34:06 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\bachelorette party cost.xls
[2010/05/13 21:03:20 | 000,053,379 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\tattoo 5.11.10.jpg
[2010/05/08 19:50:20 | 000,006,148 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\.DS_Store
[2010/05/07 09:45:52 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\Jocelyn\Desktop\LimeWire 5.5.8.lnk
[2010/04/30 21:26:26 | 000,104,887 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\Bruins tickets Game 2 Home.pdf
[2010/04/24 11:30:41 | 000,436,736 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\tattoo designs with ivy.doc
[2010/04/24 10:14:32 | 000,101,792 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design 5.jpg
[2010/04/24 10:14:18 | 000,112,680 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design 4.jpg
[2010/04/24 10:14:02 | 000,111,257 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design 3.jpg
[2010/04/24 10:13:25 | 000,036,667 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design2.jpg
[2010/04/24 10:13:06 | 000,030,497 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design.jpg
[2010/04/18 22:27:59 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled Blitz.lnk
[2010/04/18 22:27:59 | 000,000,194 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2010/04/18 22:27:38 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/04/18 22:27:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/04/18 22:24:01 | 058,723,112 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\BejeweledBlitzSetup_FB.exe
[2010/03/11 08:55:45 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/09/30 23:09:23 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2007/08/24 12:06:30 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/09/14 15:29:58 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/08 14:41:06 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/08 14:36:34 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/08 14:22:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/08 14:17:49 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/12 13:23:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/05/10 17:51:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/10 17:01:12 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/10 16:57:30 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/12/02 14:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/05 22:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2008/11/19 21:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/11/07 13:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2006/09/16 15:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2010/04/18 22:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/07/08 22:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/08 20:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/06/21 15:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/03/15 11:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/21 19:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/09/14 15:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\acccore
[2009/11/09 00:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\AGI
[2006/09/14 16:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\Aim
[2008/07/21 12:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\ICAClient
[2010/07/08 21:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\Viewpoint
[2006/09/14 16:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\Webshots

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

ComboFix Scan

ComboFix 10-07-10.01 - Jocelyn 07/10/2010 13:26:14.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1368 [GMT -4:00]
Running from: c:\documents and settings\Jocelyn\Desktop\george.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jocelyn\g2mdlhlpx.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\AAAAAAA.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_AAAAAAA

((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 )))))))))))))))))))))))))))))))
.

2010-07-10 17:20 . 2010-07-10 17:23 -------- d-----w- C:\george
2010-07-10 16:52 . 2010-07-10 16:52 -------- d-----w- C:\_OTL
2010-07-09 03:21 . 2010-07-09 03:21 -------- d-----w- c:\documents and settings\Jocelyn\Application Data\Malwarebytes
2010-07-09 03:21 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-09 03:21 . 2010-07-09 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-09 03:21 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-09 03:21 . 2010-07-09 03:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-09 03:19 . 2010-07-09 03:19 -------- d-----w- c:\program files\ERUNT
2010-07-09 02:53 . 2010-07-09 02:53 388096 ----a-r- c:\documents and settings\Jocelyn\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-09 02:53 . 2010-07-09 02:53 -------- d-----w- c:\program files\Trend Micro
2010-07-09 01:10 . 2010-07-09 01:10 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-09 01:09 . 2010-07-09 01:09 -------- d-----w- c:\program files\afreeCodecVT
2010-07-09 01:09 . 2010-07-09 01:09 -------- d-----w- c:\program files\Convert AVI to MP4
2010-07-09 01:09 . 2010-07-09 01:09 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-07-09 01:09 . 2010-07-09 01:09 -------- d-----w- c:\program files\Common Files\TiVo Shared
2010-07-09 01:09 . 2010-07-09 01:09 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-07-09 01:09 . 2010-07-09 01:09 -------- d-----w- c:\program files\Common Files\AnswerWorks 4.0
2010-07-09 01:09 . 2010-07-09 01:09 -------- d-----w- c:\program files\Bonjour
2010-07-09 01:09 . 2010-07-09 01:09 -------- d-----w- c:\documents and settings\Jocelyn\Application Data\Viewpoint
2010-07-07 22:40 . 2010-07-07 22:40 -------- d-----w- c:\windows\afreeCodecVT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 02:45 . 2006-12-19 18:19 -------- d-----w- c:\program files\CCleaner
2010-07-09 02:42 . 2010-02-02 00:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-09 01:09 . 2006-09-08 16:52 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-07-09 01:09 . 2006-09-08 18:39 -------- d-----w- c:\program files\DivX
2010-07-09 00:39 . 2006-09-14 19:32 -------- d-----w- c:\program files\Viewpoint
2010-07-09 00:39 . 2006-09-14 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-07-09 00:35 . 2006-09-08 16:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-09 00:33 . 2006-09-08 16:52 -------- d-----w- c:\program files\Sonic
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\32076\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\32076\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\32076\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\32076\AcrobatUpdater.exe
2010-05-16 23:10 . 2009-07-06 23:37 -------- d-----w- c:\program files\Google
2010-05-07 02:08 . 2010-05-07 02:08 862872 ------w- c:\documents and settings\Jocelyn\Application Data\yahoo!\SearchProtection\fudogs_2.0.1.13_msgr_bts_setup.2010.04.01.01.exe
2010-05-04 17:20 . 2004-08-04 21:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-04 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-04 21:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2004-08-04 21:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-04 21:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 02:35 . 2010-04-19 02:27 24 ----a-w- c:\windows\popcinfot.dat
2010-04-19 02:27 . 2010-04-19 02:27 0 ----a-w- c:\windows\popcreg.dat
2007-06-21 23:38 . 2007-06-21 23:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 23:38 . 2007-06-21 23:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 23:38 . 2007-06-21 23:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 23:38 . 2007-06-21 23:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 23:39 . 2007-06-21 23:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 23:39 . 2007-06-21 23:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 23:39 . 2007-06-21 23:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 23:39 . 2007-06-21 23:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 23:40 . 2007-06-21 23:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2004-08-04 21:00 . 2004-08-04 21:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12 . 2004-08-04 21:00 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 00:11 . 2004-08-04 21:00 1028096 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 . 2004-08-04 21:00 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 . 2004-08-04 21:00 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 . 2004-08-04 21:00 343040 --sha-w- c:\windows\system32\msvcrt.dll
2008-04-14 00:12 . 2004-08-04 21:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 . 2004-08-04 21:00 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 00:12 . 2004-08-04 21:00 11776 --sh--w- c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-07 297808]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2009-11-07 05:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]
"Google Update"="c:\documents and settings\Jocelyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-09 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-23 61952]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-09 184320]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-27 45056]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\Jocelyn\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\3.1.5.7613\Launcher.exe [2009-11-7 157000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\HP Games\\Wheel of Fortune\\Wheel of Fortune.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1158262354\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\QuickPlay\\QPService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2/1/2010 8:43 PM 207792]
R1 cdfdrv;Cdfdrv;c:\windows\system32\drivers\cdfdrv.sys [5/24/2007 3:40 PM 22968]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [9/16/2006 3:06 PM 58464]
R2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.0\AGCoreService.exe [11/7/2009 1:40 PM 20480]
R2 ctxpidmn;ctxpidmn;c:\windows\system32\drivers\ctxpidmn.sys [7/5/2007 3:45 PM 20424]
R2 CtxSbx;CtxSbx;c:\windows\system32\drivers\CtxSbx.sys [7/5/2007 4:50 PM 161352]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/1/2010 8:43 PM 359624]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 7:08 PM 24652]
S2 gupdate1c9fe92be8a576c;Google Update Service (gupdate1c9fe92be8a576c);c:\program files\Google\Update\GoogleUpdate.exe [7/6/2009 7:37 PM 133104]
S2 RadeSvc;Citrix Streaming Service;c:\program files\Citrix\Streaming Client\RadeSvc.exe [7/5/2007 3:56 PM 237568]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder

