Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Annoying pop-up "blueskyadagancy" please help


  • Please log in to reply

#1
maccini

maccini

    Member

  • Member
  • PipPip
  • 13 posts
Hi, can't get rid of this "blueskyadagency" pop-up messages when running firefox. It's also slowing down my system. I have run malewarebytes, adaware, spyware dr and spybot. They removed the trojan but it keeps coming back. I am adding my hijack log and combofix log.

Thanks,

-Rich


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:48 PM, on 2/20/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo....?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1232082046\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DDNIService - Digital Delivery Networks, Inc. - C:\Program Files\DDNI\DIBS\DDNIService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ThinkPad PM Service for SL Series (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Service of LFKA (LFKAS) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11894 bytes




ComboFix 09-02-19.01 - Rich 2009-02-20 22:03:37.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2013.913 [GMT -5:00]
Running from: c:\users\Rich\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\components\41b29219-ccbb-00c1-88e6-e586c66fba8c.dll
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
Q:\Autorun.inf
S:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://dibs.ddni.net
.
((((((((((((((((((((((((( Files Created from 2009-01-21 to 2009-02-21 )))))))))))))))))))))))))))))))
.

2009-02-17 23:38 . 2009-02-17 23:50 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-02-17 23:38 . 2009-02-17 23:50 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2009-02-17 23:38 . 2009-02-17 23:38 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-17 06:48 . 2009-02-17 06:48 <DIR> d-------- c:\program files\MetaStream
2009-02-17 06:28 . 2009-02-17 06:28 <DIR> d-------- c:\users\All Users\Viewpoint
2009-02-17 06:28 . 2009-02-17 06:28 <DIR> d-------- c:\programdata\Viewpoint
2009-02-17 01:16 . 2009-02-17 01:16 <DIR> d-------- c:\program files\Trend Micro
2009-02-16 05:04 . 2009-02-16 00:09 15,688 --a------ c:\windows\System32\lsdelete.exe
2009-02-16 00:09 . 2009-02-16 00:09 64,160 --a------ c:\windows\System32\drivers\Lbd.sys
2009-02-16 00:07 . 2009-02-16 00:09 <DIR> d-------- c:\users\All Users\Lavasoft
2009-02-16 00:07 . 2009-02-16 00:07 <DIR> d--h-c--- c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-16 00:07 . 2009-02-16 00:09 <DIR> d-------- c:\programdata\Lavasoft
2009-02-16 00:07 . 2009-02-16 00:07 <DIR> d--h-c--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-16 00:07 . 2009-02-16 00:07 <DIR> d-------- c:\program files\Lavasoft
2009-02-15 17:42 . 2009-02-15 17:42 347,019 --a------ c:\windows\xwbsp37588.exe
2009-02-15 17:42 . 2009-02-15 17:42 132,880 --a------ c:\windows\System32\MSINET.OCX
2009-02-15 17:41 . 2009-02-15 17:42 4,623,480 --a------ c:\windows\mwsnu6641.exe
2009-02-15 17:41 . 2009-02-15 17:41 28,672 --a------ c:\windows\lujl83531.exe
2009-02-15 16:46 . 2009-02-16 00:04 <DIR> d-a------ c:\users\All Users\TEMP
2009-02-15 16:46 . 2009-02-16 00:04 <DIR> d-a------ c:\programdata\TEMP
2009-02-14 15:26 . 2009-02-14 15:26 <DIR> d-------- c:\users\Rich\AppData\Roaming\Talkback
2009-02-14 11:57 . 2009-02-14 11:57 <DIR> d-------- c:\program files\Sony Corporation
2009-02-11 11:24 . 2009-02-11 11:24 <DIR> d--hs---- c:\windows\ftpcache
2009-02-11 10:05 . 2009-02-11 10:05 <DIR> d-------- c:\windows\Sun
2009-02-11 06:45 . 2009-01-14 22:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 06:45 . 2009-01-15 01:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-06 18:06 . 2009-02-06 18:06 <DIR> d-------- c:\users\ihateaol\AppData\Roaming\AOL
2009-02-06 16:42 . 2009-02-06 16:42 784 --a------ c:\windows\System32\Local Area Connection.xml
2009-02-06 15:54 . 2009-02-06 15:55 <DIR> d-------- c:\users\ihateaol\AppData\Roaming\Lenovo
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Videos
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Searches
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Saved Games
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Pictures
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Music
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Links
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Downloads
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Documents
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Contacts
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> d--h----- c:\users\ihateaol\AppData
2009-02-06 15:53 . 2009-02-15 10:13 <DIR> d-------- c:\users\ihateaol
2009-02-05 20:07 . 2009-02-05 20:07 <DIR> d-------- c:\users\Guest\AppData\Roaming\AOL
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Videos
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Searches
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Saved Games
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Pictures
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Music
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Links
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Downloads
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Documents
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Contacts
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> d-------- c:\users\Guest\AppData\Roaming\Lenovo
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> d--h----- c:\users\Guest\AppData
2009-02-05 20:04 . 2009-02-15 10:13 <DIR> d-------- c:\users\Guest
2009-02-02 19:39 . 2008-06-19 20:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-02 19:39 . 2008-06-19 20:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-02 19:39 . 2008-06-19 20:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-02 19:39 . 2008-06-19 20:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-02 19:39 . 2008-06-19 20:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-02 19:39 . 2008-06-19 20:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-02 19:39 . 2008-06-19 20:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-02 19:39 . 2008-06-19 20:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-02 19:32 . 2008-07-27 13:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-02 19:32 . 2008-07-27 13:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-02 19:32 . 2008-07-27 13:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-02 19:32 . 2008-07-27 13:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-02 19:32 . 2008-07-27 13:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-01-31 19:20 . 2009-02-16 12:54 <DIR> d-------- c:\users\Rich\Shared
2009-01-31 19:20 . 2009-02-16 16:37 <DIR> d-------- c:\users\Rich\Incomplete
2009-01-31 19:18 . 2009-02-16 14:36 <DIR> d-------- c:\users\Rich\AppData\Roaming\LimeWire
2009-01-31 19:18 . 2009-01-31 19:18 <DIR> d-------- c:\program files\LimeWire
2009-01-31 18:28 . 2009-02-16 00:09 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-01-31 18:28 . 2009-01-31 18:28 <DIR> d-------- c:\users\Rich\AppData\Roaming\Apple Computer
2009-01-31 18:28 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-01-31 18:28 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-01-31 18:27 . 2009-01-31 18:27 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-31 18:27 . 2009-01-31 18:27 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-31 18:27 . 2009-01-31 18:27 <DIR> d-------- c:\program files\iTunes
2009-01-31 18:27 . 2009-01-31 18:27 <DIR> d-------- c:\program files\iPod
2009-01-31 18:27 . 2009-01-31 18:27 <DIR> d-------- c:\program files\Bonjour
2009-01-31 18:26 . 2009-01-31 18:27 <DIR> d-------- c:\users\All Users\Apple Computer
2009-01-31 18:26 . 2009-01-31 18:27 <DIR> d-------- c:\programdata\Apple Computer
2009-01-31 18:26 . 2009-01-31 18:27 <DIR> d-------- c:\program files\QuickTime
2009-01-31 18:26 . 2009-01-31 18:26 <DIR> d-------- c:\program files\Apple Software Update
2009-01-31 18:25 . 2009-01-31 18:25 <DIR> d-------- c:\users\All Users\Apple
2009-01-31 18:25 . 2009-01-31 18:25 <DIR> d-------- c:\programdata\Apple
2009-01-31 18:25 . 2009-01-31 18:27 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-30 19:57 . 2009-01-30 19:57 <DIR> d-------- c:\program files\dvd43
2009-01-30 19:57 . 2009-01-30 19:57 18,816 --a------ c:\windows\System32\drivers\dvd43llh.sys
2009-01-30 19:54 . 2009-01-30 19:54 <DIR> d-------- c:\program files\EasyDVDShrink
2009-01-30 19:54 . 1999-09-10 12:06 45,056 --a------ c:\windows\System32\WNASPI32.DLL
2009-01-30 19:54 . 1999-09-10 12:06 25,244 --a------ c:\windows\System32\drivers\ASPI32.SYS
2009-01-30 19:54 . 1999-09-10 12:06 5,600 --a------ c:\windows\system\WINASPI.DLL
2009-01-30 19:54 . 1999-09-10 12:06 4,672 --a------ c:\windows\system\WOWPOST.EXE
2009-01-30 19:50 . 2009-01-30 19:50 <DIR> d-------- c:\program files\DVD Decrypter
2009-01-28 11:40 . 2009-01-28 11:40 33,536 --a------ c:\windows\System32\drivers\tvtfilter.sys
2009-01-26 00:28 . 2009-01-28 10:34 <DIR> d-------- c:\program files\A123 MOV to AVI WMV DVD MPEG MP4 MOV Converter
2009-01-26 00:28 . 2009-01-26 00:28 34 --ah----- c:\windows\System32\VideoConverter_sysquict.dat
2009-01-26 00:27 . 2009-01-26 00:27 <DIR> d-------- c:\users\Rich\AppData\Roaming\Download Manager
2009-01-26 00:13 . 2009-01-26 00:13 <DIR> d-------- c:\users\Rich\AppData\Roaming\Pegasys Inc
2009-01-26 00:11 . 2009-01-26 00:10 145,504 --a------ c:\windows\System32\bgsvcgen.exe
2009-01-26 00:11 . 2009-01-26 00:10 59,488 --a------ c:\windows\System32\GenSvcInst.exe
2009-01-26 00:11 . 2009-01-26 00:10 13,567 --a------ c:\windows\System32\drivers\CDRBSDRV.SYS
2009-01-22 21:13 . 2009-01-22 21:13 <DIR> d-------- c:\program files\SiteAdvisor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-16 14:15 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-16 04:51 --------- d-----w c:\users\Rich\AppData\Roaming\uTorrent
2009-02-15 15:12 --------- d-----w c:\programdata\Lenovo
2009-02-15 15:12 --------- d-----w c:\program files\AOL 9.1
2009-02-11 22:05 --------- d-----w c:\program files\FxPro MetaTrader
2009-02-11 22:05 --------- d-----w c:\program files\FXDD - MetaTrader 4
2009-02-11 15:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 15:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-11 15:04 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-02-11 11:46 --------- d-----w c:\programdata\Microsoft Help
2009-02-11 11:46 --------- d-----w c:\program files\Windows Mail
2009-02-10 12:46 --------- d-----w c:\program files\Common Files\aol
2009-02-06 20:55 --------- d-----w c:\programdata\Sonic
2009-02-03 00:45 --------- d-----w c:\program files\Microsoft SQL Server
2009-01-28 16:40 --------- d-----w c:\program files\Lenovo
2009-01-28 16:40 --------- d-----w c:\program files\Common Files\Lenovo
2009-01-26 00:12 --------- d-----w c:\program files\McAfee
2009-01-23 15:00 --------- d-----w c:\programdata\PCDr
2009-01-23 15:00 --------- d-----w c:\program files\PCDR5
2009-01-21 01:22 --------- d-----w c:\programdata\SiteAdvisor
2009-01-21 01:22 --------- d-----w c:\programdata\McAfee
2009-01-20 04:21 --------- d-----w c:\program files\uTorrent
2009-01-20 01:20 --------- d-----w c:\program files\Common Files\McAfee
2009-01-20 01:19 --------- d-----w c:\program files\McAfee.com
2009-01-16 16:24 --------- d-----w c:\users\Rich\AppData\Roaming\AOL
2009-01-16 16:14 --------- d-----w c:\programdata\AOL
2009-01-16 16:01 --------- d-----w c:\programdata\AOL Downloads
2009-01-16 15:00 --------- d-----w c:\program files\Common Files\Adobe
2009-01-16 05:02 --------- d-----w c:\program files\Common Files\aolshare
2009-01-16 05:01 --------- d-----w c:\program files\Viewpoint
2009-01-16 05:01 --------- d-----w c:\program files\Common Files\Nullsoft
2009-01-16 05:00 --------- d-----w c:\programdata\AOL OCP
2009-01-15 15:54 --------- d-----w c:\program files\Java
2009-01-15 15:24 --------- d-----w c:\program files\MSXML 4.0
2009-01-15 14:14 --------- d-----w c:\programdata\DietPower4.4
2009-01-15 14:13 --------- d--h--w c:\programdata\{62305769-72A0-4229-BBE0-226CB5F989E1}
2009-01-15 14:13 --------- d-----w c:\program files\DietPower 4.4
2009-01-15 01:47 --------- d-----w c:\users\Rich\AppData\Roaming\Malwarebytes
2009-01-15 01:47 --------- d-----w c:\programdata\Malwarebytes
2009-01-15 00:37 --------- d-----w c:\program files\MSBuild
2009-01-15 00:34 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-01-14 22:20 --------- d--h--w c:\programdata\DDNI
2009-01-14 22:20 --------- d-----w c:\program files\DDNI
2009-01-14 22:17 --------- d-----w c:\programdata\PC-Doctor for Windows
2009-01-14 22:15 --------- d-----w c:\users\Rich\AppData\Roaming\Downloaded Installations
2009-01-14 15:33 --------- d-----w c:\users\Rich\AppData\Roaming\Lenovo
2009-01-14 15:31 --------- d-----w c:\program files\Windows Live Toolbar
2009-01-14 15:30 100 ----a-w c:\windows\system32\drivers\Lenovo_2746_CTO.MRK
2009-01-10 08:19 --------- d-----w c:\program files\Microsoft Office Suite Activation Assistant
2009-01-10 08:11 --------- d-----w c:\program files\Microsoft Small Business
2009-01-10 08:10 --------- d-----w c:\program files\Microsoft.NET
2009-01-10 08:08 --------- d-----w c:\program files\Microsoft Works
2009-01-10 08:04 --------- d-----w c:\programdata\PC-Doctor
2009-01-10 08:03 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-10 08:03 --------- d-----w c:\program files\Intel
2009-01-10 08:00 --------- d-----w c:\program files\ThinkPad
2009-01-10 07:59 --------- d-----w c:\programdata\Roxio
2009-01-10 07:55 30,144 ----a-w c:\windows\system32\drivers\psadd.sys
2009-01-10 07:55 129,784 ------w c:\windows\System32\pxafs.dll
2009-01-10 07:55 118,520 ------w c:\windows\System32\pxinsi64.exe
2009-01-10 07:55 116,472 ------w c:\windows\System32\pxcpyi64.exe
2009-01-10 07:55 --------- d-----w c:\program files\Verizon Wireless
2009-01-10 07:51 --------- d-----w c:\program files\Common Files\Java
2009-01-10 07:50 --------- d-----w c:\program files\InterVideo
2009-01-10 07:49 --------- d-----w c:\program files\Common Files\InterVideo
2009-01-10 07:48 --------- d-----w c:\programdata\Uninstall
2009-01-10 07:48 --------- d-----w c:\programdata\InstallShield
2009-01-10 07:48 --------- d-----w c:\program files\ThinkVantage
2009-01-10 07:48 --------- d-----w c:\program files\Sonic Icons for Lenovo
2009-01-10 07:48 --------- d-----w c:\program files\Roxio
2009-01-10 07:48 --------- d-----w c:\program files\Lenovo Registration
2009-01-10 07:48 --------- d-----w c:\program files\Common Files\Sonic Shared
2009-01-10 07:47 --------- d-----w c:\program files\Common Files\Roxio Shared
2009-01-10 07:47 --------- d-----w c:\program files\Common Files\PX Storage Engine
2009-01-10 07:46 --------- d-----w c:\program files\Common Files\SureThing Shared
2009-01-10 07:46 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-10 07:41 --------- d-----w c:\program files\Lenovo Group Limited
2009-01-10 07:38 --------- d-----w c:\program files\Realtek
2009-01-10 07:38 --------- d-----w c:\program files\CONEXANT
2009-01-10 07:36 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-01-10 07:36 --------- d-----w c:\program files\Synaptics
2009-01-10 07:35 --------- d-----w c:\program files\DIFX
2009-01-10 07:35 --------- d-----w c:\program files\Cisco
2009-01-10 07:27 3,601,976 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-01-10 07:27 3,549,752 ----a-w c:\windows\System32\ntoskrnl.exe
2009-01-10 07:25 625,152 ----a-w c:\windows\system32\drivers\dxgkrnl.sys
2009-01-10 07:25 565,248 ----a-w c:\windows\System32\emdmgmt.dll
2009-01-10 07:25 45,056 ----a-w c:\windows\System32\dataclen.dll
2009-01-10 07:25 428,544 ----a-w c:\windows\System32\EncDec.dll
2009-01-10 07:25 36,864 ----a-w c:\windows\System32\cdd.dll
2009-01-10 07:25 293,376 ----a-w c:\windows\System32\psisdecd.dll
2009-01-10 07:25 148,480 ----a-w c:\windows\system32\drivers\nwifi.sys
2009-01-10 07:24 801,280 ----a-w c:\windows\System32\NaturalLanguage6.dll
2009-01-10 07:24 2,644,480 ----a-w c:\windows\System32\NlsLexicons0009.dll
2009-01-10 07:24 12,240,896 ----a-w c:\windows\System32\NlsLexicons0007.dll
2009-01-10 07:22 885,248 ----a-w c:\windows\System32\RacEngn.dll
2009-01-10 07:22 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2009-01-10 07:22 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2009-01-10 07:22 2,032,640 ----a-w c:\windows\System32\win32k.sys
2009-01-10 07:21 90,112 ----a-w c:\windows\System32\wshext.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-11-06 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1045800]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-23 64368]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-05 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-05 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-05 154136]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\Lenovo\LENOVO~2\LPMLCHK.exe" [2008-06-08 124248]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2008-11-20 640288]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-10-27 431392]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-10-27 148768]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-25 3077432]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2008-07-30 33304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"HostManager"="c:\program files\Common Files\AOL\1232082046\ee\AOLSoftware.exe" [2008-06-24 41824]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-16 509784]
"TpShocks"="TpShocks.exe" [2008-06-06 c:\windows\System32\TpShocks.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
--------- 2006-11-20 12:33 214576 c:\progra~1\ThinkPad\UTILIT~1\BTVLOGEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DietPower 4.4 Update Setup for All Users]
--a------ 2008-07-07 11:46 2395976 c:\programdata\{62305769-72A0-4229-BBE0-226CB5F989E1}\DietPowerSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
--a------ 2008-11-17 18:50 827904 c:\program files\dvd43\DVD43_Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hrlhssvc]
--a------ 2009-02-15 17:42 851968 c:\users\Rich\AppData\Local\hrlhssvc\hrlhssvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-01-06 13:06 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-11 10:04 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1737692862-350434438-2812127596-1003]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D74B93C5-027D-42F8-A63E-9A91FA50D583}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{35BC7809-4DEA-404E-9AC8-C44A020799D6}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9F599504-48E3-4F91-901B-F99FC5A38D7B}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E6A48022-8679-42E2-A8F1-E291E6AE6548}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FD85FDEA-AA8C-44E9-A1E3-49C0917ED557}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B97A33E7-3547-4E28-901A-EAAFC1C1A4CF}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{96389246-21EB-4A20-BEC7-ADA6218C1BE2}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{FF8D981B-CCCE-44A0-A930-0B74774F4D2D}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{BB20F5D6-A155-4DCB-AA75-37A55F1E645F}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{859AC31B-2AD6-4C0F-A026-5152AC14579E}"= UDP:c:\program files\Common Files\aol\1232082046\ee\aolsoftware.exe:AOL Shared Components
"{E6AF2992-676C-45C0-9679-91C27B7CC267}"= TCP:c:\program files\Common Files\aol\1232082046\ee\aolsoftware.exe:AOL Shared Components
"{FF23B675-5A69-45D8-8A87-B52C38E35189}"= UDP:c:\program files\AOL 9.1\waol.exe:AOL
"{5AF5090B-0138-4BFF-8B93-B0D944FB40AD}"= TCP:c:\program files\AOL 9.1\waol.exe:AOL
"{27646B96-D89D-458D-AB47-83F9080A55A1}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{F13854B1-4749-45EB-A42E-1FE2FB256E13}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{8A36A9D3-763C-486B-A5F1-5564FE55D821}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{D0CEBB71-A5C1-4146-8B15-324269D8B789}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{A0C1B893-AB39-4B10-BE8E-80643CEA7419}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{D1B2F512-23C7-40AC-856D-A6AABDC5171E}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{4F585607-F9E1-4956-BE65-8B5B2B94F4E7}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{0F1F5A7C-02C9-4FA6-B584-BE2111C79477}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{96A54E30-7470-45AD-89C7-E0E246E29111}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1D61DF3F-ABFD-4EDF-B5A4-DD40CB0763B1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{4FF15F32-D38C-48C4-A97C-1E2A4656F762}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{E67D0CBE-D8FC-45FD-AA3E-F17191FE8968}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{FE57109D-482D-4029-AB37-4D8B8AC605FD}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{395E85E5-8742-4074-86AC-B3EE08F6726A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{D635A394-3E32-4897-A69F-612EE7B7B81C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{1DA87496-DA24-4793-A55A-7B6B9F9C1AC6}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{0CC0971B-35AB-492A-994F-3CE6BC80CA3B}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [2009-01-10 225304]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-02-16 64160]
R0 Shockprf;Shockprf;c:\windows\System32\drivers\ApsX86.sys [2008-05-14 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\System32\drivers\ApsHM86.sys [2008-05-14 19496]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\System32\drivers\smiif32.sys [2008-05-19 13480]
R1 TPPWRIF;TPPWRIF;c:\windows\System32\drivers\TPPWR32V.SYS [2009-01-10 11552]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [2009-01-10 112128]
S1 tvtumon;tvtumon;c:\windows\System32\drivers\tvtumon.sys [2008-05-24 48192]