2009-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-06 23:37]

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-06 23:37]

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-06 23:37]

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1252877270-681193528-834207150-1005Core.job
- c:\documents and settings\Jocelyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-09 03:42]

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1252877270-681193528-834207150-1005UA.job
- c:\documents and settings\Jocelyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-09 03:42]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.shopping.hp.com/webapp/shopping/generic_subcategory.do?storeName=storefronts&landing=storefronts&category=esp_notebooks&subcat1=esp_notebooks&catLevel=2
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\gzrtjsc2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\Jocelyn\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\gzrtjsc2.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
FF - plugin: c:\documents and settings\Jocelyn\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprade.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-AAAAAAA

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-10 13:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????e????????@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1160)
c:\windows\system32\EntApi.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2604)
c:\windows\system32\WININET.dll
c:\windows\system32\EntApi.dll
c:\windows\system32\ieframe.dll
c:\progra~1\PANICW~1\POP-UP~1\XAHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Citrix\System32\CdfSvc.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\mcshield.exe
c:\program files\Network Associates\VirusScan\vstskmgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\AOL\1158262354\ee\aolsoftware.exe
c:\progra~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Webshots\315~1.761\webshots.scr
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2010-07-10 13:41:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-10 17:41

Pre-Run: 3,788,308,480 bytes free
Post-Run: 3,677,675,520 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 5A2819D7FB72F16C6CE971F6EB2E3206

TDSSKiller run

13:50:39:984 1952 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
13:50:39:984 1952 ================================================================================
13:50:39:984 1952 SystemInfo:

13:50:39:984 1952 OS Version: 5.1.2600 ServicePack: 3.0
13:50:39:984 1952 Product type: Workstation
13:50:39:984 1952 ComputerName: JOCELYNSLAPTOP
13:50:39:984 1952 UserName: Jocelyn
13:50:39:984 1952 Windows directory: C:\WINDOWS
13:50:39:984 1952 System windows directory: C:\WINDOWS
13:50:39:984 1952 Processor architecture: Intel x86
13:50:39:984 1952 Number of processors: 1
13:50:39:984 1952 Page size: 0x1000
13:50:39:984 1952 Boot type: Normal boot
13:50:39:984 1952 ================================================================================
13:50:40:171 1952 Initialize success
13:50:40:171 1952
13:50:40:171 1952 Scanning Services ...
13:50:40:265 1952 Raw services enum returned 386 services
13:50:40:281 1952
13:50:40:281 1952 Scanning Drivers ...
13:50:40:703 1952 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:50:40:796 1952 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:50:40:812 1952 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:50:40:843 1952 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:50:41:109 1952 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:50:41:156 1952 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
13:50:41:296 1952 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:50:41:359 1952 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:50:41:453 1952 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:50:41:515 1952 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:50:41:531 1952 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:50:41:562 1952 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:50:41:609 1952 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:50:41:640 1952 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:50:41:671 1952 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:50:41:718 1952 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:50:41:843 1952 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:50:41:937 1952 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:50:42:015 1952 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:50:42:109 1952 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:50:42:203 1952 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:50:42:234 1952 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:50:42:265 1952 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:50:42:281 1952 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:50:42:312 1952 btaudio (3bc0afbd546162fe6ed6ccb15befad73) C:\WINDOWS\system32\drivers\btaudio.sys
13:50:42:468 1952 BTDriver (1d25fb8b6b073e6f4fb51034f734ea2c) C:\WINDOWS\system32\DRIVERS\btport.sys
13:50:42:578 1952 BTKRNL (9515d10ceaf284ab1a21934e1958d4fd) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
13:50:42:671 1952 BTWDNDIS (66bff2643e5f6a0f80208dde1c4b653a) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
13:50:42:718 1952 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys
13:50:42:781 1952 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:50:42:796 1952 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:50:42:812 1952 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:50:42:921 1952 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:50:42:968 1952 cdfdrv (f0c409ba9b5e452c4cdbbc3ff8d7eb17) C:\WINDOWS\system32\DRIVERS\cdfdrv.sys
13:50:43:093 1952 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:50:43:109 1952 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:50:43:140 1952 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:50:43:203 1952 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:50:43:218 1952 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:50:43:234 1952 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:50:43:390 1952 ctxpidmn (b166617bc29a7df800afeb6d812bf06c) C:\WINDOWS\system32\DRIVERS\ctxpidmn.sys
13:50:43:421 1952 CtxSbx (b86c1da969df8d046515a0fdad7f192b) C:\WINDOWS\system32\DRIVERS\CtxSbx.sys
13:50:43:468 1952 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:50:43:562 1952 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:50:43:609 1952 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:50:43:671 1952 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:50:43:765 1952 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:50:43:875 1952 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:50:43:906 1952 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:50:43:937 1952 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:50:43:968 1952 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:50:44:015 1952 E100B (6ca101f9aa3d845ba31f6e13c01301a8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:50:44:109 1952 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
13:50:44:156 1952 EntDrv51 (755b51fbf57e39db017ba4e6f3032c6f) C:\WINDOWS\system32\drivers\EntDrv51.sys
13:50:44:218 1952 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:50:44:281 1952 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:50:44:390 1952 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:50:44:406 1952 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:50:44:437 1952 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:50:44:484 1952 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:50:44:500 1952 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:50:44:562 1952 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
13:50:44:578 1952 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:50:44:640 1952 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
13:50:44:703 1952 HdAudAddService (5436705caaa08c9070251f3e949b83b7) C:\WINDOWS\system32\drivers\CHDAud.sys
13:50:44:765 1952 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:50:44:859 1952 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:50:44:921 1952 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
13:50:44:953 1952 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:50:45:000 1952 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:50:45:046 1952 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:50:45:109 1952 HSFHWAZL (89e256c5f5346be265d9f86ac8625d4f) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
13:50:45:203 1952 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
13:50:45:390 1952 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:50:45:468 1952 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:50:45:578 1952 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:50:45:625 1952 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:50:45:687 1952 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:50:45:843 1952 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
13:50:46:000 1952 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:50:46:062 1952 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:50:46:093 1952 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:50:46:140 1952 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:50:46:171 1952 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:50:46:203 1952 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:50:46:265 1952 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:50:46:312 1952 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:50:46:843 1952 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:50:47:781 1952 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:50:48:609 1952 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:50:48:640 1952 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:50:48:656 1952 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:50:48:687 1952 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
13:50:49:078 1952 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:50:49:421 1952 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:50:49:531 1952 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:50:49:625 1952 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:50:49:703 1952 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:50:49:734 1952 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:50:49:828 1952 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:50:49:937 1952 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
13:50:50:218 1952 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:50:50:312 1952 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:50:50:468 1952 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:50:50:625 1952 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:50:51:125 1952 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:50:51:328 1952 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:50:51:593 1952 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:50:51:671 1952 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:50:51:718 1952 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
13:50:51:843 1952 NaiAvFilter1 (b7334eee4ad6d63daea7ce109a0dc7ae) C:\WINDOWS\system32\drivers\naiavf5x.sys
13:50:51:906 1952 NaiAvTdi1 (577d668392eca8f47442db740a1dd76f) C:\WINDOWS\system32\drivers\mvstdi5x.sys
13:50:51:968 1952 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:50:52:000 1952 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:50:52:015 1952 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:50:52:250 1952 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:50:52:281 1952 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
13:50:52:484 1952 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:50:52:546 1952 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:50:52:890 1952 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:50:52:968 1952 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
13:50:53:078 1952 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:50:53:281 1952 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:50:53:593 1952 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:50:53:718 1952 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:50:53:734 1952 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:50:53:796 1952 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:50:54:062 1952 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
13:50:54:109 1952 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:50:54:265 1952 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:50:54:468 1952 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:50:54:578 1952 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:50:54:593 1952 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
13:50:54:656 1952 PCTCore (ad629e621cb1242ba8707cd9c2c5b6ec) C:\WINDOWS\system32\drivers\PCTCore.sys
13:50:54:734 1952 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
13:50:54:750 1952 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:50:54:812 1952 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:50:54:906 1952 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:50:55:015 1952 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:50:55:171 1952 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:50:55:468 1952 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:50:55:515 1952 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:50:55:562 1952 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:50:55:578 1952 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:50:55:593 1952 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:50:55:625 1952 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:50:55:671 1952 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:50:55:718 1952 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:50:55:750 1952 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:50:55:781 1952 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:50:55:796 1952 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:50:55:828 1952 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:50:55:906 1952 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
13:50:55:984 1952 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:50:56:062 1952 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
13:50:56:109 1952 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
13:50:56:156 1952 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
13:50:56:296 1952 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
13:50:56:390 1952 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
13:50:56:500 1952 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
13:50:56:546 1952 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
13:50:56:578 1952 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
13:50:56:656 1952 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:50:56:718 1952 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
13:50:56:796 1952 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
13:50:56:828 1952 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
13:50:56:859 1952 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:50:56:953 1952 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:50:57:000 1952 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:50:57:015 1952 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:50:57:031 1952 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:50:57:093 1952 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
13:50:57:140 1952 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:50:57:171 1952 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:50:57:203 1952 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:50:57:265 1952 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:50:57:281 1952 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:50:57:296 1952 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:50:57:328 1952 SynTP (369d0626687a968182a9db40fe8a0905) C:\WINDOWS\system32\DRIVERS\SynTP.sys
13:50:57:453 1952 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:50:57:500 1952 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:50:57:546 1952 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
13:50:57:609 1952 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:50:57:718 1952 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:50:57:734 1952 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:50:57:812 1952 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
13:50:57:859 1952 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
13:50:57:921 1952 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:50:57:953 1952 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
13:50:57:968 1952 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:50:58:046 1952 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:50:58:078 1952 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:50:58:140 1952 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:50:58:250 1952 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:50:58:328 1952 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:50:58:375 1952 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:50:58:406 1952 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:50:58:437 1952 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:50:58:453 1952 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:50:58:515 1952 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:50:58:546 1952 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:50:58:562 1952 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:50:58:687 1952 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys
13:50:58:765 1952 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:50:58:890 1952 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
13:50:58:968 1952 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:50:59:031 1952 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:50:59:109 1952 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:50:59:109 1952
13:50:59:109 1952 Completed
13:50:59:109 1952
13:50:59:109 1952 Results:
13:50:59:109 1952 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
13:50:59:109 1952 File objects infected / cured / cured on reboot: 0 / 0 / 0
13:50:59:109 1952
13:50:59:109 1952 KLMD(ARK) unloaded successfully

#5
RKinner

Posted 10 July 2010 - 02:47 PM

Malware Expert

Expert
24,625 posts

Your logs look pretty clean now. Combofix pulled out some stuff so perhaps that helped?

You have some leftover mcafee stuff. Run their removal tool:
# Download the removal tool from: http://download.mcaf...atches/MCPR.exe
# Click Save and save the file to a folder on your computer.
# Navigate to the folder where the file was saved.
# Make sure all McAfee windows are closed.
# Double-click MCPR.exe to run the removal tool.

How is it running now?

Run the free on-line scan from Bitdefender:

Copy the next line by highlighting and ctrl + c

http://www.bitdefend...nline/free.html

Close all programs and browsers. Start either IE or Firefox. Then click on the area where you put in the URL and paste (Ctrl + v). The line you copied should appear. Hit Enter. Do not run other programs or tabs while the scan is running. Copy and paste the report you get into a reply.

Ron

#6
coyotehunnie

Posted 10 July 2010 - 03:05 PM

New Member

Topic Starter
Member
4 posts

It's running much better now. Here's the Log. McAfee removal wouldn't work. It won't let me turn it off - it's the Enterprise version. does that make a difference?

QuickScan Beta 32-bit v0.9.9.23
-------------------------------
Scan date: Sat Jul 10 16:58:59 2010
Machine ID: 3639B035

No infection found.
-------------------

Processes
---------
<unsigned> AGCoreService 804 C:\Program Files\AGI\core\4.0\AGCoreService.exe
<unsigned> Bluetooth Software 4.0.1.3500 884 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
<unsigned> Bluetooth Software 4.0.1.3500 4080 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
<unsigned> Bluetooth Software 4.0.1.3500 1932 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
<unsigned> Citrix Presentation Server 896 C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe
<unsigned> Hewlett-Packard hpgs2wnd 348 C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
<unsigned> hp digital imaging 2704 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
<unsigned> HP Quick Launch Buttons 3008 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
<unsigned> HP QuickPlay 1840 C:\Program Files\HP\QuickPlay\QPService.exe
<unsigned> HP Wireless Assistant 3076 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
<unsigned> hpgs2wnf Module 676 C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe
<unsigned> hpqwmiex Module 2436 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
<unsigned> InstallShield Update Service 1680 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
<unsigned> LightScribe 1584 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
<unsigned> McAfee Common Framework 1704 C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
<unsigned> McAfee Common Framework 1896 C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
<unsigned> McAfee Common Framework 3992 C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
<unsigned> Pop-Up Stopper Free Edition 2120 C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
<unsigned> QuickTime 604 C:\Program Files\QuickTime\QTTask.exe
<unsigned> TalkBack Monitor 4088 C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
<unsigned> Viewpoint Manager 2312 C:\Program Files\Viewpoint\Common\ViewpointService.exe
<unsigned> VirusScan (Enterprise, ASaP & Retail.) 1776 C:\Program Files\Network Associates\VirusScan\mcshield.exe
<unsigned> VirusScan Enterprise 3972 C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
<unsigned> VirusScan Enterprise 1876 C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

<verified> hpwuSchd Application 996 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
<verified> Adobe Reader and Acrobat Manager 1480 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
<verified> AOL Service Libraries 296 C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe
<verified> Apple Mobile Device Service 824 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
<verified> Bonjour 856 C:\Program Files\Bonjour\mDNSResponder.exe
<verified> Firefox 2676 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> Intel® Common User Interface 3412 C:\WINDOWS\system32\hkcmd.exe
<verified> Intel® Common User Interface 3448 C:\WINDOWS\system32\igfxpers.exe
<verified> Intuit Update Service 160 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
<verified> iTunes 3716 C:\Program Files\iPod\bin\iPodService.exe
<verified> iTunes 956 C:\Program Files\iTunes\iTunesHelper.exe
<verified> Java™ Platform SE 6 U13 1460 C:\Program Files\Java\jre6\bin\jqs.exe
<verified> Microsoft Distributed Transaction Coord 744 C:\WINDOWS\system32\msdtc.exe
<verified> Microsoft Message Queue 2464 C:\WINDOWS\system32\mqsvc.exe
<verified> Microsoft Message Queue 2776 C:\WINDOWS\system32\mqtgsvc.exe
<verified> Microsoft® Windows® Operating System 2604 C:\WINDOWS\explorer.exe
<verified> Microsoft® Windows® Operating System 3900 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 1064 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 1160 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 1148 C:\WINDOWS\system32\services.exe
<verified> Microsoft® Windows® Operating System 976 C:\WINDOWS\System32\smss.exe
<verified> Microsoft® Windows® Operating System 2036 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 2188 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 712 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 3252 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1540 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1696 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1604 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1396 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1316 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 3352 C:\WINDOWS\system32\wbem\wmiprvse.exe
<verified> Microsoft® Windows® Operating System 2244 C:\WINDOWS\system32\wdfmgr.exe
<verified> Microsoft® Windows® Operating System 1088 C:\WINDOWS\system32\winlogon.exe
<verified> Microsoft® Windows® Operating System 3160 C:\WINDOWS\system32\wscntfy.exe
<verified> PC Tools Auxiliary Service 668 C:\Program Files\Spyware Doctor\pctsAuxs.exe
<verified> Synaptics Pointing Device Driver 3268 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
<verified> The Webshots Desktop 3348 C:\Program Files\Webshots\3.1.5.7613\Webshots.scr
<verified> Viewpoint Manager 2820 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
<verified> Yahoo! AutoUpdater 2360 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