--- Other Services/Drivers In Memory ---

*Deregistered* - volsnap
*Deregistered* - Wanarpv6
*Deregistered* - wanatw
*Deregistered* - Wdf01000
*Deregistered* - XAudio

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e3e12c9-dee8-11dd-a3bd-806e6f6e6963}]
\shell\AutoRun\command - Q:\LenovoQDrive.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6fd1f57-dee2-11dd-8193-00248c0597e0}]
\shell\AutoRun\command - S:\LenovoSDrive.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-16 00:09]

2009-02-21 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 15:54]

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-10-31 13:14]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-DietPower 4 - c:\users\Rich\AppData\Local\{62305769-72A0-4229-BBE0-226CB5F989E1}\DietPowerSetup.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
FF - ProfilePath - c:\users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\oi0ex9cm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
1 file(s) moved.
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-20 22:08:31
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4464)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\ibmpmsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\Lenovo\ATK Hotkey\ASLDRSrv.exe
c:\program files\Lenovo\ATK Hotkey\GFNEXSrv.exe
c:\program files\Lavasoft\Ad-Aware\AAWService.exe
c:\program files\Lenovo\ATK Hotkey\LFKAS.exe
c:\windows\System32\wlanext.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\aol\acs\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\DDNI\DIBS\DDNIService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\McAfee\SiteAdvisor\McSACore.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\windows\System32\rundll32.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\ThinkPad\Utilities\PWMDBSVC.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\HOTKEY\TPHKSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Lenovo\ATK Hotkey\LControl.exe
c:\program files\Lenovo\ATK Hotkey\LFKA.exe
c:\program files\Lenovo\NPDIRECT\tpfnf7sp.exe
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\windows\System32\igfxsrvc.exe
c:\program files\Lenovo\LenovoCare\LPMGR.EXE
c:\program files\Lenovo\LenovoCare\LPMLCHK.EXE
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\program files\AOL 9.1\waol.exe
c:\program files\McAfee\MSC\mcmscsvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\ThinkPad\Utilities\PWMUIAux.EXE
c:\program files\AOL 9.1\shellmon.exe
c:\program files\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-02-20 22:15:57 - machine was rebooted [Rich]
ComboFix-quarantined-files.txt 2009-02-21 03:15:32

Pre-Run: 117,185,617,920 bytes free
Post-Run: 116,742,467,584 bytes free

458 --- E O F --- 2009-02-11 11:49:35
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello maccini

Welcome to G2Go. :)
=====================
  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#3
maccini

maccini

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks for your help! Here are the files.

-Rich



OTListIt logfile created on: 2/21/2009 9:18:14 AM - Run
OTListIt2 by OldTimer - Version 2.0.1.0 Folder = C:\Users\Rich\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 51.41% Memory free
4.00 Gb Paging File | 2.79 Gb Available in Paging File | 69.71% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.82 Gb Total Space | 106.99 Gb Free Space | 77.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 9.77 Gb Total Space | 4.05 Gb Free Space | 41.49% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 47.07% Space Free | Partition Type: NTFS

Computer Name: RICH-PC
Current User Name: Rich
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Windows\system32\ibmpmsvc.exe (Lenovo)
PRC - C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe ()
PRC - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe ()
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\DDNI\DIBS\DDNIService.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Windows\System32\TPHDEXLG.exe (Lenovo.)
PRC - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe (ATK0101)
PRC - C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe (Lenovo)
PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Windows\System32\TpShocks.exe (Lenovo.)
PRC - C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
PRC - C:\Windows\System32\igfxtray.exe (Intel Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - C:\Windows\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
PRC - C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Zoom\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE (Lenovo Group Limited)
PRC - C:\Windows\Explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\AOL 9.1\waol.exe (AOL, LLC.)
PRC - C:\Program Files\AOL 9.1\shellmon.exe (AOL, LLC.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Users\Rich\Downloads\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AcPrfMgrSvc [Auto | Running]) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
SRV - (AcSvc [Auto | Running]) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ASLDRService [Auto | Running]) -- C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe ()
SRV - (ATKGFNEXSrv [Auto | Running]) -- C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe ()
SRV - (BcmSqlStartupSvc [Auto | Running]) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DDNIService [Auto | Running]) -- C:\Program Files\DDNI\DIBS\DDNIService.exe (Digital Delivery Networks, Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (IAANTMON [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (IBMPMSVC [Auto | Running]) -- C:\Windows\system32\ibmpmsvc.exe (Lenovo)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (IviRegMgr [Auto | Running]) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LFKAS [Auto | Running]) -- C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe ()
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSSQL$MSSMLBIZ [On_Demand | Stopped]) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Power Manager DBC Service [Auto | Running]) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (Roxio UPnP Renderer 10 [On_Demand | Stopped]) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 10 [Auto | Stopped]) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (RoxLiveShare10 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxMediaDB10 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (RoxWatch10 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (SessionLauncher [Auto | Stopped]) -- File not found
SRV - (SQLBrowser [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (SUService [Auto | Running]) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (ThinkVantage Registry Monitor Service [Auto | Running]) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (TPHDEXLGSVC [Auto | Running]) -- C:\Windows\System32\TPHDEXLG.exe (Lenovo.)
SRV - (TPHKSVC [Auto | Running]) -- C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (TSSCoreService [Auto | Running]) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo)
SRV - (TVT Backup Protection Service [Auto | Running]) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (TVT Backup Service [Auto | Running]) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (TVT Scheduler [Auto | Running]) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (TVT_UpdateMonitor [Auto | Stopped]) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (ASMMAP [Auto | Running]) -- C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys ()
DRV - (ASPI32 [System | Running]) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (athr [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\athr.sys (Atheros Communications, Inc.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cdrbsdrv [System | Running]) -- C:\Windows\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (CnxtHdAudService [On_Demand | Running]) -- C:\Windows\system32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (DLABMFSM [Auto | Running]) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLABOIOM [Auto | Running]) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLACDBHM [System | Running]) -- C:\Windows\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DLADResM [Auto | Running]) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAIFS_M [Auto | Running]) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAOPIOM [Auto | Running]) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLAPoolM [Auto | Running]) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLARTL_M [System | Running]) -- C:\Windows\System32\Drivers\DLARTL_M.SYS (Roxio)
DRV - (DLAUDFAM [Auto | Running]) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M [Auto | Running]) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DRVMCDB [Boot | Running]) -- C:\Windows\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\Windows\System32\Drivers\DRVNDDM.SYS (Roxio)
DRV - (dvd43llh [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\dvd43llh.sys (RIF)
DRV - (e1express [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\e1e6032.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (iaNvStor [Boot | Running]) -- C:\Windows\system32\DRIVERS\iaNvStor.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (IBMPMDRV [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\ibmpmdrv.sys (Lenovo.)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcHdmiAddService [On_Demand | Running]) -- C:\Windows\system32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (Lbd [Boot | Running]) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (lenovo.smi [System | Running]) -- C:\Windows\system32\DRIVERS\smiif32.sys (Lenovo Group Limited)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\Windows\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\Windows\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\Windows\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\Windows\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\Windows\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (MTsensor [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\A0101V32.sys (ATK0100)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (psadd [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\psadd.sys (Lenovo (United States) Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\Rtlh86.sys (Realtek Corporation )
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Shockprf [Boot | Running]) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (TPDIGIMN [Boot | Running]) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (TPM [On_Demand | Stopped]) -- C:\Windows\system32\drivers\tpm.sys (Microsoft Corporation)
DRV - (TPPWRIF [System | Running]) -- C:\Windows\System32\drivers\Tppwr32v.sys (Lenovo Group Limited)
DRV - (tvtfilter [Auto | Running]) -- C:\Windows\system32\DRIVERS\tvtfilter.sys (Lenovo)
DRV - (tvtumon [System | Stopped]) -- C:\Windows\system32\DRIVERS\tvtumon.sys (Lenovo)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (wanatw [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (WimFltr [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\wimfltr.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Invalid data type.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Invalid data type.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = Reg Error: Invalid data type.
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe (Lenovo)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent (Lenovo Group Limited)
O4 - HKLM..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (Lenovo Group Ltd.)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1232082046\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LPMailChecker] C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" (Sonic Solutions)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b (AOL, LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\wshtcpip.dll,-60103] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [NTDS] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\system32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\system32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\system32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\autoexec.bat () - [ NTFS ]
O33 - MountPoints2\{5e3e12c9-dee8-11dd-a3bd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5e3e12c9-dee8-11dd-a3bd-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008/07/21 11:09:40 | 00,262,144 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{b6fd1f57-dee2-11dd-8193-00248c0597e0}\Shell - "" = AutoRun
O33 - MountPoints2\{b6fd1f57-dee2-11dd-8193-00248c0597e0}\Shell\AutoRun\command - "" = S:\LenovoSDrive.exe -- [2008/07/29 17:37:58 | 00,180,224 | -HS- | M] ()