Network activity
----------------
Process firefox.exe (2676) connected on port 80 (HTTP) --> CRL.VERISIGN.NET
Process firefox.exe (2676) connected on port 80 (HTTP) --> a96-6-124-72.deploy.akamaitechnologies.com
Process firefox.exe (2676) connected on port 80 (HTTP) --> a69-192-21-115.deploy.akamaitechnologies.com
Process firefox.exe (2676) connected on port 80 (HTTP) --> a72-246-94-75.deploy.akamaitechnologies.com
Process firefox.exe (2676) connected on port 80 (HTTP) --> lax04s01-in-f100.1e100.net

Process svchost.exe (1396) listens on ports: 135 (RPC)
Process svchost.exe (1696) listens on ports: 2869 (SSDP event notification, UPNP)
Process mqsvc.exe (2464) listens on ports: 1029 (RPC), 1801 (MSMQ), 2103 (MSMQ-RPC), 2105 (MSMQ-RPC), 2107 (MSMQ-Mgmt)

Autoruns and critical files
---------------------------
<unsigned> cpqset.exe C:\Program Files\HPQ\Default Settings\cpqset.exe
<unsigned> Hewlett-Packard hpgs2wnd C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
<unsigned> hp digital imaging C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
<unsigned> HP PhotoSmart Software C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
<unsigned> HP Quick Launch Buttons C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
<unsigned> HP QuickPlay C:\Program Files\HP\QuickPlay\QPService.exe
<unsigned> HP Wireless Assistant C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
<unsigned> InstallShield Update Service C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
<unsigned> InstallShield Update Service C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
<unsigned> McAfee Common Framework C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
<unsigned> Pop-Up Stopper Free Edition C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
<unsigned> QuickTime C:\Program Files\QuickTime\QTTask.exe
<unsigned> Recguard Application C:\Windows\SMINST\RecGuard.exe
<unsigned> TalkBack Monitor C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
<unsigned> VirusScan Enterprise C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

<verified> hpwuSchd Application C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
<verified> Adobe Acrobat C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
<verified> Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
<verified> Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
<verified> Google Update C:\Documents and Settings\Jocelyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
<verified> Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
<verified> Google Updater C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
<verified> Intel® Common User Interface C:\WINDOWS\system32\hkcmd.exe
<verified> Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll
<verified> Intel® Common User Interface C:\WINDOWS\system32\igfxpers.exe
<verified> Intel® Common User Interface C:\WINDOWS\system32\igfxtray.exe
<verified> IPHSend C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
<verified> iTunes C:\Program Files\iTunes\iTunesHelper.exe
<verified> Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\CHDAudPropShortcut.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\regsvr32.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
<verified> MobileMe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
<verified> Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
<verified> The Webshots Desktop Launcher C:\Program Files\Webshots\3.1.5.7613\Launcher.exe
<verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins
---------------
<unsigned> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> Coupons Inc., Coupon Printer Manager C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
<unsigned> devenum.exe C:\WINDOWS\Downloaded Program Files\devenum.exe
<unsigned> dshortcut Application C:\WINDOWS\Downloaded Program Files\shortcut.exe
<unsigned> Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned> Hewlett-Packard Monitor Service C:\WINDOWS\Downloaded Program Files\hpmonZ.exe
<unsigned> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
<unsigned> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
<unsigned> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
<unsigned> Java™ Platform SE 6 U13 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<unsigned> MetaStream 3 Plugin C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
<unsigned> MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
<unsigned> News America Marketing Inc. Coupon Mana C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\gzrtjsc2.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
<unsigned> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<unsigned> nprade.dll C:\Program Files\Mozilla Firefox\plugins\nprade.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> unagiuninst.exe C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
<unsigned> unzip.exe C:\WINDOWS\Downloaded Program Files\unzip.exe
<unsigned> Yahoo! activeX Plug-in Bridge C:\Program Files\Yahoo!\Common\npyaxmpb.dll

<verified> AcroIEHelper Library c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> AOL Instant Messenger C:\Program Files\AIM\aim.exe
<verified> AOL Media Playback Control C:\WINDOWS\Downloaded Program Files\ampAx3.0.84.2.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\gzrtjsc2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\gzrtjsc2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> CgpCore.dll C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
<verified> Citrix ICA Client C:\Program Files\Mozilla Firefox\plugins\cgpcfg.dll
<verified> Citrix ICA Client C:\Program Files\Mozilla Firefox\plugins\ctxmui.dll
<verified> Citrix ICA Client C:\Program Files\Mozilla Firefox\plugins\icafile.dll
<verified> Citrix ICA Client C:\Program Files\Mozilla Firefox\plugins\icalogon.dll
<verified> Citrix SSL SDK C:\Program Files\Mozilla Firefox\plugins\sslsdk_b.dll
<verified> confmgr.dll C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
<verified> Google Update C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
<verified> Google Updater C:\Program Files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
<verified> GoogleToolbarNotifier c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
<verified> Hewlett-Packard Online Support Services C:\WINDOWS\Downloaded Program Files\HPISDataManager.dll
<verified> Java™ Platform SE 6 U13 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> logging.dll C:\Program Files\Mozilla Firefox\plugins\logging.dll
<verified> Messenger C:\Program Files\Messenger\msmsgs.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Move Streaming Media Player C:\Documents and Settings\Jocelyn\Application Data\Move Networks\plugins\npqmp071505000010.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> npicaN.dll C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> TcpPServ.dll C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
<verified> Viewpoint Toolbar (IE Host) c:\program files\common files\viewpoint\toolbar runtime\3.9.0\ieviewbar.dll
<verified> Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
<verified> Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll
<verified> Yahoo! Messenger C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

Missing files
-------------
File not found: C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\mbr.sys
referenced in: HKLM\System\ControlSet001\services\mbr\"ImagePath"

File not found: C:\george6531g\catchme.sys
referenced in: HKLM\System\ControlSet001\services\catchme\"ImagePath"

File not found: mscoree.dll
referenced in: HKCR\CLSID\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}\InprocServer32\(default)
referenced in: HKCR\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\InprocServer32\(default)

File not found: system32\DRIVERS\UIUSYS.SYS
referenced in: HKLM\System\ControlSet001\services\UIUSys\"ImagePath"