========== Files/Folders - Created Within 30 Days ==========

[2009/02/21 09:16:44 | 00,000,774 | ---- | C] () -- C:\Users\Rich\Desktop\gmer - Shortcut.lnk
[2009/02/21 09:16:33 | 00,000,851 | ---- | C] () -- C:\Users\Rich\Desktop\OTListIt2 - Shortcut.lnk
[2009/02/21 09:10:08 | 00,000,000 | ---D | C] -- C:\Windows\LastGood
[2009/02/20 22:03:00 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/02/20 22:03:00 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/02/20 22:03:00 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/02/20 22:03:00 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/02/20 22:03:00 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\Windows\fdsv.exe
[2009/02/20 22:03:00 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/02/20 22:03:00 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/02/20 22:03:00 | 00,049,152 | ---- | C] () -- C:\Windows\VFIND.exe
[2009/02/20 22:03:00 | 00,029,696 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/02/20 22:02:23 | 00,000,846 | ---- | C] () -- C:\Users\Rich\Desktop\ComboFix - Shortcut.lnk
[2009/02/20 22:00:20 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/02/20 22:00:20 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/02/17 23:38:33 | 00,001,065 | ---- | C] () -- C:\Users\Rich\Desktop\Spybot - Search & Destroy.lnk
[2009/02/17 23:38:28 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/02/17 23:38:28 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/02/17 06:48:34 | 00,000,000 | ---D | C] -- C:\Program Files\MetaStream
[2009/02/17 06:28:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2009/02/17 01:16:41 | 00,001,884 | ---- | C] () -- C:\Users\Rich\Desktop\HijackThis.lnk
[2009/02/17 01:16:41 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/02/16 16:37:41 | 02,565,753 | -H-- | C] () -- C:\Users\Rich\AppData\Local\IconCache.db
[2009/02/16 08:31:01 | 21,110,82496 | -HS- | C] () -- C:\hiberfil.sys
[2009/02/16 05:04:54 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/02/16 00:09:25 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/02/16 00:09:21 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/02/16 00:07:59 | 00,000,000 | -H-D | C] -- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/02/16 00:07:58 | 00,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/02/16 00:07:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/02/16 00:07:49 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/02/15 17:42:28 | 00,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2009/02/15 17:42:23 | 00,347,019 | ---- | C] () -- C:\Windows\xwbsp37588.exe
[2009/02/15 17:42:21 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\hrlhssvc
[2009/02/15 17:41:54 | 04,623,480 | ---- | C] (W3i, LLC) -- C:\Windows\mwsnu6641.exe
[2009/02/15 17:41:45 | 00,028,672 | ---- | C] (BB Inc) -- C:\Windows\lujl83531.exe
[2009/02/15 16:46:36 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/02/14 15:26:48 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Talkback
[2009/02/14 15:26:34 | 00,001,734 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/02/14 11:57:19 | 00,000,000 | ---D | C] -- C:\Program Files\Sony Corporation
[2009/02/14 01:08:20 | 00,000,000 | ---D | C] -- C:\Users\Rich\Documents\DRUNKS
[2009/02/14 01:08:10 | 02,540,256 | ---- | C] () -- C:\Users\Rich\Documents\DRUNKS.zip
[2009/02/11 11:24:16 | 00,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2009/02/11 10:05:24 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/02/11 06:45:31 | 03,580,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/02/11 06:45:30 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/02/11 06:45:30 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/02/11 06:45:28 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/02/11 06:45:28 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/02/11 06:45:27 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/02/11 06:45:24 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/02/11 06:45:22 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/02/11 06:45:21 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/02/09 15:57:25 | 00,000,000 | ---D | C] -- C:\Users\Rich\Desktop\Abbie
[2009/02/09 15:57:16 | 00,000,000 | ---D | C] -- C:\Users\Rich\Desktop\palm springs
[2009/02/06 16:42:06 | 00,000,784 | ---- | C] () -- C:\Windows\System32\Local Area Connection.xml
[2009/02/03 00:52:27 | 00,006,144 | ---- | C] () -- C:\Users\Rich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/03 00:46:21 | 00,000,608 | ---- | C] () -- C:\Users\Rich\Desktop\new-osha300form1-1-04.lnk
[2009/02/02 23:36:21 | 04,740,542 | ---- | C] () -- C:\Users\Rich\Documents\[bleep]-Wife.wmv
[2009/02/02 19:39:42 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/02/02 19:39:41 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/02/02 19:39:41 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/02/02 19:39:41 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/02/02 19:39:40 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/02/02 19:39:40 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/02/02 19:39:39 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/02/02 19:39:36 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/02/02 19:32:57 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/02/02 19:32:53 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/02/02 19:32:52 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/02/02 19:32:35 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/02/02 19:32:26 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/02/02 14:30:29 | 00,009,872 | ---- | C] () -- C:\Users\Rich\Documents\Audio login.docx
[2009/01/31 19:18:52 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\LimeWire
[2009/01/31 19:18:44 | 00,001,714 | ---- | C] () -- C:\Users\Rich\Desktop\LimeWire 4.14.10.lnk
[2009/01/31 19:18:35 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2009/01/31 18:28:16 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Apple Computer
[2009/01/31 18:28:16 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Apple Computer
[2009/01/31 18:28:08 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/01/31 18:28:00 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/01/31 18:27:43 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/01/31 18:27:40 | 00,000,000 | ---D | C] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/01/31 18:27:40 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/01/31 18:27:14 | 00,000,000 | ---D | C] -- C:\Program Files\
  • 0

#4
maccini

maccini

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTlist.txt cont......

========== Files/Folders - Created Within 30 Days ==========

[2009/02/21 09:16:44 | 00,000,774 | ---- | C] () -- C:\Users\Rich\Desktop\gmer - Shortcut.lnk
[2009/02/21 09:16:33 | 00,000,851 | ---- | C] () -- C:\Users\Rich\Desktop\OTListIt2 - Shortcut.lnk
[2009/02/21 09:10:08 | 00,000,000 | ---D | C] -- C:\Windows\LastGood
[2009/02/20 22:03:00 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/02/20 22:03:00 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/02/20 22:03:00 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/02/20 22:03:00 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/02/20 22:03:00 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\Windows\fdsv.exe
[2009/02/20 22:03:00 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/02/20 22:03:00 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/02/20 22:03:00 | 00,049,152 | ---- | C] () -- C:\Windows\VFIND.exe
[2009/02/20 22:03:00 | 00,029,696 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/02/20 22:02:23 | 00,000,846 | ---- | C] () -- C:\Users\Rich\Desktop\ComboFix - Shortcut.lnk
[2009/02/20 22:00:20 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/02/20 22:00:20 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/02/17 23:38:33 | 00,001,065 | ---- | C] () -- C:\Users\Rich\Desktop\Spybot - Search & Destroy.lnk
[2009/02/17 23:38:28 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/02/17 23:38:28 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/02/17 06:48:34 | 00,000,000 | ---D | C] -- C:\Program Files\MetaStream
[2009/02/17 06:28:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2009/02/17 01:16:41 | 00,001,884 | ---- | C] () -- C:\Users\Rich\Desktop\HijackThis.lnk
[2009/02/17 01:16:41 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/02/16 16:37:41 | 02,565,753 | -H-- | C] () -- C:\Users\Rich\AppData\Local\IconCache.db
[2009/02/16 08:31:01 | 21,110,82496 | -HS- | C] () -- C:\hiberfil.sys
[2009/02/16 05:04:54 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/02/16 00:09:25 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/02/16 00:09:21 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/02/16 00:07:59 | 00,000,000 | -H-D | C] -- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/02/16 00:07:58 | 00,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/02/16 00:07:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/02/16 00:07:49 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/02/15 17:42:28 | 00,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2009/02/15 17:42:23 | 00,347,019 | ---- | C] () -- C:\Windows\xwbsp37588.exe
[2009/02/15 17:42:21 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\hrlhssvc
[2009/02/15 17:41:54 | 04,623,480 | ---- | C] (W3i, LLC) -- C:\Windows\mwsnu6641.exe
[2009/02/15 17:41:45 | 00,028,672 | ---- | C] (BB Inc) -- C:\Windows\lujl83531.exe
[2009/02/15 16:46:36 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/02/14 15:26:48 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Talkback
[2009/02/14 15:26:34 | 00,001,734 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/02/14 11:57:19 | 00,000,000 | ---D | C] -- C:\Program Files\Sony Corporation
[2009/02/14 01:08:20 | 00,000,000 | ---D | C] -- C:\Users\Rich\Documents\DRUNKS
[2009/02/14 01:08:10 | 02,540,256 | ---- | C] () -- C:\Users\Rich\Documents\DRUNKS.zip
[2009/02/11 11:24:16 | 00,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2009/02/11 10:05:24 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/02/11 06:45:31 | 03,580,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/02/11 06:45:30 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/02/11 06:45:30 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/02/11 06:45:28 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/02/11 06:45:28 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/02/11 06:45:27 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/02/11 06:45:24 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/02/11 06:45:22 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/02/11 06:45:21 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/02/09 15:57:25 | 00,000,000 | ---D | C] -- C:\Users\Rich\Desktop\Abbie
[2009/02/09 15:57:16 | 00,000,000 | ---D | C] -- C:\Users\Rich\Desktop\palm springs
[2009/02/06 16:42:06 | 00,000,784 | ---- | C] () -- C:\Windows\System32\Local Area Connection.xml
[2009/02/03 00:52:27 | 00,006,144 | ---- | C] () -- C:\Users\Rich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/03 00:46:21 | 00,000,608 | ---- | C] () -- C:\Users\Rich\Desktop\new-osha300form1-1-04.lnk
[2009/02/02 23:36:21 | 04,740,542 | ---- | C] () -- C:\Users\Rich\Documents\[bleep]-Wife.wmv
[2009/02/02 19:39:42 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/02/02 19:39:41 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/02/02 19:39:41 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/02/02 19:39:41 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/02/02 19:39:40 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/02/02 19:39:40 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/02/02 19:39:39 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/02/02 19:39:36 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/02/02 19:32:57 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/02/02 19:32:53 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/02/02 19:32:52 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/02/02 19:32:35 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/02/02 19:32:26 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/02/02 14:30:29 | 00,009,872 | ---- | C] () -- C:\Users\Rich\Documents\Audio login.docx
[2009/01/31 19:18:52 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\LimeWire
[2009/01/31 19:18:44 | 00,001,714 | ---- | C] () -- C:\Users\Rich\Desktop\LimeWire 4.14.10.lnk
[2009/01/31 19:18:35 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2009/01/31 18:28:16 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Apple Computer
[2009/01/31 18:28:16 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Apple Computer
[2009/01/31 18:28:08 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/01/31 18:28:00 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/01/31 18:27:43 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/01/31 18:27:40 | 00,000,000 | ---D | C] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/01/31 18:27:40 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/01/31 18:27:14 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/01/31 18:26:51 | 00,001,736 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/01/31 18:26:32 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/01/31 18:26:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/01/31 18:26:11 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Apple
[2009/01/31 18:26:08 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/01/31 18:25:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/01/31 18:25:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/01/31 17:08:51 | 00,011,682 | ---- | C] () -- C:\Users\Rich\Documents\Sarah School.docx
[2009/01/31 17:05:17 | 00,286,208 | ---- | C] (The Strangely Green Chicken Company) -- C:\Users\Rich\Desktop\Copy of Cleanup.exe
[2009/01/31 17:05:17 | 00,024,064 | ---- | C] () -- C:\Users\Rich\Desktop\Electronic Signature.doc
[2009/01/30 20:08:50 | 00,000,000 | ---D | C] -- C:\Users\Rich\Desktop\DVD Burning Software
[2009/01/30 19:57:24 | 00,018,816 | ---- | C] (RIF) -- C:\Windows\System32\drivers\dvd43llh.sys
[2009/01/30 19:57:24 | 00,000,000 | ---D | C] -- C:\Program Files\dvd43
[2009/01/30 19:54:05 | 00,045,056 | ---- | C] (Adaptec) -- C:\Windows\System32\WNASPI32.DLL
[2009/01/30 19:54:05 | 00,025,244 | ---- | C] (Adaptec) -- C:\Windows\System32\drivers\ASPI32.SYS
[2009/01/30 19:54:05 | 00,005,600 | ---- | C] (Adaptec) -- C:\Windows\System\WINASPI.DLL
[2009/01/30 19:54:05 | 00,004,672 | ---- | C] (Adaptec) -- C:\Windows\System\WOWPOST.EXE
[2009/01/30 19:54:03 | 00,000,000 | ---D | C] -- C:\Program Files\EasyDVDShrink
[2009/01/30 19:50:41 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2009/01/30 12:14:10 | 05,122,813 | ---- | C] () -- C:\Users\Rich\Desktop\RobinHood-FX-1.wmv
[2009/01/30 12:11:40 | 02,374,238 | ---- | C] () -- C:\Users\Rich\Desktop\RobinHood-FX.pdf
[2009/01/27 07:08:13 | 00,000,000 | ---- | C] () -- C:\Users\Public\Documents\AcSvc.dmp
[2009/01/26 01:04:54 | 00,000,000 | ---D | C] -- C:\Users\Rich\Documents\RER Soft, Inc
[2009/01/26 00:28:37 | 00,000,034 | -H-- | C] () -- C:\Windows\System32\VideoConverter_sysquict.dat
[2009/01/26 00:28:29 | 00,000,000 | ---D | C] -- C:\Program Files\A123 MOV to AVI WMV DVD MPEG MP4 MOV Converter
[2009/01/26 00:27:57 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Download Manager
[2009/01/26 00:13:57 | 00,000,000 | ---D | C] -- C:\Users\Rich\Documents\TMPGEnc Authoring Works 4
[2009/01/26 00:13:10 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Pegasys Inc
[2009/01/26 00:11:40 | 00,145,504 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
[2009/01/26 00:11:40 | 00,059,488 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\GenSvcInst.exe
[2009/01/26 00:11:40 | 00,013,567 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\drivers\CDRBSDRV.SYS
[2009/01/23 10:00:26 | 00,001,356 | ---- | C] () -- C:\Users\Rich\AppData\Local\d3d9caps.dat
[2009/01/22 21:13:38 | 00,000,000 | ---D | C] -- C:\Program Files\SiteAdvisor

========== Files - Modified Within 30 Days ==========

[2009/02/21 09:16:44 | 00,000,774 | ---- | M] () -- C:\Users\Rich\Desktop\gmer - Shortcut.lnk
[2009/02/21 09:16:33 | 00,000,851 | ---- | M] () -- C:\Users\Rich\Desktop\OTListIt2 - Shortcut.lnk
[2009/02/21 09:11:00 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/02/21 09:11:00 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/02/21 08:51:00 | 00,000,252 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2009/02/20 23:05:00 | 00,000,324 | ---- | M] () -- C:\Windows\win.ini
[2009/02/20 22:08:36 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/02/20 22:08:27 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/02/20 22:08:17 | 00,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2009/02/20 22:07:14 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/02/20 22:07:12 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/02/20 22:07:10 | 21,110,82496 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/20 22:06:03 | 00,017,753 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/02/20 22:02:23 | 00,000,846 | ---- | M] () -- C:\Users\Rich\Desktop\ComboFix - Shortcut.lnk
[2009/02/20 21:00:41 | 02,565,753 | -H-- | M] () -- C:\Users\Rich\AppData\Local\IconCache.db
[2009/02/20 14:49:53 | 00,001,724 | -H-- | M] () -- C:\Users\Rich\Documents\Default.rdp
[2009/02/17 23:38:33 | 00,001,065 | ---- | M] () -- C:\Users\Rich\Desktop\Spybot - Search & Destroy.lnk
[2009/02/17 06:27:54 | 00,775,020 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/02/17 06:27:54 | 00,645,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/02/17 06:27:54 | 00,119,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/02/17 01:16:41 | 00,001,884 | ---- | M] () -- C:\Users\Rich\Desktop\HijackThis.lnk
[2009/02/16 08:21:16 | 00,001,356 | ---- | M] () -- C:\Users\Rich\AppData\Local\d3d9caps.dat
[2009/02/16 00:10:34 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/02/16 00:09:17 | 00,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2009/02/16 00:09:09 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/02/16 00:07:58 | 00,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/02/15 17:42:40 | 04,623,480 | ---- | M] (W3i, LLC) -- C:\Windows\mwsnu6641.exe
[2009/02/15 17:42:28 | 00,132,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2009/02/15 17:42:27 | 00,347,019 | ---- | M] () -- C:\Windows\xwbsp37588.exe
[2009/02/15 17:41:45 | 00,028,672 | ---- | M] (BB Inc) -- C:\Windows\lujl83531.exe
[2009/02/15 17:39:50 | 00,006,144 | ---- | M] () -- C:\Users\Rich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/15 01:26:56 | 00,000,338 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2009/02/14 20:32:10 | 00,001,734 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/02/14 01:08:20 | 02,540,256 | ---- | M] () -- C:\Users\Rich\Documents\DRUNKS.zip
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/02/06 16:42:17 | 00,000,784 | ---- | M] () -- C:\Windows\System32\Local Area Connection.xml
[2009/02/03 18:21:12 | 21,244,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/02/03 00:46:21 | 00,000,608 | ---- | M] () -- C:\Users\Rich\Desktop\new-osha300form1-1-04.lnk
[2009/02/02 23:36:38 | 04,740,542 | ---- | M] () -- C:\Users\Rich\Documents\[bleep]-Wife.wmv
[2009/02/02 14:30:30 | 00,009,872 | ---- | M] () -- C:\Users\Rich\Documents\Audio login.docx
[2009/02/02 06:53:22 | 00,000,000 | ---- | M] () -- C:\Users\Public\Documents\AcSvc.dmp
[2009/02/01 01:00:17 | 00,000,330 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2009/01/31 19:18:44 | 00,001,714 | ---- | M] () -- C:\Users\Rich\Desktop\LimeWire 4.14.10.lnk
[2009/01/31 18:28:08 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/01/31 18:26:51 | 00,001,736 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/01/31 17:08:51 | 00,011,682 | ---- | M] () -- C:\Users\Rich\Documents\Sarah School.docx
[2009/01/30 19:57:24 | 00,018,816 | ---- | M] (RIF) -- C:\Windows\System32\drivers\dvd43llh.sys
[2009/01/30 12:14:10 | 05,122,813 | ---- | M] () -- C:\Users\Rich\Desktop\RobinHood-FX-1.wmv
[2009/01/30 12:11:53 | 02,374,238 | ---- | M] () -- C:\Users\Rich\Desktop\RobinHood-FX.pdf
[2009/01/26 07:40:11 | 00,413,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/01/26 00:28:37 | 00,000,034 | -H-- | M] () -- C:\Windows\System32\VideoConverter_sysquict.dat
[2009/01/26 00:10:34 | 00,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
[2009/01/26 00:10:34 | 00,059,488 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\GenSvcInst.exe
[2009/01/26 00:10:34 | 00,013,567 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\drivers\CDRBSDRV.SYS
[2009/01/23 10:12:00 | 00,000,436 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

========== LOP Check ==========

[2009/02/16 00:10:34 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/02/21 08:51:00 | 00,000,252 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2009/02/15 01:26:56 | 00,000,338 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2009/02/01 01:00:17 | 00,000,330 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/01/23 10:12:00 | 00,000,436 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/02/20 22:07:14 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/02/20 22:06:12 | 00,030,670 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
  • 0

#5
maccini

maccini

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTListIt Extras logfile created on: 2/21/2009 9:18:14 AM - Run
OTListIt2 by OldTimer - Version 2.0.1.0 Folder = C:\Users\Rich\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 51.41% Memory free
4.00 Gb Paging File | 2.79 Gb Available in Paging File | 69.71% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.82 Gb Total Space | 106.99 Gb Free Space | 77.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 9.77 Gb Total Space | 4.05 Gb Free Space | 41.49% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 47.07% Space Free | Partition Type: NTFS

Computer Name: RICH-PC
Current User Name: Rich
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1737692862-350434438-2812127596-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055B9AD2-48E1-462E-9992-814123063C46}" = Lenovo_ATK_Package
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{30E47417-B708-424E-B8B8-0C71EAE879FB}" = DIBS
"{31423F74-36B2-4d24-B10D-CD00BFB7C118}" = Intel® Turbo Memory
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3CE38F12-0D0E-43E1-867A-E1C0B78D089E}" = Message Center Plus
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = FXDD - MetaTrader 4.00
"{3F963A06-7C18-4039-9789-9644B3266AE7}" = Verizon Wireless BroadbandAccess Self Activation
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4BCDD100-3029-42C3-B7F7-4A0DA414861D}" = DietPower 4.4
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{4E336342-73F3-4D6B-AFDE-2F218B8BCF2F}" = Mobile Broadband Connect
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Small Business Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5523092E-13AA-4EED-8E18-255860F6D9DC}" = ThinkVantage Status Gadget
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8485F313-4B62-42F3-ADD8-0DE34A4DDAEF}" = Thinkpad Wireless LAN Adapters Software (11a/b/g/n)
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager and Intel® Turbo Memory
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP1
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E8A54984-9776-4283-ACE2-782BA850A1C0}" = Roxio Creator Small Business Edition
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility
"414DA9DB2E84AAFAD2D2715FD9BABFAB2D209FFD" = Windows Driver Package - Lenovo 1.44 (05/14/2008 1.44)
"Ad-Aware" = Ad-Aware
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP1
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DietPower 4.4" = DietPower 4.4
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD43_is1" = DVD43 v4.4.0
"Easy DVD Shrink" = Easy DVD Shrink
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"Lenovo News-Shop" = Lenovo News-Shop
"Lenovo Registration" = Lenovo Registration
"Lenovo Welcome_is1" = Lenovo Welcome v1.0.24.3
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LimeWire" = LimeWire 4.14.10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"MSC" = McAfee SecurityCenter
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo System Toolbox
"Power Management Driver" = ThinkPad Power Management Driver for SL Series
"PROHYBRIDR" = 2007 Microsoft Office system
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"Windows Live Toolbar" = Windows Live Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/16/2009 9:20:49 AM | Computer Name = Rich-PC | Source = EventSystem | ID = 4609
Description =

Error - 2/16/2009 9:31:25 AM | Computer Name = Rich-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/16/2009 9:34:41 AM | Computer Name = Rich-PC | Source = System Restore | ID = 8209
Description =

Error - 2/16/2009 7:54:39 PM | Computer Name = Rich-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/17/2009 1:30:32 AM | Computer Name = Rich-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/18/2009 1:10:16 AM | Computer Name = Rich-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/18/2009 5:25:04 AM | Computer Name = Rich-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/18/2009 7:25:41 AM | Computer Name = Rich-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/18/2009 12:09:27 PM | Computer Name = Rich-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/20/2009 11:07:23 PM | Computer Name = Rich-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2/18/2009 12:09:30 PM | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2/20/2009 10:01:07 PM | Computer Name = Rich-PC | Source = DCOM | ID = 10010
Description =

Error - 2/20/2009 11:07:15 PM | Computer Name = Rich-PC | Source = HTTP | ID = 15016
Description =

Error - 2/20/2009 11:07:29 PM | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/20/2009 11:07:32 PM | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2/20/2009 11:12:14 PM | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 2/20/2009 11:12:44 PM | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 2/20/2009 11:13:17 PM | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 2/20/2009 11:13:47 PM | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 2/20/2009 11:14:17 PM | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >
  • 0