Scan
----
<unsigned> MD5: fa3482a9eec16faf32bd6be6400cce93 C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\gzrtjsc2.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
<unsigned> MD5: b8391198f8c0beb666515c5c9c8c4351 C:\Program Files\AGI\core\4.0\agcore.dll
<unsigned> MD5: c0267e46539fd8a86bee2c5d43e82a29 C:\Program Files\AGI\core\4.0\AGCoreService.exe
<unsigned> MD5: 60bc7ccdac9bb21f02689bd059bf42c3 C:\Program Files\AGI\core\4.0\AutoUpdateServicePlugin.dll
<unsigned> MD5: 3b5d15657b26fa4d26b1a6e9612c9ffc C:\Program Files\AGI\core\4.0\InstallLibrary.dll
<unsigned> MD5: e2f2f49c00dae1e8738bf169fc4db888 C:\Program Files\AGI\core\4.0\SearchProtectionServicePlugin.dll
<unsigned> MD5: 292f92469efb2fd402e00742c06d539d C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> MD5: 01b04d5bc1f046bb84a31fd6e864528e C:\Program Files\Citrix\Streaming Client\RadeSvc.exe
<unsigned> MD5: 00b678566b7f4b2cad2490d0552d0619 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll
<unsigned> MD5: b560d0e8c21985618d2a1540b515f12b C:\Program Files\Common Files\AOL\1158262354\ee\AOLHostMgr.dll
<unsigned> MD5: c9767f60172436621274928d1136fea5 C:\Program Files\Common Files\AOL\1158262354\ee\AOLSvcMgr.dll
<unsigned> MD5: 4c1766b483359accac9bbe5acd1b6431 C:\Program Files\Common Files\AOL\1158262354\ee\services\localStorage\ver4_7_2_1\clsSvc.dll
<unsigned> MD5: 8d01c101378c3b186402d58f5061cb70 C:\Program Files\Common Files\AOL\1158262354\ee\services\notification\ver6_2_5_2\Notify.dll
<unsigned> MD5: a677726b0d99efaeac42dafdaa35ba35 C:\Program Files\Common Files\AOL\1158262354\ee\services\os\ver4_2_7_1\AOLIdleMon.dll
<unsigned> MD5: c5c15e62e1d04a49b8cbe57a90fae534 C:\Program Files\Common Files\AOL\1158262354\ee\services\os\ver4_2_7_1\os.dll
<unsigned> MD5: 82269b40d742727050a8b35de5fa42d1 C:\Program Files\Common Files\AOL\1158262354\ee\services\preferences\ver3_4_1_1\preferences.dll
<unsigned> MD5: b566434e88b0905a0fad5922d077ff3c C:\Program Files\Common Files\AOL\1158262354\ee\services\softwareUpdate\ver1_14_10_2\stic.dll
<unsigned> MD5: f6c4a32176e848aa714c5e03d574f83a C:\Program Files\Common Files\AOL\1158262354\ee\xprt5.dll
<unsigned> MD5: 685d2f3140493185d7298bf50696c4dc C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
<unsigned> MD5: 092e43b1482eafe815e18dd48a1019fd C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll
<unsigned> MD5: e860562b59d399eb9c336ff308b72e7e C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe
<unsigned> MD5: 1cf03c69b49acb70c722df92755c0c8c C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
<unsigned> MD5: 7d58c9bdf9c0a3955bdcde7387ad12ac C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
<unsigned> MD5: 1c46fc1ab600766b8554580204806e84 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
<unsigned> MD5: 84437dadfff2ed615ded779cbd16a67e C:\Program Files\Common Files\LightScribe\LSLog.dll
<unsigned> MD5: d65010db6686f85b31bfa3b0ddd9f5dd C:\Program Files\Common Files\LightScribe\LSSProxy.dll
<unsigned> MD5: 86e8bcaa91fc2acfacd99cf2bf9f1f47 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
<unsigned> MD5: 7d2db489f984628a63aa4d3703b079b4 C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll
<unsigned> MD5: 78915c3ad0024bacd46f41bf02ee4415 C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
<unsigned> MD5: 30c11d027da6df390772146490273fd1 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned> MD5: 746742588c07db53731143229e2ee450 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
<unsigned> MD5: 5aac8163f5ddc7e510bedbdca9c247e5 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\hpqExec.dll
<unsigned> MD5: 5e77ad82e06d29416d3ab4aaf8ec7fe6 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
<unsigned> MD5: 7c0a05a60e0b3e352554874fd5a5dede C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBSERVICE.dll
<unsigned> MD5: d4f5faa2fd2dc5923c82ee5808beed7c C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
<unsigned> MD5: e508b0095d4871a6db4ab32b878501ee C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe
<unsigned> MD5: 287cf51b2d31cb87e2cd70e908e55280 C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnfps.dll
<unsigned> MD5: 43bc322d612b16e2402675669154fedc C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\S2WNSRes.dll
<unsigned> MD5: b3021f946d1f8ee5b3f0c7d4fe0fef84 C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
<unsigned> MD5: 04c1dcbb226c6ae647b794833ce3ceb6 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
<unsigned> MD5: 7db54f9c9d530193dee603ef2c8c2895 C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll
<unsigned> MD5: 33c9e3d74e5869b64e4c3da8cd33ff81 C:\Program Files\HP\Digital Imaging\bin\hpqimgr.dll
<unsigned> MD5: 6c56cf33c2c6236a1162fdfc0becd042 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
<unsigned> MD5: 3e036b1d0da9e1913887c78cae810109 C:\Program Files\HP\Digital Imaging\bin\hpqmirsc.dll
<unsigned> MD5: b2ddff1f7ff31e8103dc221772353417 C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
<unsigned> MD5: 67c6d2011d79550a3a0bce45e48da299 C:\Program Files\HP\Digital Imaging\bin\hpqvdcom.dll
<unsigned> MD5: 791166f60a6db32c079e813d7de43f47 C:\Program Files\HP\Digital Imaging\bin\ltfil13n.DLL
<unsigned> MD5: e2cd12a09aab75b19123e4ab807b2d25 C:\Program Files\HP\Digital Imaging\bin\ltkrn13n.dll
<unsigned> MD5: 2ac2c4ac49668b8c1abdc1fd151006da C:\Program Files\HP\QuickPlay\Helper.dll
<unsigned> MD5: 9a7c9c324d7b3114c6449692376bfc02 C:\Program Files\HP\QuickPlay\Kernel\common\CLDataSync.dll
<unsigned> MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files\HP\QuickPlay\MFC71.dll
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files\HP\QuickPlay\msvcr71.dll
<unsigned> MD5: cd7a1d584fc809b82d6a391bbdb42a44 C:\Program Files\HP\QuickPlay\QPService.exe
<unsigned> MD5: cf7ef7f52bccfe94f8290ab4f41bcbc8 C:\Program Files\HPQ\Default Settings\cpqset.exe
<unsigned> MD5: 1e4037f987986b200eb8421a1ceeee68 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: 10c24827c91cf238c00dd1c5b097380b C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
<unsigned> MD5: 356b50983b8ee80cca7e884ea33bb3ec C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
<unsigned> MD5: 7e35cb30478d2fe56e922eb1b6710114 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
<unsigned> MD5: caa4870a66fc29c444765a3025f4a6aa C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
<unsigned> MD5: e7af1f6d89354bdb810a8523613ea2c3 C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files\Java\jre6\bin\msvcr71.dll
<unsigned> MD5: 53f8b53918c839f76367b7e612b742b1 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<unsigned> MD5: 6f9b85c270d7287011670411801c9dbf C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: a0b507e037c3d2369f42a7bbfd08d878 C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: efb611e35d084e9118011c5f470580b6 C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> MD5: 51bcb411ca018ed7aba582d3c3028324 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> MD5: 90fb5f3b7805c1a1b0c3f0add4905fd2 C:\Program Files\Mozilla Firefox\plugins\nprade.dll
<unsigned> MD5: b49a14eb7fdd597dc4cf8160ba4be245 C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