#6
maccini

maccini

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-21 09:43:16
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.14 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8DC1C9BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8DC1C958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8DC1C96C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8DC1C9FC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8DC1CA3F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8DC1C930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8DC1C944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8DC1C9D2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8DC1CA67]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8DC1CA53]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8DC1C9AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8DC1C996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8DC1CA2B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8DC1CA12]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8DC1C9E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8DC1C982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwYieldExecution 81C3B19C 5 Bytes JMP 8DC1C9EC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 81DD52E4 5 Bytes JMP 8DC1CA43 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateUserProcess 81DDCF24 5 Bytes JMP 8DC1C986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 81DF70DA 5 Bytes JMP 8DC1CA2F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 81E16336 5 Bytes JMP 8DC1C948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 81E25C85 5 Bytes JMP 8DC1C934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 81E388CE 7 Bytes JMP 8DC1CA00 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 81E38F25 5 Bytes JMP 8DC1CA16 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 81E3B136 5 Bytes JMP 8DC1C9C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 81E487F4 5 Bytes JMP 8DC1C99A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 81E4AA4E 7 Bytes JMP 8DC1C9D6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 81E695D2 5 Bytes JMP 8DC1CA57 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 81E6A61E 5 Bytes JMP 8DC1CA6B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 81EA83FB 5 Bytes JMP 8DC1C95C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 81EA8446 7 Bytes JMP 8DC1C970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 81EA8EFB 5 Bytes JMP 8DC1C9AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\Windows\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\Windows\system32\services.exe[756] kernel32.dll!GetStartupInfoW 77881929 5 Bytes JMP 00410F30
.text C:\Windows\system32\services.exe[756] kernel32.dll!GetStartupInfoA 778819C9 5 Bytes JMP 00410F41
.text C:\Windows\system32\services.exe[756] kernel32.dll!CreateProcessW 77881C01 5 Bytes JMP 00410091
.text C:\Windows\system32\services.exe[756] kernel32.dll!CreateProcessA 77881C36 5 Bytes JMP 00410EFA
.text C:\Windows\system32\services.exe[756] kernel32.dll!VirtualProtect 77881DD1 5 Bytes JMP 0041005B
.text C:\Windows\system32\services.exe[756] kernel32.dll!CreateNamedPipeW 77885C44 5 Bytes JMP 00410FD4
.text C:\Windows\system32\services.exe[756] kernel32.dll!LoadLibraryExW 778A30C3 5 Bytes JMP 00410040
.text C:\Windows\system32\services.exe[756] kernel32.dll!LoadLibraryW 778A361F 5 Bytes JMP 00410F94
.text C:\Windows\system32\services.exe[756] kernel32.dll!VirtualProtectEx 778A8D7E 5 Bytes JMP 0041006C
.text C:\Windows\system32\services.exe[756] kernel32.dll!LoadLibraryExA 778A9469 5 Bytes JMP 00410F83
.text C:\Windows\system32\services.exe[756] kernel32.dll!LoadLibraryA 778A9491 5 Bytes JMP 00410FAF
.text C:\Windows\system32\services.exe[756] kernel32.dll!CreatePipe 778B0284 5 Bytes JMP 00410F5C
.text C:\Windows\system32\services.exe[756] kernel32.dll!GetProcAddress 778CB8B6 5 Bytes JMP 004100AC
.text C:\Windows\system32\services.exe[756] kernel32.dll!CreateFileW 778CCC4E 5 Bytes JMP 0041001B
.text C:\Windows\system32\services.exe[756] kernel32.dll!CreateFileA 778CCF71 5 Bytes JMP 00410000
.text C:\Windows\system32\services.exe[756] kernel32.dll!CreateNamedPipeA 779141F6 5 Bytes JMP 00410FE5
.text C:\Windows\system32\services.exe[756] kernel32.dll!WinExec 779153E7 5 Bytes JMP 00410F15
.text C:\Windows\system32\services.exe[756] ADVAPI32.dll!RegCreateKeyExA 7751B5E7 5 Bytes JMP 00400FB9
.text C:\Windows\system32\services.exe[756] ADVAPI32.dll!RegCreateKeyA 7751B8AE 5 Bytes JMP 00400FCA
.text C:\Windows\system32\services.exe[756] ADVAPI32.dll!RegOpenKeyA 77520BF5 5 Bytes JMP 00400FEF
.text C:\Windows\system32\services.exe[756] ADVAPI32.dll!RegCreateKeyW 7752B83D 5 Bytes JMP 00400051
.text C:\Windows\system32\services.exe[756] ADVAPI32.dll!RegCreateKeyExW 7752BCE1 5 Bytes JMP 00400076
.text C:\Windows\system32\services.exe[756] ADVAPI32.dll!RegOpenKeyExA 7752D4E8 5 Bytes JMP 00400025
.text C:\Windows\system32\services.exe[756] ADVAPI32.dll!RegOpenKeyW 77533CB0 5 Bytes JMP 0040000A
.text C:\Windows\system32\services.exe[756] ADVAPI32.dll!RegOpenKeyExW 7753F09D 5 Bytes JMP 00400040
.text C:\Windows\system32\services.exe[756] WS2_32.dll!socket 75FA36D1 5 Bytes JMP 003E0FEF
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!GetStartupInfoW 77881929 5 Bytes JMP 00BF0F07
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!GetStartupInfoA 778819C9 5 Bytes JMP 00BF0F22
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!CreateProcessW 77881C01 5 Bytes JMP 00BF0079
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!CreateProcessA 77881C36 5 Bytes JMP 00BF0068
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!VirtualProtect 77881DD1 5 Bytes JMP 00BF0F4E
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!CreateNamedPipeW 77885C44 5 Bytes JMP 00BF0FB2
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!LoadLibraryExW 778A30C3 5 Bytes JMP 00BF0F5F
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!LoadLibraryW 778A361F 5 Bytes JMP 00BF0FA1
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!VirtualProtectEx 778A8D7E 5 Bytes JMP 00BF004D
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!LoadLibraryExA 778A9469 5 Bytes JMP 00BF0F7C
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!LoadLibraryA 778A9491 5 Bytes JMP 00BF0028
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!CreatePipe 778B0284 5 Bytes JMP 00BF0F3D
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!GetProcAddress 778CB8B6 5 Bytes JMP 00BF0EC7
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!CreateFileW 778CCC4E 5 Bytes JMP 00BF0FD4
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!CreateFileA 778CCF71 5 Bytes JMP 00BF0FEF
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!CreateNamedPipeA 779141F6 5 Bytes JMP 00BF0FC3
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!WinExec 779153E7 5 Bytes JMP 00BF0EF6
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyExA 7751B5E7 5 Bytes JMP 002D006C
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyA 7751B8AE 5 Bytes JMP 002D0036
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyA 77520BF5 5 Bytes JMP 002D0000
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyW 7752B83D 5 Bytes JMP 002D0051
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyExW 7752BCE1 5 Bytes JMP 002D0091
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyExA 7752D4E8 5 Bytes JMP 002D0FDB
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyW 77533CB0 5 Bytes JMP 002D0011
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyExW 7753F09D 5 Bytes JMP 002D0FCA
.text C:\Windows\system32\lsass.exe[772] WS2_32.dll!socket 75FA36D1 5 Bytes JMP 00100FE5
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!GetStartupInfoW 77881929 5 Bytes JMP 0024008A
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!GetStartupInfoA 778819C9 5 Bytes JMP 00240F44
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!CreateProcessW 77881C01 5 Bytes JMP 00240F18
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!CreateProcessA 77881C36 5 Bytes JMP 00240F29
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!VirtualProtect 77881DD1 5 Bytes JMP 0024005B
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!CreateNamedPipeW 77885C44 5 Bytes JMP 00240FB2
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!LoadLibraryExW 778A30C3 5 Bytes JMP 0024004A
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!LoadLibraryW 778A361F 5 Bytes JMP 00240F97
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!VirtualProtectEx 778A8D7E 5 Bytes JMP 00240F70
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!LoadLibraryExA 778A9469 5 Bytes JMP 00240039
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!LoadLibraryA 778A9491 5 Bytes JMP 0024001E
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!CreatePipe 778B0284 5 Bytes JMP 00240F5F
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!GetProcAddress 778CB8B6 5 Bytes JMP 00240EF3
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!CreateFileW 778CCC4E 5 Bytes JMP 00240FDE
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!CreateFileA 778CCF71 5 Bytes JMP 00240FEF
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!CreateNamedPipeA 779141F6 5 Bytes JMP 00240FCD
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!WinExec 779153E7 5 Bytes JMP 0024009B
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExA 7751B5E7 5 Bytes JMP 00230F83
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyA 7751B8AE 5 Bytes JMP 00230FAF
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyA 77520BF5 5 Bytes JMP 00230FEF
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyW 7752B83D 5 Bytes JMP 00230F94
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExW 7752BCE1 5 Bytes JMP 00230F72
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyExA 7752D4E8 5 Bytes JMP 00230011
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyW 77533CB0 5 Bytes JMP 00230000
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyExW 7753F09D 5 Bytes JMP 00230FC0
.text C:\Windows\system32\svchost.exe[964] WS2_32.dll!socket 75FA36D1 5 Bytes JMP 00210000
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!GetStartupInfoW 77881929 5 Bytes JMP 003800C7
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!GetStartupInfoA 778819C9 5 Bytes JMP 00380F81
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!CreateProcessW 77881C01 5 Bytes JMP 003800E2
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!CreateProcessA 77881C36 5 Bytes JMP 00380F55
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!VirtualProtect 77881DD1 5 Bytes JMP 0038007D
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!CreateNamedPipeW 77885C44 5 Bytes JMP 00380011
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!LoadLibraryExW 778A30C3 5 Bytes JMP 0038006C
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!LoadLibraryW 778A361F 5 Bytes JMP 00380FAF
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!VirtualProtectEx 778A8D7E 5 Bytes JMP 00380F92
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!LoadLibraryExA 778A9469 5 Bytes JMP 00380051
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!LoadLibraryA 778A9491 5 Bytes JMP 00380036
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!CreatePipe 778B0284 5 Bytes JMP 003800A2
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!GetProcAddress 778CB8B6 5 Bytes JMP 00380107
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!CreateFileW 778CCC4E 5 Bytes JMP 00380000
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!CreateFileA 778CCF71 5 Bytes JMP 00380FE5
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!CreateNamedPipeA 779141F6 5 Bytes JMP 00380FCA
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!WinExec 779153E7 5 Bytes JMP 00380F66
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExA 7751B5E7 5 Bytes JMP 0027004A
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyA 7751B8AE 5 Bytes JMP 00270FA8
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyA 77520BF5 5 Bytes JMP 00270FEF
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyW 7752B83D 5 Bytes JMP 0027002F
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExW 7752BCE1 5 Bytes JMP 00270F8D
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExA 7752D4E8 5 Bytes JMP 00270FD4
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyW 77533CB0 5 Bytes JMP 0027000A
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExW 7753F09D 5 Bytes JMP 00270FB9
.text C:\Windows\system32\svchost.exe[1080] WS2_32.dll!socket 75FA36D1 5 Bytes JMP 00210FEF
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!GetStartupInfoW 77881929 5 Bytes JMP 00D20F5C
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!GetStartupInfoA 778819C9 5 Bytes JMP 00D200A2
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateProcessW 77881C01 5 Bytes JMP 00D200D8
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateProcessA 77881C36 5 Bytes JMP 00D200C7
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!VirtualProtect 77881DD1 5 Bytes JMP 00D20073
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateNamedPipeW 77885C44 5 Bytes JMP 00D2002C
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!LoadLibraryExW 778A30C3 5 Bytes JMP 00D20058
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!LoadLibraryW 778A361F 5 Bytes JMP 00D20FB6
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!VirtualProtectEx 778A8D7E 5 Bytes JMP 00D20F7E
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!LoadLibraryExA 778A9469 5 Bytes JMP 00D20F9B
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!LoadLibraryA 778A9491 5 Bytes JMP 00D2003D
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreatePipe 778B0284 5 Bytes JMP 00D20F6D
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!GetProcAddress 778CB8B6 5 Bytes JMP 00D20F26
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateFileW 778CCC4E 5 Bytes JMP 00D20000
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateFileA 778CCF71 5 Bytes JMP 00D20FE5
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateNamedPipeA 779141F6 5 Bytes JMP 00D2001B
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!WinExec 779153E7 5 Bytes JMP 00D20F41
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExA 7751B5E7 5 Bytes JMP 00600F9B
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyA 7751B8AE 5 Bytes JMP 00600FC0
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyA 77520BF5 5 Bytes JMP 00600FEF
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyW 7752B83D 5 Bytes JMP 00600047
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExW 7752BCE1 5 Bytes JMP 00600058
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExA 7752D4E8 5 Bytes JMP 00600025
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyW 77533CB0 5 Bytes JMP 0060000A
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExW 7753F09D 5 Bytes JMP 00600036
.text C:\Windows\System32\svchost.exe[1220] WS2_32.dll!socket 75FA36D1 5 Bytes JMP 00540FEF
.text C:\Windows\System32\svchost.exe[1248] kernel32.dll!GetStartupInfoW 77881929 5 Bytes JMP 01620F6F
.text C:\Windows\System32\svchost.exe[1248] kernel32.dll!GetStartupInfoA 778819C9 5 Bytes JMP 016200B5
.text C:\Windows\System32\svchost.exe[1248] kernel32.dll!CreateProcessW 77881C01 5 Bytes JMP 016200F5
.text C:\Windows\System32\svchost.exe[1248] kernel32.dll!CreateProcessA 77881C36 5 Bytes JMP 01620F5E
.text C:\Windows\System32\svchost.exe[1248] kernel32.dll!VirtualProtect 77881DD1 5 Bytes JMP 01620F9B
.text C:\Windows\System32\svchost.exe[1248] kernel32.dll!CreateNamedPipeW 77885C44 5 Bytes JMP 01620036
.text C:\Windows\System32\svchost.exe[1248] kernel32.dll!LoadLibraryExW 778A30C3 5 Bytes JMP 01620069
.text C:\Windows\System32\svchost.exe[1248] kernel32.dll!LoadLibraryW 778A361F 5 Bytes JMP 01620FC0
.text C:\Windows\System32\svchost.exe[1248] kernel32.dll!VirtualProtectEx 778A8D7E 5 Bytes JMP 01620F8A
.text C:\Windows\System32\svchost.exe[1248] kernel32.dll!LoadLibraryExA 778A9469 5 Bytes JMP 01620058
.text C:\Windows\System32\svchost.exe[1248] kernel32.dll!LoadLibraryA 778A9491 5 Bytes JMP 01620047
.text C:\Windows\System32\svchost.exe[1248] kernel32.dll!CreatePipe 778B0284 5 Bytes JMP 016200A4
.text C:\Windows\System32\svchost.exe[1248] kernel32.dll!GetProcAddress 778CB8B6 5 Bytes JMP 01620106
.text C:\Windows\System32\svchost.exe[1248] kernel32.dll!CreateFileW 778CCC4E 5 Bytes JMP 0162001B
.text C:\Windows\System32\svchost.exe[1248] kernel32.dll!CreateFileA 778CCF71 5 Bytes JMP 01620000
.text C:\Windows\System32\svchost.exe[1248] kernel32.dll!CreateNamedPipeA 779141F6 5 Bytes JMP 01620FE5
.text C:\Windows\System32\svchost.exe[1248] kernel32.dll!WinExec 779153E7 5 Bytes JMP 016200DA
.text C:\Windows\System32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyExA 7751B5E7 5 Bytes JMP 01090040
.text C:\Windows\System32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyA 7751B8AE 5 Bytes JMP 01090025
.text C:\Windows\System32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyA 77520BF5 5 Bytes JMP 01090FE5
.text C:\Windows\System32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyW 7752B83D 5 Bytes JMP 01090F9E
.text C:\Windows\System32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyExW 7752BCE1 5 Bytes JMP 01090F79
.text C:\Windows\System32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyExA 7752D4E8 5 Bytes JMP 0109000A
.text C:\Windows\System32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyW 77533CB0 5 Bytes JMP 01090FD4
.text C:\Windows\System32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyExW 7753F09D 5 Bytes JMP 01090FAF
.text C:\Windows\System32\svchost.exe[1248] WS2_32.dll!socket 75FA36D1 5 Bytes JMP 00DF0FE5
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!GetStartupInfoW 77881929 5 Bytes JMP 012B0F30
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!GetStartupInfoA 778819C9 5 Bytes JMP 012B0076
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateProcessW 77881C01 5 Bytes JMP 012B0F04
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateProcessA 77881C36 5 Bytes JMP 012B009B
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!VirtualProtect 77881DD1 5 Bytes JMP 012B0F81
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateNamedPipeW 77885C44 5 Bytes JMP 012B0025
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!LoadLibraryExW 778A30C3 5 Bytes JMP 012B0065
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!LoadLibraryW 778A361F 5 Bytes JMP 012B004A
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!VirtualProtectEx 778A8D7E 5 Bytes JMP 012B0F70
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!LoadLibraryExA 778A9469 5 Bytes JMP 012B0FA8
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!LoadLibraryA 778A9491 5 Bytes JMP 012B0FC3
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreatePipe 778B0284 5 Bytes JMP 012B0F4B
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!GetProcAddress 778CB8B6 5 Bytes JMP 012B00C0
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateFileW 778CCC4E 5 Bytes JMP 012B000A
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateFileA 778CCF71 5 Bytes JMP 012B0FEF
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateNamedPipeA 779141F6 5 Bytes JMP 012B0FD4
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!WinExec 779153E7 5 Bytes JMP 012B0F15
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExA 7751B5E7 5 Bytes JMP 01290076
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyA 7751B8AE 5 Bytes JMP 0129004A
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyA 77520BF5 5 Bytes JMP 01290FEF
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyW 7752B83D 5 Bytes JMP 0129005B
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExW 7752BCE1 5 Bytes JMP 01290FB9
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyExA 7752D4E8 5 Bytes JMP 0129002F
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyW 77533CB0 5 Bytes JMP 0129000A
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyExW 7753F09D 5 Bytes JMP 01290FDE
.text C:\Windows\system32\svchost.exe[1280] WS2_32.dll!socket 75FA36D1 5 Bytes JMP 011B0000
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoW 77881929 5 Bytes JMP 01000F32
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoA 778819C9 5 Bytes JMP 01000082
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateProcessW 77881C01 5 Bytes JMP 01000F0D
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateProcessA 77881C36 5 Bytes JMP 010000A4
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!VirtualProtect 77881DD1 5 Bytes JMP 01000F6B
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeW 77885C44 5 Bytes JMP 01000FCA
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExW 778A30C3 5 Bytes JMP 01000F7C
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryW 778A361F 5 Bytes JMP 01000F9E
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!VirtualProtectEx 778A8D7E 5 Bytes JMP 01000056
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExA 778A9469 5 Bytes JMP 01000F8D
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryA
  • 0

#7
maccini

maccini

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
GMER Cont.....

.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryA 778A9491 5 Bytes JMP 01000FB9
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreatePipe 778B0284 5 Bytes JMP 01000067
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetProcAddress 778CB8B6 5 Bytes JMP 010000C9
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateFileW 778CCC4E 5 Bytes JMP 01000FE5
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateFileA 778CCF71 5 Bytes JMP 01000000
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeA 779141F6 5 Bytes JMP 0100001B
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!WinExec 779153E7 5 Bytes JMP 01000093
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExA 7751B5E7 5 Bytes JMP 00DB0047
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyA 7751B8AE 5 Bytes JMP 00DB0FAF
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyA 77520BF5 5 Bytes JMP 00DB0000
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyW 7752B83D 5 Bytes JMP 00DB0036
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExW 7752BCE1 5 Bytes JMP 00DB0062
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExA 7752D4E8 5 Bytes JMP 00DB001B
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyW 77533CB0 5 Bytes JMP 00DB0FE5
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExW 7753F09D 5 Bytes JMP 00DB0FCA
.text C:\Windows\system32\svchost.exe[1448] WS2_32.dll!socket 75FA36D1 5 Bytes JMP 00D40000
.text C:\Windows\system32\svchost.exe[1448] WinInet.dll!InternetOpenA 770103DD 5 Bytes JMP 00DA0000
.text C:\Windows\system32\svchost.exe[1448] WinInet.dll!InternetOpenUrlA 770120A3 5 Bytes JMP 00DA0022
.text C:\Windows\system32\svchost.exe[1448] WinInet.dll!InternetOpenW 77012A58 5 Bytes JMP 00DA0011
.text C:\Windows\system32\svchost.exe[1448] WinInet.dll!InternetOpenUrlW 7705AF79 5 Bytes JMP 00DA0FDB
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!GetStartupInfoW 77881929 5 Bytes JMP 00DB0F68
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!GetStartupInfoA 778819C9 5 Bytes JMP 00DB0F79
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!CreateProcessW 77881C01 5 Bytes JMP 00DB00F5
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!CreateProcessA 77881C36 5 Bytes JMP 00DB00D0
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!VirtualProtect 77881DD1 5 Bytes JMP 00DB0090
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!CreateNamedPipeW 77885C44 5 Bytes JMP 00DB0FCA
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!LoadLibraryExW 778A30C3 5 Bytes JMP 00DB0073
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!LoadLibraryW 778A361F 5 Bytes JMP 00DB0047
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!VirtualProtectEx 778A8D7E 5 Bytes JMP 00DB0F9B
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!LoadLibraryExA 778A9469 5 Bytes JMP 00DB0058
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!LoadLibraryA 778A9491 5 Bytes JMP 00DB0036
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!CreatePipe 778B0284 5 Bytes JMP 00DB0F8A
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!GetProcAddress 778CB8B6 5 Bytes JMP 00DB0F43
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!CreateFileW 778CCC4E 5 Bytes JMP 00DB001B
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!CreateFileA 778CCF71 5 Bytes JMP 00DB0000
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!CreateNamedPipeA 779141F6 5 Bytes JMP 00DB0FDB
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!WinExec 779153E7 5 Bytes JMP 00DB00BF
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyExA 7751B5E7 5 Bytes JMP 00D6003D
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyA 7751B8AE 5 Bytes JMP 00D60F9B
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyA 77520BF5 5 Bytes JMP 00D60FE5
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyW 7752B83D 5 Bytes JMP 00D60022
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyExW 7752BCE1 5 Bytes JMP 00D60F80
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyExA 7752D4E8 5 Bytes JMP 00D60FC0
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyW 77533CB0 5 Bytes JMP 00D60000
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyExW 7753F09D 5 Bytes JMP 00D60011
.text C:\Windows\system32\svchost.exe[1624] WS2_32.dll!socket 75FA36D1 5 Bytes JMP 00580000
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!GetStartupInfoW 77881929 5 Bytes JMP 003B00CE
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!GetStartupInfoA 778819C9 5 Bytes JMP 003B00B3
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!CreateProcessW 77881C01 5 Bytes JMP 003B0F41
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!CreateProcessA 77881C36 5 Bytes JMP 003B0F52
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!VirtualProtect 77881DD1 5 Bytes JMP 003B0F92
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!CreateNamedPipeW 77885C44 5 Bytes JMP 003B0040
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!LoadLibraryExW 778A30C3 5 Bytes JMP 003B006C
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!LoadLibraryW 778A361F 5 Bytes JMP 003B0051
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!VirtualProtectEx 778A8D7E 5 Bytes JMP 003B0087
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!LoadLibraryExA 778A9469 5 Bytes JMP 003B0FAF
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!LoadLibraryA 778A9491 5 Bytes JMP 003B0FCA
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!CreatePipe 778B0284 5 Bytes JMP 003B00A2
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!GetProcAddress 778CB8B6 5 Bytes JMP 003B0F30
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!CreateFileW 778CCC4E 5 Bytes JMP 003B000A
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!CreateFileA 778CCF71 5 Bytes JMP 003B0FEF
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!CreateNamedPipeA 779141F6 5 Bytes JMP 003B002F
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!WinExec 779153E7 5 Bytes JMP 003B0F6D
.text C:\Windows\system32\svchost.exe[1988] ADVAPI32.dll!RegCreateKeyExA 7751B5E7 5 Bytes JMP 00320F9E
.text C:\Windows\system32\svchost.exe[1988] ADVAPI32.dll!RegCreateKeyA 7751B8AE 5 Bytes JMP 00320FB9
.text C:\Windows\system32\svchost.exe[1988] ADVAPI32.dll!RegOpenKeyA 77520BF5 5 Bytes JMP 00320FEF
.text C:\Windows\system32\svchost.exe[1988] ADVAPI32.dll!RegCreateKeyW 7752B83D 5 Bytes JMP 00320036
.text C:\Windows\system32\svchost.exe[1988] ADVAPI32.dll!RegCreateKeyExW 7752BCE1 5 Bytes JMP 00320051
.text C:\Windows\system32\svchost.exe[1988] ADVAPI32.dll!RegOpenKeyExA 7752D4E8 5 Bytes JMP 00320FD4
.text C:\Windows\system32\svchost.exe[1988] ADVAPI32.dll!RegOpenKeyW 77533CB0 5 Bytes JMP 0032000A
.text C:\Windows\system32\svchost.exe[1988] ADVAPI32.dll!RegOpenKeyExW 7753F09D 5 Bytes JMP 0032001B
.text C:\Windows\system32\svchost.exe[1988] WS2_32.dll!socket 75FA36D1 5 Bytes JMP 00280FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2140] kernel32.dll!LoadLibraryW 778A361F 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2140] kernel32.dll!LoadLibraryA 778A9491 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!GetStartupInfoW 77881929 5 Bytes JMP 001A0F59
.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!GetStartupInfoA 778819C9 5 Bytes JMP 001A009F
.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!CreateProcessW 77881C01 5 Bytes JMP 001A00FA
.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!CreateProcessA 77881C36 5 Bytes JMP 001A00DF
.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!VirtualProtect 77881DD1 5 Bytes JMP 001A0073
.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!CreateNamedPipeW 77885C44 5 Bytes JMP 001A001B
.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!LoadLibraryExW 778A30C3 5 Bytes JMP 001A0062
.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!LoadLibraryW 778A361F 5 Bytes JMP 001A0FAF
.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!VirtualProtectEx 778A8D7E 5 Bytes JMP 001A0F7E
.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!LoadLibraryExA 778A9469 5 Bytes JMP 001A0051
.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!LoadLibraryA 778A9491 5 Bytes JMP 001A0036
.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!CreatePipe 778B0284 5 Bytes JMP 001A008E
.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!GetProcAddress 778CB8B6 5 Bytes JMP 001A010B
.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!CreateFileW 778CCC4E 5 Bytes JMP 001A000A
.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!CreateFileA 778CCF71 5 Bytes JMP 001A0FEF
.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!CreateNamedPipeA 779141F6 5 Bytes JMP 001A0FD4
.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!WinExec 779153E7 5 Bytes JMP 001A00C4
.text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegCreateKeyExA 7751B5E7 5 Bytes JMP 00190F83
.text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegCreateKeyA 7751B8AE 5 Bytes JMP 00190025
.text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegOpenKeyA 77520BF5 5 Bytes JMP 00190FEF
.text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegCreateKeyW 7752B83D 5 Bytes JMP 00190F94
.text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegCreateKeyExW 7752BCE1 5 Bytes JMP 00190040
.text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegOpenKeyExA 7752D4E8 5 Bytes JMP 00190FD4
.text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegOpenKeyW 77533CB0 5 Bytes JMP 0019000A
.text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegOpenKeyExW 7753F09D 5 Bytes JMP 00190FC3
.text C:\Windows\system32\svchost.exe[2412] WS2_32.dll!socket 75FA36D1 5 Bytes JMP 00100FEF
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!GetStartupInfoW 77881929 5 Bytes JMP 005700CE
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!GetStartupInfoA 778819C9 5 Bytes JMP 00570F88
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateProcessW 77881C01 5 Bytes JMP 00570104
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateProcessA 77881C36 5 Bytes JMP 00570F6D
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!VirtualProtect 77881DD1 5 Bytes JMP 00570098
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateNamedPipeW 77885C44 5 Bytes JMP 0057002F
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryExW 778A30C3 5 Bytes JMP 00570087
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryW 778A361F 5 Bytes JMP 0057005B
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!VirtualProtectEx 778A8D7E 5 Bytes JMP 005700B3
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryExA 778A9469 5 Bytes JMP 00570076
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryA 778A9491 5 Bytes JMP 0057004A
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreatePipe 778B0284 5 Bytes JMP 00570FA3
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!GetProcAddress 778CB8B6 5 Bytes JMP 00570F52
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateFileW 778CCC4E 5 Bytes JMP 00570FEF
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateFileA 778CCF71 5 Bytes JMP 0057000A
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateNamedPipeA 779141F6 5 Bytes JMP 00570FDE
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!WinExec 779153E7 5 Bytes JMP 005700E9
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegCreateKeyExA 7751B5E7 5 Bytes JMP 00200F91
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegCreateKeyA 7751B8AE 5 Bytes JMP 00200033
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegOpenKeyA 77520BF5 5 Bytes JMP 00200FEF
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegCreateKeyW 7752B83D 5 Bytes JMP 00200FAC
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegCreateKeyExW 7752BCE1 5 Bytes JMP 00200F76
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegOpenKeyExA 7752D4E8 5 Bytes JMP 00200011
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegOpenKeyW 77533CB0 5 Bytes JMP 00200000
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegOpenKeyExW 7753F09D 5 Bytes JMP 00200022
.text C:\Windows\system32\svchost.exe[2740] WS2_32.dll!socket 75FA36D1 5 Bytes JMP 00180FE5
.text C:\Windows\System32\svchost.exe[3080] kernel32.dll!GetStartupInfoW 77881929 5 Bytes JMP 000700C4
.text C:\Windows\System32\svchost.exe[3080] kernel32.dll!GetStartupInfoA 778819C9 5 Bytes JMP 000700B3
.text C:\Windows\System32\svchost.exe[3080] kernel32.dll!CreateProcessW 77881C01 5 Bytes JMP 00070F52
.text C:\Windows\System32\svchost.exe[3080] kernel32.dll!CreateProcessA 77881C36 5 Bytes JMP 000700F3
.text C:\Windows\System32\svchost.exe[3080] kernel32.dll!VirtualProtect 77881DD1 5 Bytes JMP 00070F7E
.text C:\Windows\System32\svchost.exe[3080] kernel32.dll!CreateNamedPipeW 77885C44 5 Bytes JMP 0007002C
.text C:\Windows\System32\svchost.exe[3080] kernel32.dll!LoadLibraryExW 778A30C3 5 Bytes JMP 00070062
.text C:\Windows\System32\svchost.exe[3080] kernel32.dll!LoadLibraryW 778A361F 5 Bytes JMP 00070047
.text C:\Windows\System32\svchost.exe[3080] kernel32.dll!VirtualProtectEx 778A8D7E 5 Bytes JMP 00070073
.text C:\Windows\System32\svchost.exe[3080] kernel32.dll!LoadLibraryExA 778A9469 5 Bytes JMP 00070FA5
.text C:\Windows\System32\svchost.exe[3080] kernel32.dll!LoadLibraryA 778A9491 5 Bytes JMP 00070FCA
.text C:\Windows\System32\svchost.exe[3080] kernel32.dll!CreatePipe 778B0284 5 Bytes JMP 00070098
.text C:\Windows\System32\svchost.exe[3080] kernel32.dll!GetProcAddress 778CB8B6 5 Bytes JMP 00070F37
.text C:\Windows\System32\svchost.exe[3080] kernel32.dll!CreateFileW 778CCC4E 5 Bytes JMP 00070FE5
.text C:\Windows\System32\svchost.exe[3080] kernel32.dll!CreateFileA 778CCF71 5 Bytes JMP 00070000
.text C:\Windows\System32\svchost.exe[3080] kernel32.dll!CreateNamedPipeA 779141F6 5 Bytes JMP 0007001B
.text C:\Windows\System32\svchost.exe[3080] kernel32.dll!WinExec 779153E7 5 Bytes JMP 00070F6D
.text C:\Windows\System32\svchost.exe[3080] ADVAPI32.dll!RegCreateKeyExA 7751B5E7 5 Bytes JMP 00060058
.text C:\Windows\System32\svchost.exe[3080] ADVAPI32.dll!RegCreateKeyA 7751B8AE 5 Bytes JMP 00060047
.text C:\Windows\System32\svchost.exe[3080] ADVAPI32.dll!RegOpenKeyA 77520BF5 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[3080] ADVAPI32.dll!RegCreateKeyW 7752B83D 5 Bytes JMP 00060FC0
.text C:\Windows\System32\svchost.exe[3080] ADVAPI32.dll!RegCreateKeyExW 7752BCE1 5 Bytes JMP 00060F91
.text C:\Windows\System32\svchost.exe[3080] ADVAPI32.dll!RegOpenKeyExA 7752D4E8 5 Bytes JMP 0006002C
.text C:\Windows\System32\svchost.exe[3080] ADVAPI32.dll!RegOpenKeyW 77533CB0 5 Bytes JMP 0006001B
.text C:\Windows\System32\svchost.exe[3080] ADVAPI32.dll!RegOpenKeyExW 7753F09D 5 Bytes JMP 00060FE5
.text C:\Windows\Explorer.exe[4464] kernel32.dll!GetStartupInfoW 77881929 5 Bytes JMP 000100A9
.text C:\Windows\Explorer.exe[4464] kernel32.dll!GetStartupInfoA 778819C9 5 Bytes JMP 00010F63
.text C:\Windows\Explorer.exe[4464] kernel32.dll!CreateProcessW 77881C01 5 Bytes JMP 00010F2D
.text C:\Windows\Explorer.exe[4464] kernel32.dll!CreateProcessA 77881C36 5 Bytes JMP 000100C4
.text C:\Windows\Explorer.exe[4464] kernel32.dll!VirtualProtect 77881DD1 5 Bytes JMP 00010F8F
.text C:\Windows\Explorer.exe[4464] kernel32.dll!CreateNamedPipeW 77885C44 5 Bytes JMP 0001001B
.text C:\Windows\Explorer.exe[4464] kernel32.dll!LoadLibraryExW 778A30C3 5 Bytes JMP 00010069
.text C:\Windows\Explorer.exe[4464] kernel32.dll!LoadLibraryW 778A361F 5 Bytes JMP 00010047
.text C:\Windows\Explorer.exe[4464] kernel32.dll!VirtualProtectEx 778A8D7E 5 Bytes JMP 00010084
.text C:\Windows\Explorer.exe[4464] kernel32.dll!LoadLibraryExA 778A9469 5 Bytes JMP 00010058
.text C:\Windows\Explorer.exe[4464] kernel32.dll!LoadLibraryA 778A9491 5 Bytes JMP 0001002C
.text C:\Windows\Explorer.exe[4464] kernel32.dll!CreatePipe 778B0284 5 Bytes JMP 00010F74
.text C:\Windows\Explorer.exe[4464] kernel32.dll!GetProcAddress 778CB8B6 5 Bytes JMP 00010F12
.text C:\Windows\Explorer.exe[4464] kernel32.dll!CreateFileW 778CCC4E 5 Bytes JMP 00010000
.text C:\Windows\Explorer.exe[4464] kernel32.dll!CreateFileA 778CCF71 5 Bytes JMP 00010FEF
.text C:\Windows\Explorer.exe[4464] kernel32.dll!CreateNamedPipeA 779141F6 5 Bytes JMP 00010FCA
.text C:\Windows\Explorer.exe[4464] kernel32.dll!WinExec 779153E7 5 Bytes JMP 00010F48
.text C:\Windows\Explorer.exe[4464] ADVAPI32.dll!RegCreateKeyExA 7751B5E7 5 Bytes JMP 00050058
.text C:\Windows\Explorer.exe[4464] ADVAPI32.dll!RegCreateKeyA 7751B8AE 5 Bytes JMP 00050036
.text C:\Windows\Explorer.exe[4464] ADVAPI32.dll!RegOpenKeyA 77520BF5 5 Bytes JMP 00050000
.text C:\Windows\Explorer.exe[4464] ADVAPI32.dll!RegCreateKeyW 7752B83D 5 Bytes JMP 00050047
.text C:\Windows\Explorer.exe[4464] ADVAPI32.dll!RegCreateKeyExW 7752BCE1 5 Bytes JMP 00050F9B
.text C:\Windows\Explorer.exe[4464] ADVAPI32.dll!RegOpenKeyExA 7752D4E8 5 Bytes JMP 00050FE5
.text C:\Windows\Explorer.exe[4464] ADVAPI32.dll!RegOpenKeyW 77533CB0 5 Bytes JMP 0005001B
.text C:\Windows\Explorer.exe[4464] ADVAPI32.dll!RegOpenKeyExW 7753F09D 5 Bytes JMP 00050FC0
.text C:\Windows\Explorer.exe[4464] WININET.dll!InternetOpenA 770103DD 5 Bytes JMP 008E0FEF
.text C:\Windows\Explorer.exe[4464] WININET.dll!InternetOpenUrlA 770120A3 5 Bytes JMP 008E0014
.text C:\Windows\Explorer.exe[4464] WININET.dll!InternetOpenW 77012A58 5 Bytes JMP 008E0FDE
.text C:\Windows\Explorer.exe[4464] WININET.dll!InternetOpenUrlW 7705AF79 5 Bytes JMP 008E0025
.text C:\Windows\Explorer.exe[4464] WS2_32.dll!socket 75FA36D1 5 Bytes JMP 03790FEF

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA]
  • 0

#8
maccini

maccini

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
--- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[12] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe[4236] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\user32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\user32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\user32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\user32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[4936] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
  • 0

#9
maccini

maccini

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
GMER Cont...