<unsigned> MD5: 7206da15f187595389741f85dc47d2a5 C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: c8beebd0c2f316c07cec2286959a952e C:\Program Files\Network Associates\Common Framework\0409\AgentRes.dll
<unsigned> MD5: 180f5d67388d8ff52d61a8a1b6325dd5 C:\Program Files\Network Associates\Common Framework\0409\UpdRes.dll
<unsigned> MD5: 52d7faed86df2e2cfa53a84db09c29e3 C:\Program Files\Network Associates\Common Framework\applib.dll
<unsigned> MD5: 3b2b513a3e40bcc5733eb4229c82aaf1 C:\Program Files\Network Associates\Common Framework\cmalib.dll
<unsigned> MD5: a80f0e7dc789150c3ae4f504e3b96b06 C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
<unsigned> MD5: 7655bc44149cc7e2c2d7c12443e8bfe0 C:\Program Files\Network Associates\Common Framework\GenEvtInf.dll
<unsigned> MD5: a07004e43c252d3cfb0759d620aec69e C:\Program Files\Network Associates\Common Framework\InternetManager.dll
<unsigned> MD5: 3d908b0ace675e8dd64c7c72c64e3ca3 C:\Program Files\Network Associates\Common Framework\Logging.dll
<unsigned> MD5: d96bae2966dd404ec6947caccfa33b68 C:\Program Files\Network Associates\Common Framework\Management.dll
<unsigned> MD5: 3eaa08b3aa2d1f4fa4c2153b994220ac C:\Program Files\Network Associates\Common Framework\naCmnLib.dll
<unsigned> MD5: 317be5b6e5ac46668c6adcffe46d5d55 C:\Program Files\Network Associates\Common Framework\nailog.dll
<unsigned> MD5: daad2174fdb5e9b4ce734e338c7a8134 C:\Program Files\Network Associates\Common Framework\naInet.dll
<unsigned> MD5: 43d6b69fbdfa22e36c17d4d68d70078b C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll
<unsigned> MD5: 331b69d20d0983b93baf2f7e6daebb80 C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
<unsigned> MD5: ebe10d661df075bad51b8a704c45e48c C:\Program Files\Network Associates\Common Framework\naXML.dll
<unsigned> MD5: b3d22a483875a61cb2060c7d518effc2 C:\Program Files\Network Associates\Common Framework\PSAPI.dll
<unsigned> MD5: e3e54839572a89099b2f9f39403f3d12 C:\Program Files\Network Associates\Common Framework\Scheduler.dll
<unsigned> MD5: 6654bca6be7dca91723be57a5f1e25ed C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll
<unsigned> MD5: 77f670bde28573c56991376f0fea21ce C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll
<unsigned> MD5: cd89d4bff57a5c6459f4166c3b96a40c C:\Program Files\Network Associates\Common Framework\TCSubSys.dll
<unsigned> MD5: e4a7b1aa1e40676153a824ac00ec3450 C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
<unsigned> MD5: c821005b332d1bec2c875095f9f7e327 C:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll
<unsigned> MD5: c8c5efc0500be8268ed3f2a04c28a56f C:\Program Files\Network Associates\Common Framework\UserSpace.dll
<unsigned> MD5: 465b650f5018354126ecaf893a61b031 C:\Program Files\Network Associates\VirusScan\bbcpl.dll
<unsigned> MD5: 9acb58814ca332597ce341c585190a84 C:\Program Files\Network Associates\VirusScan\coptcpl.dll
<unsigned> MD5: 69de222ce562c78b654feea0c36863bd C:\Program Files\Network Associates\VirusScan\emcfgcpl.dll
<unsigned> MD5: 1486de1d0595dae8fef3a3d2a173fb06 C:\Program Files\Network Associates\VirusScan\entsrv.dll
<unsigned> MD5: c973671734a249055b5976508a60f6d9 C:\Program Files\Network Associates\VirusScan\ftcfg.dll
<unsigned> MD5: 59a18e24d987b8d859b0a39faebf5b6c C:\Program Files\Network Associates\VirusScan\ftl.dll
<unsigned> MD5: ee0569c10c75ba45aabfa3cdef7cb18c C:\Program Files\Network Associates\VirusScan\graphics.dll
<unsigned> MD5: fe7985dae11fa70829762c5af39dbb27 C:\Program Files\Network Associates\VirusScan\mcshield.exe
<unsigned> MD5: 465bb1099fca051298316fc1f054b1b8 C:\Program Files\Network Associates\VirusScan\midutil.dll
<unsigned> MD5: 1ab3218e6c25a93167244fd0297ccf66 C:\Program Files\Network Associates\VirusScan\mytilus.dll
<unsigned> MD5: d91a0ad2e60b7c689953e655a5d36659 C:\Program Files\Network Associates\VirusScan\naeventu.dll
<unsigned> MD5: 44db0383ba983eeed9167709e27016ea C:\Program Files\Network Associates\VirusScan\naiann.dll
<unsigned> MD5: 524edf546197038a752d39e89f428e37 C:\Program Files\Network Associates\VirusScan\naicondl.dll
<unsigned> MD5: a6d84be6b57d94036dd2e0f1d7651d44 C:\Program Files\Network Associates\VirusScan\naiwmain.dll
<unsigned> MD5: eafb7fe3dc71da9c7c79b36f1e95c299 C:\Program Files\Network Associates\VirusScan\nvpcpl.dll
<unsigned> MD5: 11e5a4fdae5496a34d709107573e6a6d C:\Program Files\Network Associates\VirusScan\oascpl.dll
<unsigned> MD5: f12add16830d9fc8952670c1c87427c0 C:\Program Files\Network Associates\VirusScan\Res09\mcshield.dll
<unsigned> MD5: e3d7fe2155b0a67a0550f7944178f4dc C:\Program Files\Network Associates\VirusScan\Res09\naevtres.dll
<unsigned> MD5: 7d00b23b645a1751d400a3d13a6ae73d C:\Program Files\Network Associates\VirusScan\Res09\product.dll
<unsigned> MD5: d0f02a1fff40d46b56fc31aee6e1453f C:\Program Files\Network Associates\VirusScan\Res09\semalres.dll
<unsigned> MD5: aafbae919bd9888459f13967c6017787 C:\Program Files\Network Associates\VirusScan\Res09\shextres.dll
<unsigned> MD5: 6beacced7b7f601fbb031eec3af78312 C:\Program Files\Network Associates\VirusScan\Res09\shstat.dll
<unsigned> MD5: 5752d086a2020084a6cef2015d04b17d C:\Program Files\Network Associates\VirusScan\Res09\shutilrc.dll
<unsigned> MD5: 4bf76abddb35f65af7b1186136975411 C:\Program Files\Network Associates\VirusScan\Res09\vstskmgr.dll
<unsigned> MD5: c4628f4a28c5230a0a0359bf98ace67a C:\Program Files\Network Associates\VirusScan\shext.dll
<unsigned> MD5: 7fdd96f93adbe7e986aabae0ca446011 C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
<unsigned> MD5: e894400561f248970d906f4c4a757146 C:\Program Files\Network Associates\VirusScan\shutil.dll
<unsigned> MD5: 24ff5da209f3eb28d780922db1849450 C:\Program Files\Network Associates\VirusScan\vsidsvr.dll
<unsigned> MD5: fe9d8b60cf998a2d19eb134549a4692a C:\Program Files\Network Associates\VirusScan\vsodscpl.dll
<unsigned> MD5: 90bdb3e8ae72e65f1fff7408d4a7d020 C:\Program Files\Network Associates\VirusScan\vsplugin.dll
<unsigned> MD5: dae0d925fa8d4aec46e924a136b93a32 C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
<unsigned> MD5: 4517492f9ea3af9c3c80e5ca7cebfca8 C:\Program Files\Network Associates\VirusScan\vsupdcpl.dll
<unsigned> MD5: fd8aa90a78160e4374ee44d892e0de3a C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
<unsigned> MD5: a84e7d2fc9648943d072c606f04fe1c4 C:\Program Files\QuickTime\QTSystem\QuickTime.qts
<unsigned> MD5: dd7b6b5e905b081d1fbbc714e9350b4e C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
<unsigned> MD5: 773bc5140191244d62045bf911be6a84 C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
<unsigned> MD5: fabad2bfd44661d8cc627e5485bfafaf C:\Program Files\QuickTime\QTTask.exe
<unsigned> MD5: d622530829e35d75526a814375eebcfd C:\Program Files\Viewpoint\Common\ViewpointService.exe
<unsigned> MD5: b49a14eb7fdd597dc4cf8160ba4be245 C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
<unsigned> MD5: 189c45c7cc2526da72932872e152a061 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
<unsigned> MD5: 86c490366d190c15cac2a6dfe17858e4 C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll
<unsigned> MD5: 30ea62894cb7ca6bc9d9c50aa89127db C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
<unsigned> MD5: 95a5842ea6a74542a56ec7bf3b87a896 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
<unsigned> MD5: a2cd5b30a85f087de72cd3a116bd7512 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
<unsigned> MD5: cd99c9feae87c1963273f6b150251e33 C:\Program Files\Windows Media Connect 2\wmccds.exe
<unsigned> MD5: 6efe29f123e58a6333f50beca863da42 C:\Program Files\Yahoo!\Common\npyaxmpb.dll
<unsigned> MD5: e508b0095d4871a6db4ab32b878501ee C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
<unsigned> MD5: 331b69d20d0983b93baf2f7e6daebb80 C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
<unsigned> MD5: fd8aa90a78160e4374ee44d892e0de3a C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
<unsigned> MD5: 4faa49ec49d9dd5d1aed49ad15154355 C:\PROGRA~1\PANICW~1\POP-UP~1\XA\psgain3.dll
<unsigned> MD5: 3a8fbcf0aa83a49c4a0c222d6fb53d91 C:\PROGRA~1\PANICW~1\POP-UP~1\XA\psie6.dll
<unsigned> MD5: 2b1ebdf48539125e64667d6ee4ad951f C:\PROGRA~1\PANICW~1\POP-UP~1\XA\psns4.dll
<unsigned> MD5: 1fa901b5134db22daaff08ff34d6ee56 C:\PROGRA~1\PANICW~1\POP-UP~1\XA\psns7.dll
<unsigned> MD5: dc2397c6c5cf3c6f3a3abeca3054e31f C:\PROGRA~1\PANICW~1\POP-UP~1\XA\pswmsg.dll
<unsigned> MD5: 3e6298139c065bc82859c72d17c02a01 C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll
<unsigned> MD5: a1b44c0a1ad71f86579a4521d5b1c024 C:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
<unsigned> MD5: f93a72045d60e0171841525713937a93 C:\WINDOWS\assembly\GAC\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
<unsigned> MD5: 10aab6ed3e5aae3865e9553a6f8f5442 C:\WINDOWS\assembly\GAC\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
<unsigned> MD5: 852c905609cb5a57f8a8620a7df6fdcf C:\WINDOWS\assembly\GAC\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
<unsigned> MD5: 48d64cb65944b07d01e3cd32c4734453 C:\WINDOWS\assembly\GAC\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
<unsigned> MD5: 490285ce5ad7d0425e10b7a4920ccfb8 C:\WINDOWS\assembly\GAC\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
<unsigned> MD5: 8d246d90f457beae9abd1c70a0bf41e2 C:\WINDOWS\assembly\GAC\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
<unsigned> MD5: f13bbf430e5116dcec3f37f60c11fc5b C:\WINDOWS\assembly\GAC\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
<unsigned> MD5: 339d5f227a3d562851cb196ba43beaed C:\WINDOWS\assembly\GAC\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
<unsigned> MD5: 7b5399123dd881c7107a34a293c972ca C:\WINDOWS\assembly\GAC\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
<unsigned> MD5: 561991c7a5fc4b7fb7ecdbc6b206de9b C:\WINDOWS\assembly\GAC\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
<unsigned> MD5: d765a51c0ac6bddd32d2ec633f804c0d C:\WINDOWS\assembly\GAC\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
<unsigned> MD5: bedb219af28005ec174b5de51bc25498 C:\WINDOWS\assembly\GAC\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
<unsigned> MD5: 724eb00e5a97d6ca5d3cd902d2a0feea C:\WINDOWS\assembly\GAC\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
<unsigned> MD5: 270cc0f5b8215ef8e44028c88fddfdb8 C:\WINDOWS\assembly\GAC\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
<unsigned> MD5: a057d8d1332cd79ebb8165d642c1c773 C:\WINDOWS\assembly\GAC\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
<unsigned> MD5: d7de2f92f663f9ac02221e72cbf3d2dc C:\WINDOWS\assembly\GAC\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
<unsigned> MD5: 8567a68b120374af07a8e83587731cf5 C:\WINDOWS\assembly\GAC\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
<unsigned> MD5: f351baf721f3e07e91e8378644af0af5 C:\WINDOWS\assembly\GAC\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
<unsigned> MD5: e3b168bb340c3bb7687ce1d65711ff3c C:\WINDOWS\assembly\GAC\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
<unsigned> MD5: 5380e428e98ebc89bdf8ce618896487c C:\WINDOWS\assembly\GAC\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
<unsigned> MD5: 100b1bfa7334e89da7922d090b00b62f C:\WINDOWS\assembly\GAC\Interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\Interop.hpqcxm08.dll
<unsigned> MD5: 3b51204d08ff98e01da93c334dc5b9ac C:\WINDOWS\assembly\GAC\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
<unsigned> MD5: df7b295804ede1f2d933b138687f2730 C:\WINDOWS\assembly\GAC\Interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\Interop.hpqvideo.dll
<unsigned> MD5: f89bdd4110a8f493ab2e4637f52eb1f4 C:\WINDOWS\assembly\GAC\Interop.hprblog\3.0.0.0__a53cf5803f4c3827\Interop.hprblog.dll
<unsigned> MD5: c2808d9ec312e38a30b432daaa91ea62 C:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.Codecs\13.0.0.113__9cf889f53ea9b907\LEAD.Drawing.Imaging.Codecs.dll
<unsigned> MD5: f5a621c69b659258e5164306a15c9caa C:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.ImageProcessing\13.0.0.113__9cf889f53ea9b907\LEAD.Drawing.Imaging.ImageProcessing.dll
<unsigned> MD5: b8549829aabd31329cb20367f05630ea C:\WINDOWS\assembly\GAC\LEAD.Drawing\13.0.0.113__9cf889f53ea9b907\LEAD.Drawing.dll
<unsigned> MD5: d086d14ae3e163dd38230cbc804c6747 C:\WINDOWS\assembly\GAC\LEAD.Windows.Forms.DrawingContainer\13.0.0.113__9cf889f53ea9b907\LEAD.Windows.Forms.DrawingContainer.dll
<unsigned> MD5: 4bbf2f7e4f0f21fdcf30f540e7331bd7 C:\WINDOWS\assembly\GAC\LEAD.Windows.Forms\13.0.0.113__9cf889f53ea9b907\LEAD.Windows.Forms.dll
<unsigned> MD5: 335270904fed5f3629fe0d2fcab7bd4f C:\WINDOWS\assembly\GAC\LEAD.Wrapper\13.0.0.113__9cf889f53ea9b907\LEAD.Wrapper.dll
<unsigned> MD5: 648fe0d27734bb73ef04bc6789b20935 C:\WINDOWS\assembly\GAC\LEAD\13.0.0.113__9cf889f53ea9b907\LEAD.dll
<unsigned> MD5: bcf15390de7368639c593735bf938d7a C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
<unsigned> MD5: 2814e9bdb75088c0b4cf6c1123f6ec8e C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
<unsigned> MD5: a5205b3af85b1477ab2c2a1e12201598 C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
<unsigned> MD5: 83928671ccc704d32c363461ca6dec83 C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
<unsigned> MD5: bd1e2bb8c96105353078ad23ff5489d0 C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.DLL
<unsigned> MD5: 16f96c1496cbd0965285ab19a9271d02 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
<unsigned> MD5: f054572a92573ca32d5f3aa8c15d2bac C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
<unsigned> MD5: 34dcf0e4754f8fa599e33aa444742481 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
<unsigned> MD5: 58ed45bfb06ec7c6b7d151b77247e4b3 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
<unsigned> MD5: 8da93d9a662e4ba18802bc6c2ccacd66 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
<unsigned> MD5: 5ac46a3a31bc58e512c4cafd87327922 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
<unsigned> MD5: 04de2774c2a6602da45e9e76d46bc071 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
<unsigned> MD5: 7e1174e9a3d17855680e144aa5d130a1 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
<unsigned> MD5: b89cb7f3f1a1e2807e708f5435deb13d C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
<unsigned> MD5: c1c4025b5f5311ac8bcc318b0c244d58 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