---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Files - GMER 1.0.14 ----

File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\bmgrmode.dat 29 bytes
File C:\RRbackups\common\css.dat 8192 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 110 bytes
File C:\RRbackups\common\rr.log 7985 bytes
File C:\RRbackups\common\rr_bcdenum.dat 4160 bytes
File C:\RRbackups\common\SAM 98304 bytes
File C:\RRbackups\common\seccache.dat 8192 bytes
File C:\RRbackups\common\secpolicy.dat 24576 bytes
File C:\RRbackups\common\settings.dat 32768 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\usersids.dat 14560 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1737692862-350434438-2812127596-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1737692862-350434438-2812127596-500\8f71098770f72c7a67cd8f1151619865_9ddf515f-f1ea-48b3-a0e0-0fec4bf348c2 54 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1737692862-350434438-2812127596-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1737692862-350434438-2812127596-500\7b2d1641-c4d4-4325-921d-27259040d21a 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1737692862-350434438-2812127596-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-2269395964-3629036801-3450486125-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-2269395964-3629036801-3450486125-500\45a22690-2945-4572-b508-aa3a2e38a0f1 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-2269395964-3629036801-3450486125-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Guest 0 bytes
File C:\RRbackups\Documents and Settings\Guest\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Guest\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Guest\AppData\Roaming\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Guest\AppData\Roaming\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Guest\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Guest\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Guest\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Guest\AppData\Roaming\Microsoft\Protect\S-1-5-21-1737692862-350434438-2812127596-501 0 bytes
File C:\RRbackups\Documents and Settings\Guest\AppData\Roaming\Microsoft\Protect\S-1-5-21-1737692862-350434438-2812127596-501\2d2ba1cd-116b-41da-a13e-197510cfea78 388 bytes
File C:\RRbackups\Documents and Settings\Guest\AppData\Roaming\Microsoft\Protect\S-1-5-21-1737692862-350434438-2812127596-501\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Guest\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Guest\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Guest\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Guest\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Guest\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\ihateaol 0 bytes
File C:\RRbackups\Documents and Settings\ihateaol\AppData 0 bytes
File C:\RRbackups\Documents and Settings\ihateaol\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\ihateaol\AppData\Roaming\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\ihateaol\AppData\Roaming\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\ihateaol\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\ihateaol\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\ihateaol\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\ihateaol\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1737692862-350434438-2812127596-1005 0 bytes
File C:\RRbackups\Documents and Settings\ihateaol\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1737692862-350434438-2812127596-1005\8f71098770f72c7a67cd8f1151619865_9ddf515f-f1ea-48b3-a0e0-0fec4bf348c2 54 bytes
File C:\RRbackups\Documents and Settings\ihateaol\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\ihateaol\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\ihateaol\AppData\Roaming\Microsoft\Protect\S-1-5-21-1737692862-350434438-2812127596-1005 0 bytes
File C:\RRbackups\Documents and Settings\ihateaol\AppData\Roaming\Microsoft\Protect\S-1-5-21-1737692862-350434438-2812127596-1005\14ecd10b-4f32-40fe-8579-0b47b78062cc 388 bytes
File C:\RRbackups\Documents and Settings\ihateaol\AppData\Roaming\Microsoft\Protect\S-1-5-21-1737692862-350434438-2812127596-1005\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\ihateaol\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\ihateaol\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\ihateaol\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\ihateaol\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\ihateaol\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Palm Springs 0 bytes
File C:\RRbackups\Documents and Settings\Palm Springs\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Palm Springs\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Palm Springs\AppData\Roaming\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Palm Springs\AppData\Roaming\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Palm Springs\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Palm Springs\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Palm Springs\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Palm Springs\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1737692862-350434438-2812127596-1004 0 bytes
File C:\RRbackups\Documents and Settings\Palm Springs\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1737692862-350434438-2812127596-1004\8f71098770f72c7a67cd8f1151619865_9ddf515f-f1ea-48b3-a0e0-0fec4bf348c2 54 bytes
File C:\RRbackups\Documents and Settings\Palm Springs\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Palm Springs\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Palm Springs\AppData\Roaming\Microsoft\Protect\S-1-5-21-1737692862-350434438-2812127596-1004 0 bytes
File C:\RRbackups\Documents and Settings\Palm Springs\AppData\Roaming\Microsoft\Protect\S-1-5-21-1737692862-350434438-2812127596-1004\70c87378-6053-4aef-9317-8d766d76dec0 388 bytes
File C:\RRbackups\Documents and Settings\Palm Springs\AppData\Roaming\Microsoft\Protect\S-1-5-21-1737692862-350434438-2812127596-1004\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Palm Springs\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Palm Springs\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Palm Springs\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Palm Springs\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Palm Springs\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Rich 0 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1737692862-350434438-2812127596-1003 0 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1737692862-350434438-2812127596-1003\146482325737612d5fbcd71839d49d49_9ddf515f-f1ea-48b3-a0e0-0fec4bf348c2 50 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1737692862-350434438-2812127596-1003\62a45886e06c7d046ea8b819bec0598a_9ddf515f-f1ea-48b3-a0e0-0fec4bf348c2 45 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1737692862-350434438-2812127596-1003\6b29ae44e85efac3c72ff4d1865d73f1_9ddf515f-f1ea-48b3-a0e0-0fec4bf348c2 53 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1737692862-350434438-2812127596-1003\793d95fbcc0a8bb1a5f034e88190b665_9ddf515f-f1ea-48b3-a0e0-0fec4bf348c2 77 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1737692862-350434438-2812127596-1003\83aa4cc77f591dfc2374580bbd95f6ba_9ddf515f-f1ea-48b3-a0e0-0fec4bf348c2 45 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1737692862-350434438-2812127596-1003\8f71098770f72c7a67cd8f1151619865_9ddf515f-f1ea-48b3-a0e0-0fec4bf348c2 54 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1737692862-350434438-2812127596-1003\b2431aded4ade548c423eb72b237e546_9ddf515f-f1ea-48b3-a0e0-0fec4bf348c2 45 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Microsoft\Protect\S-1-5-21-1737692862-350434438-2812127596-1003 0 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Microsoft\Protect\S-1-5-21-1737692862-350434438-2812127596-1003\2bb3ce07-7a8e-4a17-adda-a7eba5c6195e 388 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Microsoft\Protect\S-1-5-21-1737692862-350434438-2812127596-1003\4d8a3d06-f897-4c88-ac26-dd70ce6cf316 388 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Microsoft\Protect\S-1-5-21-1737692862-350434438-2812127596-1003\7e1a3fbb-540f-4d71-9a47-4870c86f6898 388 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Microsoft\Protect\S-1-5-21-1737692862-350434438-2812127596-1003\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Rich\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\ProgramData 0 bytes
File C:\RRbackups\ProgramData\Lenovo 0 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\ProgramData\Microsoft 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\404b466b6bfefd5de0c0a19f33336d46_9ddf515f-f1ea-48b3-a0e0-0fec4bf348c2 1753 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_9ddf515f-f1ea-48b3-a0e0-0fec4bf348c2 52 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4a83060920cae32caf902bed48d1fdd9_9ddf515f-f1ea-48b3-a0e0-0fec4bf348c2 58 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\62a45886e06c7d046ea8b819bec0598a_9ddf515f-f1ea-48b3-a0e0-0fec4bf348c2 45 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_9ddf515f-f1ea-48b3-a0e0-0fec4bf348c2 47 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_9ddf515f-f1ea-48b3-a0e0-0fec4bf348c2 54 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\94348ade95b67e8f2e884ed7b348b833_9ddf515f-f1ea-48b3-a0e0-0fec4bf348c2 59 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\b973ec0ff915c48a18fe09064ce3a22d_9ddf515f-f1ea-48b3-a0e0-0fec4bf348c2 56 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_9ddf515f-f1ea-48b3-a0e0-0fec4bf348c2 893 bytes

---- EOF - GMER 1.0.14 ----
  • 0

#10
maccini

maccini

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OK, that was all of the files. I over lapped some of the posts so you could see where I started and ended. If you need me to e-mail you the files themselves just let me know.

Thanks,

-Rich
  • 0

Advertisements


#11
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :files
    C:\Windows\xwbsp37588.exe
    C:\Windows\mwsnu6641.exe
    C:\Windows\lujl83531.exe
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )
==========
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
  • 0

#12
maccini

maccini

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OK, done. I run MBAM all the time. I use it with adaware and spyware dr. I don't know why it hasn't caught the infections.


OTListIt logfile created on: 2/21/2009 19:49:31 - Run 4
OTListIt2 by OldTimer - Version 2.0.1.0 Folder = C:\Users\Rich\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 45.19% Memory free
4.00 Gb Paging File | 2.72 Gb Available in Paging File | 68.06% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.82 Gb Total Space | 106.97 Gb Free Space | 77.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 9.77 Gb Total Space | 4.05 Gb Free Space | 41.49% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 47.07% Space Free | Partition Type: NTFS

Computer Name: RICH-PC
Current User Name: Rich
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Windows\system32\ibmpmsvc.exe (Lenovo)
PRC - C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe ()
PRC - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe ()
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\DDNI\DIBS\DDNIService.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Windows\System32\TPHDEXLG.exe (Lenovo.)
PRC - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe (ATK0101)
PRC - C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe (Lenovo)
PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Windows\System32\TpShocks.exe (Lenovo.)
PRC - C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
PRC - C:\Windows\System32\igfxtray.exe (Intel Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - C:\Windows\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
PRC - C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Zoom\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE (Lenovo Group Limited)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\AOL 9.1\waol.exe (AOL, LLC.)
PRC - C:\Program Files\AOL 9.1\shellmon.exe (AOL, LLC.)
PRC - C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\Rich\Downloads\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AcPrfMgrSvc [Auto | Running]) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
SRV - (AcSvc [Auto | Running]) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ASLDRService [Auto | Running]) -- C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe ()
SRV - (ATKGFNEXSrv [Auto | Running]) -- C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe ()
SRV - (BcmSqlStartupSvc [Auto | Running]) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DDNIService [Auto | Running]) -- C:\Program Files\DDNI\DIBS\DDNIService.exe (Digital Delivery Networks, Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (IAANTMON [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (IBMPMSVC [Auto | Running]) -- C:\Windows\system32\ibmpmsvc.exe (Lenovo)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (IviRegMgr [Auto | Running]) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LFKAS [Auto | Running]) -- C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe ()
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSSQL$MSSMLBIZ [On_Demand | Stopped]) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Running]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Power Manager DBC Service [Auto | Running]) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (Roxio UPnP Renderer 10 [On_Demand | Stopped]) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 10 [Auto | Stopped]) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (RoxLiveShare10 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxMediaDB10 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (RoxWatch10 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (SessionLauncher [Auto | Stopped]) -- File not found
SRV - (SQLBrowser [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (SUService [Auto | Running]) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (ThinkVantage Registry Monitor Service [Auto | Running]) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (TPHDEXLGSVC [Auto | Running]) -- C:\Windows\System32\TPHDEXLG.exe (Lenovo.)
SRV - (TPHKSVC [Auto | Running]) -- C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (TSSCoreService [Auto | Running]) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo)
SRV - (TVT Backup Protection Service [Auto | Running]) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (TVT Backup Service [Auto | Running]) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (TVT Scheduler [Auto | Running]) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (TVT_UpdateMonitor [Auto | Stopped]) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
  • 0

#13
maccini

maccini

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (ASMMAP [Auto | Running]) -- C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys ()
DRV - (ASPI32 [System | Running]) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (athr [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\athr.sys (Atheros Communications, Inc.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cdrbsdrv [System | Running]) -- C:\Windows\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (CnxtHdAudService [On_Demand | Running]) -- C:\Windows\system32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (DLABMFSM [Auto | Running]) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLABOIOM [Auto | Running]) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLACDBHM [System | Running]) -- C:\Windows\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DLADResM [Auto | Running]) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAIFS_M [Auto | Running]) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAOPIOM [Auto | Running]) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLAPoolM [Auto | Running]) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLARTL_M [System | Running]) -- C:\Windows\System32\Drivers\DLARTL_M.SYS (Roxio)
DRV - (DLAUDFAM [Auto | Running]) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M [Auto | Running]) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DRVMCDB [Boot | Running]) -- C:\Windows\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\Windows\System32\Drivers\DRVNDDM.SYS (Roxio)
DRV - (dvd43llh [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\dvd43llh.sys (RIF)
DRV - (e1express [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\e1e6032.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (iaNvStor [Boot | Running]) -- C:\Windows\system32\DRIVERS\iaNvStor.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (IBMPMDRV [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\ibmpmdrv.sys (Lenovo.)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcHdmiAddService [On_Demand | Running]) -- C:\Windows\system32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (Lbd [Boot | Running]) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (lenovo.smi [System | Running]) -- C:\Windows\system32\DRIVERS\smiif32.sys (Lenovo Group Limited)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\Windows\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\Windows\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\Windows\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\Windows\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\Windows\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (MTsensor [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\A0101V32.sys (ATK0100)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (psadd [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\psadd.sys (Lenovo (United States) Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\Rtlh86.sys (Realtek Corporation )
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Shockprf [Boot | Running]) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (TPDIGIMN [Boot | Running]) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (TPM [On_Demand | Stopped]) -- C:\Windows\system32\drivers\tpm.sys (Microsoft Corporation)
DRV - (TPPWRIF [System | Running]) -- C:\Windows\System32\drivers\Tppwr32v.sys (Lenovo Group Limited)
DRV - (tvtfilter [Auto | Running]) -- C:\Windows\system32\DRIVERS\tvtfilter.sys (Lenovo)
DRV - (tvtumon [System | Stopped]) -- C:\Windows\system32\DRIVERS\tvtumon.sys (Lenovo)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (wanatw [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (WimFltr [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\wimfltr.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Invalid data type.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Invalid data type.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = Reg Error: Invalid data type.
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe (Lenovo)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent (Lenovo Group Limited)
O4 - HKLM..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (Lenovo Group Ltd.)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LPMailChecker] C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" (Sonic Solutions)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b (AOL, LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\system32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\autoexec.bat () - [ NTFS ]
O33 - MountPoints2\{5e3e12c9-dee8-11dd-a3bd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5e3e12c9-dee8-11dd-a3bd-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008/07/21 11:09:40 | 00,262,144 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{b6fd1f57-dee2-11dd-8193-00248c0597e0}\Shell - "" = AutoRun
O33 - MountPoints2\{b6fd1f57-dee2-11dd-8193-00248c0597e0}\Shell\AutoRun\command - "" = S:\LenovoSDrive.exe -- [2008/07/29 17:37:58 | 00,180,224 | -HS- | M] ()
  • 0