<unsigned> MD5: 179cc375c81b39902825abfe3a7cd49d C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
<unsigned> MD5: 2849f13593d2712ccb97ffbdd3c1232e C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
<unsigned> MD5: 50d2943d426ba91771ad87fdec802ac3 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
<unsigned> MD5: 4bbb50ee0660ad59380e27ea00f318c9 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
<unsigned> MD5: eb97291e3c9e0035b47b45dbb1af710d C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
<unsigned> MD5: 3ee2db3c94e0ff6f724e61bcc1c04a93 C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
<unsigned> MD5: b06f5a8b5fda2137fd450d32533599e5 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_37e6a10d\mscorlib.dll
<unsigned> MD5: 8de743aa719697e950f0d8bdb04d3bc2 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_d8960466\System.Drawing.dll
<unsigned> MD5: b464610bdb6cc1e96facc42116d1efa0 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_1df56f17\System.Windows.Forms.dll
<unsigned> MD5: eba6762c3b97c778acf61f846d1be8b6 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_64753cef\System.Xml.dll
<unsigned> MD5: 36e831d5c7d4b026830cf4fbfd7c734c C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_dac38e9d\System.dll
<unsigned> MD5: fc6427ffb3d95cf1bb9babe68baa8385 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
<unsigned> MD5: da3b1ff2c0b0e43e64a357a4e38832b5 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll
<unsigned> MD5: 7620e44114d390e490761acf9f1281be C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
<unsigned> MD5: 7fae0e3b3a3076c3ab57b77d1c332fbb C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
<unsigned> MD5: 7c009119f6851465acd1d21f7aee2125 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
<unsigned> MD5: 2e5bcdaabd77e54f65f39c8846748130 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
<unsigned> MD5: 121d3e27e960a65e82a9acf16dca01c9 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
<unsigned> MD5: 3bfe3d86bb8101acf59e532e612ec4c6 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
<unsigned> MD5: 65596ed3aa82139641b6a638b45f345c C:\WINDOWS\Downloaded Program Files\devenum.exe
<unsigned> MD5: 3fea9d2edf23b0283c7a66c8dea380bd C:\WINDOWS\Downloaded Program Files\dwusplay.dll
<unsigned> MD5: cdbe35ea59bc9223e4f800bd1db82d27 C:\WINDOWS\Downloaded Program Files\dwusplay.exe
<unsigned> MD5: 63853366ba3ea71eecfd781882e29752 C:\WINDOWS\Downloaded Program Files\hpmonZ.exe
<unsigned> MD5: b8f39c9e0f0b71e454dba431cf3b99c9 C:\WINDOWS\Downloaded Program Files\isusweb.dll
<unsigned> MD5: e01a69649500d30808e28bfdae8acc41 C:\WINDOWS\Downloaded Program Files\shortcut.exe
<unsigned> MD5: 6f678556a6fce04fc94f3435f6313705 C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
<unsigned> MD5: bc297d140484961f3ac3df545c1a73b9 C:\WINDOWS\Downloaded Program Files\unzip.exe
<unsigned> MD5: 7c87a5fb95777e4132b11fc3d92caaf5 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
<unsigned> MD5: f34d92fba77df7e0b5fdf17f9cd2ab9a C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
<unsigned> MD5: 5170eba2334e0533ed4cdaa27f1d930b C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
<unsigned> MD5: 2f67c092a56f2814be4c75ede8d1e176 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
<unsigned> MD5: 82a90e50aeba92cf47f341066c5efefc C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
<unsigned> MD5: ac1a02176f7c608e0cd971acf4bb91aa C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
<unsigned> MD5: c764f15f0ae8a02df1523cb24f355b22 C:\Windows\SMINST\RecGuard.exe
<unsigned> MD5: 8f2097e8b174f38178570c611464935f C:\WINDOWS\system32\atl71.dll
<unsigned> MD5: 6bb3f825486d14a0284d98683c10bf9e C:\WINDOWS\system32\BtAudioHelper.dll
<unsigned> MD5: 70391d4cb81c70a23c277f2fec4583a9 C:\WINDOWS\system32\bthcrp.dll
<unsigned> MD5: d076ddc79eec189df9f6c840ee6f3685 C:\WINDOWS\system32\btins.dll
<unsigned> MD5: a92ee1c7f2acdbae09e910c490244a70 C:\WINDOWS\system32\BTNCopy.dll
<unsigned> MD5: b2445ddeb7f87710ec2baa5984bcfe9a C:\WINDOWS\system32\btosif.dll
<unsigned> MD5: 61265a5a4b75a052c89a71835f3c8069 C:\WINDOWS\system32\btrez.dll
<unsigned> MD5: b66fd278bd43663066956507ece492ae C:\WINDOWS\system32\btwhidcs.dll
<unsigned> MD5: 26aa1984ec4e50e4d91c25ec46e11aa8 C:\WINDOWS\system32\CSH.DLL
<unsigned> MD5: 3bc0afbd546162fe6ed6ccb15befad73 C:\WINDOWS\system32\drivers\btaudio.sys
<unsigned> MD5: 9515d10ceaf284ab1a21934e1958d4fd C:\WINDOWS\system32\DRIVERS\btkrnl.sys
<unsigned> MD5: 1d25fb8b6b073e6f4fb51034f734ea2c C:\WINDOWS\system32\DRIVERS\btport.sys
<unsigned> MD5: 66bff2643e5f6a0f80208dde1c4b653a C:\WINDOWS\system32\DRIVERS\btwdndis.sys
<unsigned> MD5: 4272bab9291d26da5ac913bc79c3ce85 C:\WINDOWS\System32\Drivers\btwusb.sys
<unsigned> MD5: b166617bc29a7df800afeb6d812bf06c C:\WINDOWS\system32\drivers\CTXPIDMN.sys
<unsigned> MD5: b86c1da969df8d046515a0fdad7f192b C:\WINDOWS\system32\drivers\CTXSBX.sys
<unsigned> MD5: 577d668392eca8f47442db740a1dd76f C:\WINDOWS\system32\drivers\mvstdi5x.sys
<unsigned> MD5: b7334eee4ad6d63daea7ce109a0dc7ae C:\WINDOWS\system32\drivers\naiavf5x.sys
<unsigned> MD5: cf0376023360aadd55c89ba50564afdc C:\WINDOWS\system32\mdimon.dll
<unsigned> MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\WINDOWS\system32\mfc71.dll
<unsigned> MD5: baf751e7061ff626aa60f56d1d5d1fdc C:\WINDOWS\system32\MFC71ENU.DLL
<unsigned> MD5: 561fa2abb31dfa8fab762145f81667c2 C:\WINDOWS\system32\msvcp71.dll
<unsigned> MD5: 58e13a2292839321d3cdc918d5a4f5ae C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
<unsigned> MD5: 0c84e931f21c6fa8cd416027d02af6ce C:\WINDOWS\system32\wbtapi.dll
<unsigned> MD5: bf447d08ce2d5a2b1695fb694c4bef42 C:\WINDOWS\system32\WidcommSdk.dll
<unsigned> MD5: 9631b15db7c43c267636ff43c3075e07 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

The following file(s) must be uploaded for server-side scanning:
C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_d8960466\System.Drawing.dll

Upload started - 1 file(s)
System.Drawing.dll (835584)
Upload speed - 24 KB/s
Upload finished - 1 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 37 sec
Total traffic - 0.89 MB sent, 3.92 KB recvd
Scanned 1511 files and modules - 176 seconds

==============================================================================

#7
RKinner

Posted 10 July 2010 - 05:59 PM

Malware Expert

Expert
24,625 posts

Appears that Network Associates and McAfee are the same people these days so that was my mistake.

Your logs look pretty clean now so I guess we are done after a little housekeeping.

We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You do not have the latest Java. Get the latest at:

http://www.java.com/...nload/index.jsp
Don't let them install the Yahoo Toolbar or anything but the Java (You have to uncheck the Yahoo Toolbar or you will get it foisted on you)

Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) and No Script are two others you might want to try.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you install the MVP Hosts file:
http://www.mvps.org/...p2002/hosts.htm
it will keep you from going to most bad sites. You do not need Spybot's Immunize which does the same thing.

Ron