#14
maccini

maccini

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
========== Files/Folders - Created Within 30 Days ==========

[2009/02/21 19:46:53 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/02/21 19:38:20 | 00,000,691 | ---- | C] () -- C:\Users\Rich\AppData\Roaming\GetValue.vbs
[2009/02/21 19:38:20 | 00,000,035 | ---- | C] () -- C:\Users\Rich\AppData\Roaming\SetValue.bat
[2009/02/21 19:35:19 | 00,004,242 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2009/02/21 12:57:34 | 00,000,270 | -H-- | C] () -- C:\aaw7boot.cmd
[2009/02/21 09:29:08 | 00,000,250 | ---- | C] () -- C:\Windows\gmer.ini
[2009/02/21 09:29:06 | 00,884,736 | ---- | C] () -- C:\Windows\gmer.dll
[2009/02/21 09:29:06 | 00,085,969 | ---- | C] (GMER) -- C:\Windows\System32\drivers\gmer.sys
[2009/02/21 09:29:06 | 00,000,080 | ---- | C] () -- C:\Windows\gmer_uninstall.cmd
[2009/02/21 09:16:44 | 00,000,774 | ---- | C] () -- C:\Users\Rich\Desktop\gmer - Shortcut.lnk
[2009/02/21 09:16:33 | 00,000,851 | ---- | C] () -- C:\Users\Rich\Desktop\OTListIt2 - Shortcut.lnk
[2009/02/21 09:10:08 | 00,000,000 | ---D | C] -- C:\Windows\LastGood
[2009/02/20 22:03:00 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/02/20 22:03:00 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/02/20 22:03:00 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\Windows\fdsv.exe
[2009/02/20 22:03:00 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/02/20 22:03:00 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/02/20 22:03:00 | 00,049,152 | ---- | C] () -- C:\Windows\VFIND.exe
[2009/02/20 22:02:23 | 00,000,846 | ---- | C] () -- C:\Users\Rich\Desktop\ComboFix - Shortcut.lnk
[2009/02/20 22:00:20 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/02/20 22:00:20 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/02/17 23:38:33 | 00,001,065 | ---- | C] () -- C:\Users\Rich\Desktop\Spybot - Search & Destroy.lnk
[2009/02/17 23:38:28 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/02/17 23:38:28 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/02/17 06:48:34 | 00,000,000 | ---D | C] -- C:\Program Files\MetaStream
[2009/02/17 06:28:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2009/02/17 01:16:41 | 00,001,884 | ---- | C] () -- C:\Users\Rich\Desktop\HijackThis.lnk
[2009/02/17 01:16:41 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/02/16 16:37:41 | 02,565,753 | -H-- | C] () -- C:\Users\Rich\AppData\Local\IconCache.db
[2009/02/16 08:31:01 | 21,110,82496 | -HS- | C] () -- C:\hiberfil.sys
[2009/02/16 05:04:54 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/02/16 00:09:25 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/02/16 00:09:21 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/02/16 00:07:59 | 00,000,000 | -H-D | C] -- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/02/16 00:07:58 | 00,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/02/16 00:07:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/02/16 00:07:49 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/02/15 17:42:28 | 00,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2009/02/15 17:42:21 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\hrlhssvc
[2009/02/15 16:46:36 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/02/14 15:26:48 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Talkback
[2009/02/14 15:26:34 | 00,001,734 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/02/14 11:57:19 | 00,000,000 | ---D | C] -- C:\Program Files\Sony Corporation
[2009/02/14 01:08:20 | 00,000,000 | ---D | C] -- C:\Users\Rich\Documents\DRUNKS
[2009/02/14 01:08:10 | 02,540,256 | ---- | C] () -- C:\Users\Rich\Documents\DRUNKS.zip
[2009/02/11 11:24:16 | 00,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2009/02/11 10:05:24 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/02/11 06:45:31 | 03,580,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/02/11 06:45:30 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/02/11 06:45:30 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/02/11 06:45:28 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/02/11 06:45:28 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/02/11 06:45:27 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/02/11 06:45:24 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/02/11 06:45:22 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/02/11 06:45:21 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/02/09 15:57:25 | 00,000,000 | ---D | C] -- C:\Users\Rich\Desktop\Abbie
[2009/02/09 15:57:16 | 00,000,000 | ---D | C] -- C:\Users\Rich\Desktop\palm springs
[2009/02/06 16:42:06 | 00,000,784 | ---- | C] () -- C:\Windows\System32\Local Area Connection.xml
[2009/02/03 00:52:27 | 00,006,144 | ---- | C] () -- C:\Users\Rich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/03 00:46:21 | 00,000,608 | ---- | C] () -- C:\Users\Rich\Desktop\new-osha300form1-1-04.lnk
[2009/02/02 23:36:21 | 04,740,542 | ---- | C] () -- C:\Users\Rich\Documents\[bleep]-Wife.wmv
[2009/02/02 19:39:42 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/02/02 19:39:41 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/02/02 19:39:41 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/02/02 19:39:41 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/02/02 19:39:40 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/02/02 19:39:40 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/02/02 19:39:39 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/02/02 19:39:36 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/02/02 19:32:57 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/02/02 19:32:53 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/02/02 19:32:52 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/02/02 19:32:35 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/02/02 19:32:26 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/02/02 14:30:29 | 00,009,872 | ---- | C] () -- C:\Users\Rich\Documents\Audio login.docx
[2009/01/31 19:18:52 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\LimeWire
[2009/01/31 19:18:44 | 00,001,714 | ---- | C] () -- C:\Users\Rich\Desktop\LimeWire 4.14.10.lnk
[2009/01/31 19:18:35 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2009/01/31 18:28:16 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Apple Computer
[2009/01/31 18:28:16 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Apple Computer
[2009/01/31 18:28:08 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/01/31 18:28:00 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/01/31 18:27:43 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/01/31 18:27:40 | 00,000,000 | ---D | C] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/01/31 18:27:40 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/01/31 18:27:14 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/01/31 18:26:51 | 00,001,736 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/01/31 18:26:32 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/01/31 18:26:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/01/31 18:26:11 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Apple
[2009/01/31 18:26:08 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/01/31 18:25:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/01/31 18:25:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/01/31 17:08:51 | 00,011,682 | ---- | C] () -- C:\Users\Rich\Documents\Sarah School.docx
[2009/01/31 17:05:17 | 00,286,208 | ---- | C] (The Strangely Green Chicken Company) -- C:\Users\Rich\Desktop\Copy of Cleanup.exe
[2009/01/31 17:05:17 | 00,024,064 | ---- | C] () -- C:\Users\Rich\Desktop\Electronic Signature.doc
[2009/01/30 20:08:50 | 00,000,000 | ---D | C] -- C:\Users\Rich\Desktop\DVD Burning Software
[2009/01/30 19:57:24 | 00,018,816 | ---- | C] (RIF) -- C:\Windows\System32\drivers\dvd43llh.sys
[2009/01/30 19:57:24 | 00,000,000 | ---D | C] -- C:\Program Files\dvd43
[2009/01/30 19:54:05 | 00,045,056 | ---- | C] (Adaptec) -- C:\Windows\System32\WNASPI32.DLL
[2009/01/30 19:54:05 | 00,025,244 | ---- | C] (Adaptec) -- C:\Windows\System32\drivers\ASPI32.SYS
[2009/01/30 19:54:05 | 00,005,600 | ---- | C] (Adaptec) -- C:\Windows\System\WINASPI.DLL
[2009/01/30 19:54:05 | 00,004,672 | ---- | C] (Adaptec) -- C:\Windows\System\WOWPOST.EXE
[2009/01/30 19:54:03 | 00,000,000 | ---D | C] -- C:\Program Files\EasyDVDShrink
[2009/01/30 19:50:41 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2009/01/30 12:14:10 | 05,122,813 | ---- | C] () -- C:\Users\Rich\Desktop\RobinHood-FX-1.wmv
[2009/01/30 12:11:40 | 02,374,238 | ---- | C] () -- C:\Users\Rich\Desktop\RobinHood-FX.pdf
[2009/01/27 07:08:13 | 00,000,000 | ---- | C] () -- C:\Users\Public\Documents\AcSvc.dmp
[2009/01/26 01:04:54 | 00,000,000 | ---D | C] -- C:\Users\Rich\Documents\RER Soft, Inc
[2009/01/26 00:28:37 | 00,000,034 | -H-- | C] () -- C:\Windows\System32\VideoConverter_sysquict.dat
[2009/01/26 00:28:29 | 00,000,000 | ---D | C] -- C:\Program Files\A123 MOV to AVI WMV DVD MPEG MP4 MOV Converter
[2009/01/26 00:27:57 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Download Manager
[2009/01/26 00:13:57 | 00,000,000 | ---D | C] -- C:\Users\Rich\Documents\TMPGEnc Authoring Works 4
[2009/01/26 00:13:10 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Pegasys Inc
[2009/01/26 00:11:40 | 00,145,504 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
[2009/01/26 00:11:40 | 00,059,488 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\GenSvcInst.exe
[2009/01/26 00:11:40 | 00,013,567 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\drivers\CDRBSDRV.SYS
[2009/01/23 10:00:26 | 00,001,356 | ---- | C] () -- C:\Users\Rich\AppData\Local\d3d9caps.dat
[2009/01/22 21:13:38 | 00,000,000 | ---D | C] -- C:\Program Files\SiteAdvisor

========== Files - Modified Within 30 Days ==========

[2009/02/21 19:51:00 | 00,000,252 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2009/02/21 19:38:53 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/02/21 19:38:20 | 00,000,691 | ---- | M] () -- C:\Users\Rich\AppData\Roaming\GetValue.vbs
[2009/02/21 19:38:20 | 00,000,035 | ---- | M] () -- C:\Users\Rich\AppData\Roaming\SetValue.bat
[2009/02/21 19:38:19 | 00,004,242 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2009/02/21 18:33:45 | 00,017,753 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/02/21 18:08:50 | 00,000,324 | ---- | M] () -- C:\Windows\win.ini
[2009/02/21 18:07:48 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/02/21 18:07:48 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/02/21 12:57:34 | 00,000,270 | -H-- | M] () -- C:\aaw7boot.cmd
[2009/02/21 09:29:08 | 00,000,250 | ---- | M] () -- C:\Windows\gmer.ini
[2009/02/21 09:29:06 | 00,884,736 | ---- | M] () -- C:\Windows\gmer.dll
[2009/02/21 09:29:06 | 00,085,969 | ---- | M] (GMER) -- C:\Windows\System32\drivers\gmer.sys
[2009/02/21 09:29:06 | 00,000,080 | ---- | M] () -- C:\Windows\gmer_uninstall.cmd
[2009/02/21 09:28:56 | 00,811,008 | R--- | M] () -- C:\Windows\gmer.exe
[2009/02/21 09:16:44 | 00,000,774 | ---- | M] () -- C:\Users\Rich\Desktop\gmer - Shortcut.lnk
[2009/02/21 09:16:33 | 00,000,851 | ---- | M] () -- C:\Users\Rich\Desktop\OTListIt2 - Shortcut.lnk
[2009/02/20 22:08:36 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/02/20 22:08:17 | 00,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2009/02/20 22:07:14 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/02/20 22:07:12 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/02/20 22:07:10 | 21,110,82496 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/20 22:02:23 | 00,000,846 | ---- | M] () -- C:\Users\Rich\Desktop\ComboFix - Shortcut.lnk
[2009/02/20 21:00:41 | 02,565,753 | -H-- | M] () -- C:\Users\Rich\AppData\Local\IconCache.db
[2009/02/20 14:49:53 | 00,001,724 | -H-- | M] () -- C:\Users\Rich\Documents\Default.rdp
[2009/02/17 23:38:33 | 00,001,065 | ---- | M] () -- C:\Users\Rich\Desktop\Spybot - Search & Destroy.lnk
[2009/02/17 06:27:54 | 00,775,020 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/02/17 06:27:54 | 00,645,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/02/17 06:27:54 | 00,119,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/02/17 01:16:41 | 00,001,884 | ---- | M] () -- C:\Users\Rich\Desktop\HijackThis.lnk
[2009/02/16 08:21:16 | 00,001,356 | ---- | M] () -- C:\Users\Rich\AppData\Local\d3d9caps.dat
[2009/02/16 00:10:34 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/02/16 00:09:17 | 00,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2009/02/16 00:09:09 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/02/16 00:07:58 | 00,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/02/15 17:42:28 | 00,132,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2009/02/15 17:39:50 | 00,006,144 | ---- | M] () -- C:\Users\Rich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/15 01:26:56 | 00,000,338 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2009/02/14 20:32:10 | 00,001,734 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/02/14 01:08:20 | 02,540,256 | ---- | M] () -- C:\Users\Rich\Documents\DRUNKS.zip
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/02/06 16:42:17 | 00,000,784 | ---- | M] () -- C:\Windows\System32\Local Area Connection.xml
[2009/02/03 18:21:12 | 21,244,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/02/03 00:46:21 | 00,000,608 | ---- | M] () -- C:\Users\Rich\Desktop\new-osha300form1-1-04.lnk
[2009/02/02 23:36:38 | 04,740,542 | ---- | M] () -- C:\Users\Rich\Documents\[bleep]-Wife.wmv
[2009/02/02 14:30:30 | 00,009,872 | ---- | M] () -- C:\Users\Rich\Documents\Audio login.docx
[2009/02/02 06:53:22 | 00,000,000 | ---- | M] () -- C:\Users\Public\Documents\AcSvc.dmp
[2009/02/01 01:00:17 | 00,000,330 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2009/01/31 19:18:44 | 00,001,714 | ---- | M] () -- C:\Users\Rich\Desktop\LimeWire 4.14.10.lnk
[2009/01/31 18:28:08 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/01/31 18:26:51 | 00,001,736 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/01/31 17:08:51 | 00,011,682 | ---- | M] () -- C:\Users\Rich\Documents\Sarah School.docx
[2009/01/30 19:57:24 | 00,018,816 | ---- | M] (RIF) -- C:\Windows\System32\drivers\dvd43llh.sys
[2009/01/30 12:14:10 | 05,122,813 | ---- | M] () -- C:\Users\Rich\Desktop\RobinHood-FX-1.wmv
[2009/01/30 12:11:53 | 02,374,238 | ---- | M] () -- C:\Users\Rich\Desktop\RobinHood-FX.pdf
[2009/01/26 07:40:11 | 00,413,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/01/26 00:28:37 | 00,000,034 | -H-- | M] () -- C:\Windows\System32\VideoConverter_sysquict.dat
[2009/01/26 00:10:34 | 00,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
[2009/01/26 00:10:34 | 00,059,488 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\GenSvcInst.exe
[2009/01/26 00:10:34 | 00,013,567 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\drivers\CDRBSDRV.SYS
[2009/01/23 10:12:00 | 00,000,436 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
  • 0

#15
maccini

maccini

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Malwarebytes' Anti-Malware 1.34
Database version: 1783
Windows 6.0.6001 Service Pack 1

2/21/2009 23:31:06
mbam-log-2009-02-21 (23-31-06).txt

Scan type: Full Scan (C:\|Q:\|S:\|)
Objects scanned: 201165
Time elapsed: 1 hour(s), 44 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP