justjoy

Members
  • Content Count

    20
  • Joined

  • Last visited

Community Reputation

0 Neutral

About justjoy

  • Rank
    Member
  1. Hello, On reboot I got a DOS error message....C:\windows\system32\cnd.exe could not find c:\avenger\*.reg and a windows error of no disk exception processing message c0000013 parameters 75b6bf9c 4.... here is the txt file Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\vgiqqltu ******************* Script file located at: \??\C:\jhujuidt.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR2.tmp deleted successfully. Completed script processing. ******************* Finished! Terminate. Joy
  2. And I do believe these are the other two syscheck Results of system analysis AVZ 4.29 [invalid url removed] List of processes File name PID Description Copyright MD5 Information c:\program files\common files\aol\acs\aolacsd.exe Script: Quarantine, Delete, BC delete, Terminate 1812 AOL Connectivity Service Copyright © 2001-2006 AOL LLC ?? 45.55 kb, RsAh, created: 10/23/2006 7:50:35 AM, modified: 10/23/2006 7:50:35 AM Command line: "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" c:\program files\common files\aol\1175982866\ee\aolsoftware.exe Script: Quarantine, Delete, BC delete, Terminate 3140 AOL Copyright © 2007 AOL LLC ?? 41.05 kb, rsAh, created: 4/12/2007 4:23:31 PM, modified: 4/12/2007 4:23:31 PM Command line: "C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe" /h servicehost.defaultGrp c:\windows\explorer.exe Script: Quarantine, Delete, BC delete, Terminate 944 Windows Explorer © Microsoft Corporation. All rights reserved. ?? 1009.00 kb, rsAh, created: 8/4/2004 7:00:00 AM, modified: 6/13/2007 5:23:07 AM Command line: C:\windows\Explorer.EXE c:\program files\hp\digital imaging\bin\hpqsrmon.exe Script: Quarantine, Delete, BC delete, Terminate 2648 HpqSRmon © Hewlett-Packard. All rights reserved. ?? 79.00 kb, rsAh, created: 8/22/2007 4:31:16 PM, modified: 8/22/2007 4:31:16 PM Command line: "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" c:\program files\common files\mcafee\hackerwatch\hwapi.exe Script: Quarantine, Delete, BC delete, Terminate 1952 McAfee HackerWatch Service © McAfee, Inc. All rights reserved. ?? 528.10 kb, rsAh, created: 12/7/2007 2:14:26 AM, modified: 2/13/2007 12:09:12 PM Command line: "C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe" c:\progra~1\mcafee.com\agent\mcagent.exe Script: Quarantine, Delete, BC delete, Terminate 1476 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. ?? 553.59 kb, rsAh, created: 12/7/2007 2:13:56 AM, modified: 1/5/2007 4:21:16 PM Command line: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding c:\progra~1\mcafee\msc\mcmscsvc.exe Script: Quarantine, Delete, BC delete, Terminate 2028 MISP User Manager Copyright © 2006 McAfee, Inc. ?? 353.09 kb, rsAh, created: 12/7/2007 2:13:51 AM, modified: 1/5/2007 4:22:12 PM Command line: C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\common~1\mcafee\mna\mcnasvc.exe Script: Quarantine, Delete, BC delete, Terminate 124 McAfee Network Agent Copyright © 2006 McAfee, Inc. ?? 2161.54 kb, rsAh, created: 12/7/2007 2:14:06 AM, modified: 3/9/2007 4:36:10 AM Command line: "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe" c:\progra~1\mcafee\viruss~1\mcods.exe Script: Quarantine, Delete, BC delete, Terminate 188 McAfee VirusScan - On Demand Scan Copyright © 2006 McAfee, Inc. ?? 353.58 kb, rsAh, created: 12/7/2007 2:15:09 AM, modified: 1/16/2007 6:03:36 PM Command line: C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe c:\progra~1\mcafee\msc\mcpromgr.exe Script: Quarantine, Delete, BC delete, Terminate 204 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. ?? 481.59 kb, rsAh, created: 12/7/2007 2:13:53 AM, modified: 1/5/2007 4:21:40 PM Command line: C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe Script: Quarantine, Delete, BC delete, Terminate 228 McAfee Proxy Service Module Copyright © 2006 McAfee, Inc. ?? 345.09 kb, rsAh, created: 12/7/2007 2:15:51 AM, modified: 4/12/2007 9:33:42 AM Command line: c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\progra~1\mcafee\viruss~1\mcshield.exe Script: Quarantine, Delete, BC delete, Terminate 408 On-Access Scanner service Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. ?? 141.56 kb, rsAh, created: 12/7/2007 2:14:35 AM, modified: 6/25/2007 10:56:42 AM Command line: C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe c:\progra~1\mcafee\viruss~1\mcsysmon.exe Script: Quarantine, Delete, BC delete, Terminate 492 McAfee SystemGuards Service Copyright © 2006 McAfee, Inc. ?? 628.58 kb, rsAh, created: 12/7/2007 2:14:39 AM, modified: 1/25/2007 4:01:58 PM Command line: C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe c:\program files\mcafee\mpf\mpfsrv.exe Script: Quarantine, Delete, BC delete, Terminate 620 McAfee Personal Firewall Service Copyright © 2005 McAfee, Inc. All Rights Reserved. ?? 821.54 kb, rsAh, created: 12/7/2007 2:15:27 AM, modified: 6/19/2007 8:55:24 AM Command line: "C:\Program Files\McAfee\MPF\MPFSrv.exe" c:\progra~1\mcafee\mps\mps.exe Script: Quarantine, Delete, BC delete, Terminate 2312 McAfee Privacy Service 9.0 Copyright © 2006 McAfee, Inc. ?? 885.54 kb, rsAh, created: 12/7/2007 2:15:56 AM, modified: 4/18/2007 2:08:06 PM Command line: C:\PROGRA~1\McAfee\MPS\mps.exe c:\program files\mcafee\mps\mpsevh.exe Script: Quarantine, Delete, BC delete, Terminate 3500 McAfee Privacy Service 9.0 Event Handler Copyright © 2006 McAfee, Inc. ?? 297.54 kb, rsAh, created: 12/7/2007 2:16:01 AM, modified: 4/18/2007 2:08:10 PM Command line: "C:\Program Files\McAfee\MPS\mpsevh.exe" -Embedding c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe Script: Quarantine, Delete, BC delete, Terminate 312 McAfee Redirector Service Module Copyright © 2006 McAfee, Inc. ?? 250.09 kb, rsAh, created: 12/7/2007 2:14:23 AM, modified: 3/8/2007 3:42:42 PM Command line: c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe c:\program files\aol 9.0b\shellmon.exe Script: Quarantine, Delete, BC delete, Terminate 3320 waolmon Copyright © AOL, LLC 1999 - 2006 ?? 53.55 kb, rsAh, created: 4/18/2007 1:49:05 AM, modified: 4/18/2007 1:49:05 AM Command line: "C:\Program Files\AOL 9.0b\shellmon.exe" c:\program files\spywarefighter\spfprc.exe Script: Quarantine, Delete, BC delete, Terminate 2936 SpywareFighter SpamFighter APS. All rights reserved. ?? 400.90 kb, rsAh, created: 6/8/2007 11:52:14 AM, modified: 6/8/2007 11:52:14 AM Command line: "C:\Program Files\SPYWAREfighter\spfprc.exe" c:\program files\spywarefighter\spftray.exe Script: Quarantine, Delete, BC delete, Terminate 2632 Spywarefighter Tray ?? 112.90 kb, rsAh, created: 6/8/2007 11:52:18 AM, modified: 6/8/2007 11:52:18 AM Command line: "C:\Program Files\SPYWAREfighter\spftray.exe" c:\windows\system32\spoolsv.exe Script: Quarantine, Delete, BC delete, Terminate 1680 Spooler SubSystem App © Microsoft Corporation. All rights reserved. ?? 56.50 kb, rsAh, created: 8/4/2004 7:00:00 AM, modified: 6/10/2005 6:53:32 PM Command line: C:\windows\system32\spoolsv.exe c:\program files\aol 9.0b\waol.exe Script: Quarantine, Delete, BC delete, Terminate 1436 AOL Software Copyright © AOL, LLC 1999 - 2006 ?? 38.55 kb, rsAh, created: 4/18/2007 1:49:07 AM, modified: 4/18/2007 1:49:07 AM Command line: -Brestart Detected:47, recognized as trusted 27 Module name Handle Description Copyright MD5 Used by processes C:\Program Files\AOL 9.0b\acfBase.DLL Script: Quarantine, Delete, BC delete 1864368128 acf Module Copyright 2001 -- 1436 C:\Program Files\AOL 9.0b\APPDATA.dll Script: Quarantine, Delete, BC delete 1666973696 AppData Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\comm.dll Script: Quarantine, Delete, BC delete 1610612736 Comm Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\COOLAPI.dll Script: Quarantine, Delete, BC delete 1663041536 Cool Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\coolcore46.dll Script: Quarantine, Delete, BC delete 1074790400 COOL Core Component Library Copyright 1998-2007 AOL LLC -- 1436 C:\Program Files\AOL 9.0b\idleproc.dll Script: Quarantine, Delete, BC delete 1743781888 IDLEPROC DLL Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\manager.dll Script: Quarantine, Delete, BC delete 1729626112 Display Manager Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\ProxyMgr.dll Script: Quarantine, Delete, BC delete 1621098496 ProxyMgr DLL Copyright ¬ 1999 - 2003 -- 1436 C:\Program Files\AOL 9.0b\resource.dll Script: Quarantine, Delete, BC delete 1664090112 RESOURCE Tool Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\shellmon.exe Script: Quarantine, Delete, BC delete 4194304 waolmon Copyright © AOL, LLC 1999 - 2006 ?? 3320 C:\Program Files\AOL 9.0b\supersub.dll Script: Quarantine, Delete, BC delete 1616379904 SuperSub Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\SYNCCORE.dll Script: Quarantine, Delete, BC delete 1645215744 SYNCCORE.DLL Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\TOOL\actvx.rct Script: Quarantine, Delete, BC delete 1779433472 ActiveX Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\TOOL\chat.tol Script: Quarantine, Delete, BC delete 1787822080 Chat Tool Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\TOOL\coretool.rct Script: Quarantine, Delete, BC delete 1342242816 Coretool Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\TOOL\htmlview.tol Script: Quarantine, Delete, BC delete 1777270784 Managed By Tool Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\TOOL\imfdecode.rct Script: Quarantine, Delete, BC delete 1806696448 Imfdecode Tool Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\TOOL\lvi.tol Script: Quarantine, Delete, BC delete 1689255936 LVI Tool Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\TOOL\mip.tol Script: Quarantine, Delete, BC delete 1732771840 MIP Manager Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\TOOL\rich.rct Script: Quarantine, Delete, BC delete 1762131968 Rich Text Tool Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\TOOL\sec.cct Script: Quarantine, Delete, BC delete 1753481216 Security Tool Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\TOOL\talk.tol Script: Quarantine, Delete, BC delete 1649934336 Talk Tool Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\TOOL\www.tol Script: Quarantine, Delete, BC delete 1757806592 WWW Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\waol.dll Script: Quarantine, Delete, BC delete 5242880 AOL Software Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\waol.exe Script: Quarantine, Delete, BC delete 4194304 AOL Software Copyright © AOL, LLC 1999 - 2006 ?? 1436 C:\Program Files\AOL 9.0b\xprt5.dll Script: Quarantine, Delete, BC delete 1073741824 XPRT Runtime Library Copyright 1998-2007 AOL LLC -- 1436 C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe Script: Quarantine, Delete, BC delete 4194304 AOL Copyright © 2007 AOL LLC ?? 3140 C:\Program Files\Common Files\AOL\1175982866\ee\AOLSvcMgr.dll Script: Quarantine, Delete, BC delete 1811939328 AOLSvcMgr Copyright © 2007 AOL LLC -- 3140, 1436 c:\program files\common files\aol\1175982866\ee\services\aolsystrayservice\ver3_0_16_1\AOLSysTrayService.dll Script: Quarantine, Delete, BC delete 1742995456 aolsystrayservice EE Service Copyright © 2006 AOL LLC. All rights reserved. -- 3140 c:\program files\common files\aol\1175982866\ee\services\localStorage\ver7_1_6_1\clsSvc.dll Script: Quarantine, Delete, BC delete 1732837376 clssvc EE Service Copyright © 2007 AOL LLC -- 3140 c:\program files\common files\aol\1175982866\ee\services\metrics\ver3_6_16_1\cmls.dll Script: Quarantine, Delete, BC delete 1729495040 Client Metrics Service Copyright © 2006 AOL LLC -- 3140 c:\program files\common files\aol\1175982866\ee\services\notification\ver6_2_6_1\Notify.dll Script: Quarantine, Delete, BC delete 1733230592 Notification Service Copyright © 2006 America Online, Inc. -- 3140 c:\program files\common files\aol\1175982866\ee\services\os\ver5_2_1_1\AOLIdleMon.dll Script: Quarantine, Delete, BC delete 268435456 AolIdleMon EE Service Copyright © 2006 AOL LLC -- 3140 c:\program files\common files\aol\1175982866\ee\services\os\ver5_2_1_1\OS.dll Script: Quarantine, Delete, BC delete 1733492736 os EE Service Copyright © 2006 AOL LLC -- 3140 c:\program files\common files\aol\1175982866\ee\services\suiteFramework\ver4_1_6_1\suiteFramework.dll Script: Quarantine, Delete, BC delete 1735917568 SuiteFramework Service Copyright © 2006 AOL LLC. -- 3140 C:\Program Files\Common Files\AOL\1175982866\ee\xprt5.dll Script: Quarantine, Delete, BC delete 17301504 XPRT Runtime Library Copyright 1998-2007 AOL LLC -- 3140 C:\Program Files\Common Files\AOL\1175982866\ee\xprt6.dll Script: Quarantine, Delete, BC delete 1073741824 XPRT Runtime Library Copyright 1998-2006 AOL LLC -- 3140, 1436 C:\Program Files\Common Files\AOL\ACS\AcsCmn.dll Script: Quarantine, Delete, BC delete 42008576 AOL Connectivity Service Common Code Copyright © 2001-2006 AOL LLC -- 1436 C:\Program Files\Common Files\AOL\ACS\ACSMDiag.dll Script: Quarantine, Delete, BC delete 12517376 AOL Connectivity Service Diagnostics Copyright © 2001-2006 AOL LLC -- 1812 C:\Program Files\Common Files\AOL\ACS\ACSSwu.dll Script: Quarantine, Delete, BC delete 24313856 AOL Connectivity Service Software Update Copyright © 2001-2006 AOL LLC -- 1812 C:\Program Files\Common Files\AOL\ACS\AOLacsd.dll Script: Quarantine, Delete, BC delete 268435456 AOL Connectivity Service Copyright © 2001-2006 AOL LLC -- 1812 C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe Script: Quarantine, Delete, BC delete 4194304 AOL Connectivity Service Copyright © 2001-2006 AOL LLC ?? 1812 C:\Program Files\Common Files\AOL\ACS\xpat.dll Script: Quarantine, Delete, BC delete 3407872 AOL Connectivity Service XML Parser Copyright © 2001-2006 AOL LLC -- 1812 C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll Script: Quarantine, Delete, BC delete 1811546112 AOL Diagnostics Copyright © 1998-2006 - SupportSoft Software, Inc. All Rights Reserved. -- 1812, 3140, 1436 C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe Script: Quarantine, Delete, BC delete 4194304 McAfee HackerWatch Service © McAfee, Inc. All rights reserved. ?? 1952 C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe Script: Quarantine, Delete, BC delete 4194304 HpqSRmon © Hewlett-Packard. All rights reserved. ?? 2648 C:\Program Files\McAfee\MPF\MPFSrv.exe Script: Quarantine, Delete, BC delete 4194304 McAfee Personal Firewall Service Copyright © 2005 McAfee, Inc. All Rights Reserved. ?? 620 C:\Program Files\McAfee\MPS\mpsevh.exe Script: Quarantine, Delete, BC delete 4194304 McAfee Privacy Service 9.0 Event Handler Copyright © 2006 McAfee, Inc. ?? 3500 C:\Program Files\McAfee\MSC\oem\578\Mccobres.dll Script: Quarantine, Delete, BC delete 1715470336 McAfee Co-Branded Resource DLL Copyright © 2006 McAfee, Inc. -- 1476, 2028, 124, 204, 3500 C:\Program Files\McAfee\VirusScan\mcscan32.dll Script: Quarantine, Delete, BC delete 301989888 AV Scanning Engine Copyright © 2007 McAfee, Inc. -- 408 C:\Program Files\SPYWAREfighter\engine.dll Script: Quarantine, Delete, BC delete 268435456 scan engine Copyright © 2005 Anti-Malware Development a.s. -- 2936 C:\Program Files\SPYWAREfighter\spfprc.exe Script: Quarantine, Delete, BC delete 4194304 SpywareFighter SpamFighter APS. All rights reserved. ?? 2936 C:\Program Files\SPYWAREfighter\spfrm.dll Script: Quarantine, Delete, BC delete 10158080 SpyWareFighter RS SpamFighter Aps. All rights reserved. -- 2936, 2632 C:\Program Files\SPYWAREfighter\spftray.exe Script: Quarantine, Delete, BC delete 4194304 Spywarefighter Tray ?? 2632 C:\Program Files\SPYWAREfighter\SPYWAREfighterBO.dll Script: Quarantine, Delete, BC delete 285212672 -- 2936, 2632 C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll Script: Quarantine, Delete, BC delete 343932928 Viewpoint Media Player for Internet Explorer Copyright © 2000 Viewpoint Corporation -- 1436 C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305000D.dll Script: Quarantine, Delete, BC delete 360710144 Viewpoint Media Player Component Manager Copyright © 2000 Viewpoint Corporation -- 1436 C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll Script: Quarantine, Delete, BC delete 549453824 Viewpoint Media Player AOLUserShell Copyright © 2000 Viewpoint Corporation -- 1436 C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll Script: Quarantine, Delete, BC delete 369098752 Viewpoint Media Player Scene Component Copyright © 2000 Viewpoint Corporation -- 1436 C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll Script: Quarantine, Delete, BC delete 385875968 Viewpoint Media Player Rasterizer Component Copyright © 2000 Viewpoint Corporation -- 1436 C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll Script: Quarantine, Delete, BC delete 394264576 Viewpoint Media Player SWFView Component Copyright © 2000 Viewpoint Corporation -- 1436 c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll Script: Quarantine, Delete, BC delete 1654652928 McAfee Core Proxy Stub Copyright © 2006 McAfee, Inc. -- 1952, 1476, 2028, 124, 204, 408, 492, 620, 2312, 3500, 312 c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll Script: Quarantine, Delete, BC delete 1655701504 McAfee Event Broker Copyright © 2006 McAfee, Inc. -- 228, 408, 492, 620, 2312, 312 c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll Script: Quarantine, Delete, BC delete 1667235840 McAfee HackerWatch Proxy Stub © McAfee, Inc. All rights reserved. -- 1952, 492, 620, 312 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe Script: Quarantine, Delete, BC delete 4194304 McAfee Proxy Service Module Copyright © 2006 McAfee, Inc. ?? 228 c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe Script: Quarantine, Delete, BC delete 4194304 McAfee Network Agent Copyright © 2006 McAfee, Inc. ?? 124 c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL Script: Quarantine, Delete, BC delete 1801453568 McAfee Network Agent Proxy/Stub Copyright © 2006 McAfee, Inc. -- 124, 204 c:\PROGRA~1\COMMON~1\mcafee\mna\mcuj.dll Script: Quarantine, Delete, BC delete 1800404992 McAfee Unified Join Copyright © 2006 McAfee, Inc. -- 124 C:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll Script: Quarantine, Delete, BC delete 1650458624 McAfee Utility DLL Copyright © 2006 McAfee, Inc. -- 124, 204 C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll Script: Quarantine, Delete, BC delete 1652555776 Sqlite3 Database Module Copyright © 2006 McAfee, Inc. -- 2028 c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirps.dll Script: Quarantine, Delete, BC delete 1644167168 McAfee Redirector Service Proxy Stub Copyright © 2006 McAfee, Inc. -- 228, 312 c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe Script: Quarantine, Delete, BC delete 4194304 McAfee Redirector Service Module Copyright © 2006 McAfee, Inc. ?? 312 c:\PROGRA~1\mcafee.com\agent\mcagent.exe Script: Quarantine, Delete, BC delete 4194304 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. ?? 1476 c:\PROGRA~1\mcafee.com\agent\mcagntps.dll Script: Quarantine, Delete, BC delete 1711276032 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. -- 1476 c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll Script: Quarantine, Delete, BC delete 1665138688 McAfee Personal Firewall Plus Copyright © 2005 McAfee, Inc. All Rights Reserved. -- 620 C:\PROGRA~1\McAfee\MPS\mps.exe Script: Quarantine, Delete, BC delete 4194304 McAfee Privacy Service 9.0 Copyright © 2006 McAfee, Inc. ?? 2312 c:\PROGRA~1\mcafee\mps\mpsmisp.dll Script: Quarantine, Delete, BC delete 1681915904 McAfee Privacy Service 9.0 Copyright © 2006 McAfee, Inc. -- 3500 c:\PROGRA~1\mcafee\mps\mpsppm.dll Script: Quarantine, Delete, BC delete 1682964480 MPS Proxy Plugin Module Copyright © 2006 McAfee, Inc. -- 228 c:\PROGRA~1\mcafee\mps\mpsps.dll Script: Quarantine, Delete, BC delete 1684013056 McAfee Privacy Service 9.0 Proxy Stub Copyright © 2006 McAfee, Inc. -- 2312, 3500 C:\PROGRA~1\McAfee\MSC\McAltLib.dll Script: Quarantine, Delete, BC delete 1712324608 MISP Alert Library Copyright © 2006 McAfee, Inc. -- 3500 c:\PROGRA~1\mcafee\msc\mccfgpv.dll Script: Quarantine, Delete, BC delete 1714421760 MISP Default Configuration Provider Copyright © 2006 McAfee, Inc. -- 1476 C:\PROGRA~1\McAfee\MSC\Mccobres.dll Script: Quarantine, Delete, BC delete 13107200 McAfee Co-Branded Resource DLL Copyright © 2006 McAfee, Inc. -- 1476, 2028, 124, 204, 3500 c:\PROGRA~1\mcafee\msc\mcdbmgr.dll Script: Quarantine, Delete, BC delete 1719664640 McAfee Log Database Manager Copyright © 2006 McAfee, Inc. -- 2028 C:\PROGRA~1\McAfee\MSC\McLocRes.dll Script: Quarantine, Delete, BC delete 1716518912 McAfee Localized Resource DLL Copyright © 2006 McAfee, Inc. -- 1476, 2028, 124, 204, 3500 c:\PROGRA~1\mcafee\msc\mcmismgr.dll Script: Quarantine, Delete, BC delete 1718616064 McAfee Misc Manager Copyright © 2006 McAfee, Inc. -- 124 c:\PROGRA~1\mcafee\msc\mcmispps.dll Script: Quarantine, Delete, BC delete 1721761792 McAfee MISP Proxy Stub DLL Copyright © 2006 McAfee, Inc. -- 1476, 2028, 124, 204, 408, 492, 620, 3500 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe Script: Quarantine, Delete, BC delete 4194304 MISP User Manager Copyright © 2006 McAfee, Inc. ?? 2028 C:\PROGRA~1\McAfee\MSC\McNmcCoR.dll Script: Quarantine, Delete, BC delete 35454976 McAfee NMC Co-Branded Resource DLL Copyright © 2006 McAfee, Inc. -- 124, 204 C:\PROGRA~1\McAfee\MSC\McNmcLoR.dll Script: Quarantine, Delete, BC delete 35323904 McAfee NMC Localized Resource DLL Copyright © 2006 McAfee, Inc. -- 124, 204 c:\PROGRA~1\mcafee\msc\mcnmcprv.dll Script: Quarantine, Delete, BC delete 37879808 McAfee NMC Provider Copyright © 2006 McAfee, Inc. -- 204 C:\PROGRA~1\McAfee\MSC\McNmcRes.dll Script: Quarantine, Delete, BC delete 34930688 McAfee NMC Resource DLL Copyright © 2006 McAfee, Inc. -- 124, 204 c:\PROGRA~1\mcafee\msc\mcnmcsps.dll Script: Quarantine, Delete, BC delete 15794176 McAfee NMC Server Proxy Stub Copyright © 2006 McAfee, Inc. -- 124, 204 c:\PROGRA~1\mcafee\msc\mcnmcsrv.dll Script: Quarantine, Delete, BC delete 268435456 McAfee NMC Server Copyright © 2006 McAfee, Inc. -- 124 C:\PROGRA~1\McAfee\MSC\McProHlp.dll Script: Quarantine, Delete, BC delete 1725956096 Mc Security Index Copyright © 2006 McAfee, Inc. -- 204 C:\PROGRA~1\McAfee\MSC\mcpromgr.exe Script: Quarantine, Delete, BC delete 4194304 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. ?? 204 c:\PROGRA~1\mcafee\msc\mcprotpv.dll Script: Quarantine, Delete, BC delete 1727004672 MISP Default Protection Provider Copyright © 2006 McAfee, Inc. -- 204 c:\PROGRA~1\mcafee\msc\mcregobj\7_2_14~1\mcregobj.dll Script: Quarantine, Delete, BC delete 1729101824 MISP Registration Component Copyright © 2006 McAfee, Inc. -- 1476, 124 C:\PROGRA~1\McAfee\MSC\McRes.dll Script: Quarantine, Delete, BC delete 1730150400 McAfee Non-Localized Resource DLL Copyright © 2006 McAfee, Inc. -- 1476, 2028, 124, 204, 3500 c:\PROGRA~1\mcafee\msc\mcshllps.dll Script: Quarantine, Delete, BC delete 1731198976 McAfee McShell Proxy Stub DLL Copyright © 2006 McAfee, Inc. -- 124, 204 c:\PROGRA~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll Script: Quarantine, Delete, BC delete 1733296128 McAfee Subscription manager module Copyright © 2006 McAfee, Inc. -- 1476, 124, 204, 492 c:\PROGRA~1\mcafee\msc\mcuicfg.dll Script: Quarantine, Delete, BC delete 1734344704 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. -- 1476 C:\PROGRA~1\McAfee\VIRUSS~1\FTL.Dll Script: Quarantine, Delete, BC delete 336068608 File Filter Library Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408 C:\PROGRA~1\McAfee\VIRUSS~1\LockDown.dll Script: Quarantine, Delete, BC delete 336461824 Provides self-protection functionality Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408 C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe Script: Quarantine, Delete, BC delete 4194304 McAfee VirusScan - On Demand Scan Copyright © 2006 McAfee, Inc. ?? 188 C:\PROGRA~1\McAfee\VIRUSS~1\McQtLib.dll Script: Quarantine, Delete, BC delete 1621098496 McAfee Quarantine Library Copyright © 2006 McAfee, Inc. -- 408 C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe Script: Quarantine, Delete, BC delete 4194304 On-Access Scanner service Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. ?? 408 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe Script: Quarantine, Delete, BC delete 4194304 McAfee SystemGuards Service Copyright © 2006 McAfee, Inc. ?? 492 c:\PROGRA~1\mcafee\VIRUSS~1\mcvsps.dll Script: Quarantine, Delete, BC delete 1624244224 McAfee VirusScan Proxy Stub dll Copyright © 2006 McAfee, Inc. -- 408, 492 c:\PROGRA~1\mcafee\VIRUSS~1\mcvsqt.dll Script: Quarantine, Delete, BC delete 1625292800 McAfee VirusScan Quarantine Interface Copyright © 2006 McAfee, Inc. -- 408 C:\PROGRA~1\McAfee\VIRUSS~1\mfeavfa.dll Script: Quarantine, Delete, BC delete 1862205440 Anti Virus File System Filter Driver API Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408 C:\PROGRA~1\McAfee\VIRUSS~1\mfebopa.dll Script: Quarantine, Delete, BC delete 1614610432 Buffer Overflow Protection Service Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408 C:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll Script: Quarantine, Delete, BC delete 1713635328 Host Intrusion Detection Link Driver Communication Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408, 492 C:\PROGRA~1\McAfee\VIRUSS~1\mfesmfa.dll Script: Quarantine, Delete, BC delete 1786970112 System Monitor Filter Driver API Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 492 c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll Script: Quarantine, Delete, BC delete 1627389952 McAfee Configuration Object Tool Copyright © 2006 McAfee, Inc. -- 408, 492 C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll Script: Quarantine, Delete, BC delete 1630535680 McAfee VirusScan Log Helper Copyright © 2006 McAfee, Inc. -- 408, 492 C:\PROGRA~1\McAfee\VIRUSS~1\mytilus.dll Script: Quarantine, Delete, BC delete 337117184 Common Shell - Scanners' interface to the engine Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408 C:\PROGRA~1\McAfee\VIRUSS~1\mytilus2.dll Script: Quarantine, Delete, BC delete 337772544 Common Shell2 - Scanners' interface to the 5000 series engine Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408 C:\PROGRA~1\McAfee\VIRUSS~1\naiann.dll Script: Quarantine, Delete, BC delete 1636827136 McAfee VirusScan Announcer Copyright © 2006 McAfee, Inc. -- 408 c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll Script: Quarantine, Delete, BC delete 1637875712 McAfee VirusScan Announcer Proxy Stub dll Copyright © 2006 McAfee, Inc. -- 408 C:\PROGRA~1\McAfee\VIRUSS~1\RES00\McShield.dll Script: Quarantine, Delete, BC delete 336592896 Resources for McShield Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408 c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll Script: Quarantine, Delete, BC delete 340328448 VSCore Script Scanner Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 944, 1436 C:\PROGRA~1\McAfee\VIRUSS~1\scriptsv.dll Script: Quarantine, Delete, BC delete 340328448 VSCore Script Scanner Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408 C:\windows\system32\Dunzip32.dll Script: Quarantine, Delete, BC delete 805306368 DynaZIP-32 Multi-Threading UnZIP DLL Copyright © 1995 - 2004 by Inner Media, Inc. All Rights Reserved. -- 2312 C:\windows\system32\hpz3l4pi.dll Script: Quarantine, Delete, BC delete 9961472 LanguageMonitor Copyright © 1999 -- 1680 C:\windows\system32\jgdw400.dll Script: Quarantine, Delete, BC delete 60620800 JG ART DLL Copyright © 1997 America Online, Inc. -- 1436 C:\windows\system32\jgpl400.dll Script: Quarantine, Delete, BC delete 60555264 JG ART Player DLL ©1996 AOL/Johnson-Grace Company -- 1436 C:\windows\System32\spool\PRTPROCS\W32X86\hpzpp4pi.dll Script: Quarantine, Delete, BC delete 13959168 Copyright © Hewlett-Packard Corp. 1997-2002 -- 1680 C:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\MSVCP80.dll Script: Quarantine, Delete, BC delete 2084700160 Microsoft® C++ Runtime Library © Microsoft Corporation. All rights reserved. -- 2648 C:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\MSVCR80.dll Script: Quarantine, Delete, BC delete 2014511104 Microsoft® C Runtime Library © Microsoft Corporation. All rights reserved. -- 2648 Modules detected:435, recognized as trusted 306 Kernel space modules Module Base address Size in memory Description Manufacturer C:\windows\System32\Drivers\dump_atapi.sys Script: Quarantine, Delete, BC delete F45AB000 018000 (98304) C:\windows\System32\Drivers\dump_WMILIB.SYS Script: Quarantine, Delete, BC delete F7B2C000 002000 (8192) C:\windows\system32\drivers\mfebopk.sys Script: Quarantine, Delete, BC delete F78EC000 007000 (28672) Buffer Overflow Protection Driver Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. C:\windows\system32\drivers\mfehidk.sys Script: Quarantine, Delete, BC delete B9D0C000 029000 (167936) Host Intrusion Detection Link Driver Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. C:\windows\system32\drivers\mfesmfk.sys Script: Quarantine, Delete, BC delete F78DC000 008000 (32768) System Monitor Filter Driver Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. C:\windows\System32\Drivers\Mpfp.sys Script: Quarantine, Delete, BC delete F47DB000 023000 (143360) McAfee Personal Firewall Plus Driver Copyright © 2005 McAfee, Inc. All rights reserved. C:\Program Files\SPYWAREfighter\spyfighter.sys Script: Quarantine, Delete, BC delete F78C4000 005000 (20480) Modules detected - 132, recognized as trusted - 125 Services Service Description Status File Group Dependencies AOL ACS Service: Stop, Delete, Disable AOL Connectivity Service Running C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe Script: Quarantine, Delete, BC delete McAfee HackerWatch Service Service: Stop, Delete, Disable McAfee HackerWatch Service Running C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe Script: Quarantine, Delete, BC delete RPCSS mcmscsvc Service: Stop, Delete, Disable McAfee Services Running C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe Script: Quarantine, Delete, BC delete McNASvc Service: Stop, Delete, Disable McAfee Network Agent Running c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe Script: Quarantine, Delete, BC delete RPCSS McODS Service: Stop, Delete, Disable McAfee Scanner Running C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe Script: Quarantine, Delete, BC delete mcpromgr Service: Stop, Delete, Disable McAfee Protection Manager Running C:\PROGRA~1\McAfee\MSC\mcpromgr.exe Script: Quarantine, Delete, BC delete McProxy Service: Stop, Delete, Disable McAfee Proxy Service Running c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe Script: Quarantine, Delete, BC delete McRedirector Service: Stop, Delete, Disable McAfee Redirector Service Running c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe Script: Quarantine, Delete, BC delete McShield Service: Stop, Delete, Disable McAfee Real-time Scanner Running C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe Script: Quarantine, Delete, BC delete McSysmon Service: Stop, Delete, Disable McAfee SystemGuards Running C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe Script: Quarantine, Delete, BC delete MpfService Service: Stop, Delete, Disable McAfee Personal Firewall Service Running C:\Program Files\McAfee\MPF\MPFSrv.exe Script: Quarantine, Delete, BC delete MPS9 Service: Stop, Delete, Disable McAfee Privacy Service Running C:\PROGRA~1\McAfee\MPS\mps.exe Script: Quarantine, Delete, BC delete McProxy SPYWAREfighterRP Service: Stop, Delete, Disable SPYWAREfighterRP Running C:\Program Files\SPYWAREfighter\spfprc.exe Script: Quarantine, Delete, BC delete RPCSS Adobe LM Service Service: Stop, Delete, Disable Adobe LM Service Not started C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe Script: Quarantine, Delete, BC delete ATI Smart Service: Stop, Delete, Disable ATI Smart Not started C:\WINDOWS\system32\ati2sgag.exe Script: Quarantine, Delete, BC delete Emproxy Service: Stop, Delete, Disable McAfee E-mail Proxy Not started C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe Script: Quarantine, Delete, BC delete iPod Service Service: Stop, Delete, Disable iPod Service Not started iPod Service.sys Script: Quarantine, Delete, BC delete RpcSs mcmispupdmgr Service: Stop, Delete, Disable McAfee Update Manager Not started C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe Script: Quarantine, Delete, BC delete Detected - 102, recognized as trusted - 84 Drivers Service Description Status File Group Dependencies mfebopk Driver: Unload, Delete, Disable McAfee Inc. Running C:\windows\system32\drivers\mfebopk.sys Script: Quarantine, Delete, BC delete mfehidk Driver: Unload, Delete, Disable McAfee Inc. Running C:\windows\system32\drivers\mfehidk.sys Script: Quarantine, Delete, BC delete mfesmfk Driver: Unload, Delete, Disable McAfee Inc. Running C:\windows\system32\drivers\mfesmfk.sys Script: Quarantine, Delete, BC delete MPFP Driver: Unload, Delete, Disable MPFP Running C:\windows\system32\Drivers\Mpfp.sys Script: Quarantine, Delete, BC delete PNP_TDI TcpIp SpyFighter Driver: Unload, Delete, Disable SpyFighter Guard Device Running C:\Program Files\SPYWAREfighter\spyfighter.sys Script: Quarantine, Delete, BC delete Abiosdsk Driver: Unload, Delete, Disable Abiosdsk Not started Abiosdsk.sys Script: Quarantine, Delete, BC delete Primary disk abp480n5 Driver: Unload, Delete, Disable abp480n5 Not started abp480n5.sys Script: Quarantine, Delete, BC delete SCSI miniport adpu160m Driver: Unload, Delete, Disable adpu160m Not started adpu160m.sys Script: Quarantine, Delete, BC delete SCSI miniport Aha154x Driver: Unload, Delete, Disable Aha154x Not started Aha154x.sys Script: Quarantine, Delete, BC delete SCSI miniport aic78u2 Driver: Unload, Delete, Disable aic78u2 Not started aic78u2.sys Script: Quarantine, Delete, BC delete SCSI miniport aic78xx Driver: Unload, Delete, Disable aic78xx Not started aic78xx.sys Script: Quarantine, Delete, BC delete SCSI miniport AliIde Driver: Unload, Delete, Disable AliIde Not started AliIde.sys Script: Quarantine, Delete, BC delete System Bus Extender amsint Driver: Unload, Delete, Disable amsint Not started amsint.sys Script: Quarantine, Delete, BC delete SCSI miniport asc Driver: Unload, Delete, Disable asc Not started asc.sys Script: Quarantine, Delete, BC delete SCSI miniport asc3350p Driver: Unload, Delete, Disable asc3350p Not started asc3350p.sys Script: Quarantine, Delete, BC delete SCSI miniport asc3550 Driver: Unload, Delete, Disable asc3550 Not started asc3550.sys Script: Quarantine, Delete, BC delete SCSI miniport Atdisk Driver: Unload, Delete, Disable Atdisk Not started Atdisk.sys Script: Quarantine, Delete, BC delete Primary disk catchme Driver: Unload, Delete, Disable catchme Not started C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys Script: Quarantine, Delete, BC delete Base cd20xrnt Driver: Unload, Delete, Disable cd20xrnt Not started cd20xrnt.sys Script: Quarantine, Delete, BC delete SCSI miniport Changer Driver: Unload, Delete, Disable Changer Not started Changer.sys Script: Quarantine, Delete, BC delete Filter CmdIde Driver: Unload, Delete, Disable CmdIde Not started CmdIde.sys Script: Quarantine, Delete, BC delete System Bus Extender Cpqarray Driver: Unload, Delete, Disable Cpqarray Not started Cpqarray.sys Script: Quarantine, Delete, BC delete SCSI miniport dac960nt Driver: Unload, Delete, Disable dac960nt Not started dac960nt.sys Script: Quarantine, Delete, BC delete SCSI miniport dpti2o Driver: Unload, Delete, Disable dpti2o Not started dpti2o.sys Script: Quarantine, Delete, BC delete SCSI miniport FXDRV Driver: Unload, Delete, Disable FXDRV Not started D:\Fxdrv.sys Script: Quarantine, Delete, BC delete hpn Driver: Unload, Delete, Disable hpn Not started hpn.sys Script: Quarantine, Delete, BC delete SCSI miniport i2omgmt Driver: Unload, Delete, Disable i2omgmt Not started i2omgmt.sys Script: Quarantine, Delete, BC delete SCSI Class i2omp Driver: Unload, Delete, Disable i2omp Not started i2omp.sys Script: Quarantine, Delete, BC delete SCSI miniport ini910u Driver: Unload, Delete, Disable ini910u Not started ini910u.sys Script: Quarantine, Delete, BC delete SCSI miniport IntelIde Driver: Unload, Delete, Disable IntelIde Not started IntelIde.sys Script: Quarantine, Delete, BC delete System Bus Extender lbrtfdc Driver: Unload, Delete, Disable lbrtfdc Not started lbrtfdc.sys Script: Quarantine, Delete, BC delete System Bus Extender mferkdk Driver: Unload, Delete, Disable McAfee Inc. Not started C:\windows\system32\drivers\mferkdk.sys Script: Quarantine, Delete, BC delete mraid35x Driver: Unload, Delete, Disable mraid35x Not started mraid35x.sys Script: Quarantine, Delete, BC delete SCSI miniport PCIDump Driver: Unload, Delete, Disable PCIDump Not started PCIDump.sys Script: Quarantine, Delete, BC delete PCI Configuration PDCOMP Driver: Unload, Delete, Disable PDCOMP Not started PDCOMP.sys Script: Quarantine, Delete, BC delete PDFRAME Driver: Unload, Delete, Disable PDFRAME Not started PDFRAME.sys Script: Quarantine, Delete, BC delete PDRELI Driver: Unload, Delete, Disable PDRELI Not started PDRELI.sys Script: Quarantine, Delete, BC delete PDRFRAME Driver: Unload, Delete, Disable PDRFRAME Not started PDRFRAME.sys Script: Quarantine, Delete, BC delete perc2 Driver: Unload, Delete, Disable perc2 Not started perc2.sys Script: Quarantine, Delete, BC delete SCSI miniport perc2hib Driver: Unload, Delete, Disable perc2hib Not started perc2hib.sys Script: Quarantine, Delete, BC delete Filter ql1080 Driver: Unload, Delete, Disable ql1080 Not started ql1080.sys Script: Quarantine, Delete, BC delete SCSI miniport Ql10wnt Driver: Unload, Delete, Disable Ql10wnt Not started Ql10wnt.sys Script: Quarantine, Delete, BC delete SCSI miniport ql12160 Driver: Unload, Delete, Disable ql12160 Not started ql12160.sys Script: Quarantine, Delete, BC delete SCSI miniport ql1240 Driver: Unload, Delete, Disable ql1240 Not started ql1240.sys Script: Quarantine, Delete, BC delete SCSI miniport ql1280 Driver: Unload, Delete, Disable ql1280 Not started ql1280.sys Script: Quarantine, Delete, BC delete SCSI miniport Simbad Driver: Unload, Delete, Disable Simbad Not started Simbad.sys Script: Quarantine, Delete, BC delete Filter Sparrow Driver: Unload, Delete, Disable Sparrow Not started Sparrow.sys Script: Quarantine, Delete, BC delete SCSI miniport sym_hi Driver: Unload, Delete, Disable sym_hi Not started sym_hi.sys Script: Quarantine, Delete, BC delete SCSI miniport sym_u3 Driver: Unload, Delete, Disable sym_u3 Not started sym_u3.sys Script: Quarantine, Delete, BC delete SCSI miniport symc810 Driver: Unload, Delete, Disable symc810 Not started symc810.sys Script: Quarantine, Delete, BC delete SCSI miniport symc8xx Driver: Unload, Delete, Disable symc8xx Not started symc8xx.sys Script: Quarantine, Delete, BC delete SCSI miniport TosIde Driver: Unload, Delete, Disable TosIde Not started TosIde.sys Script: Quarantine, Delete, BC delete System Bus Extender ultra Driver: Unload, Delete, Disable ultra Not started ultra.sys Script: Quarantine, Delete, BC delete SCSI miniport ViaIde Driver: Unload, Delete, Disable ViaIde Not started ViaIde.sys Script: Quarantine, Delete, BC delete System Bus Extender WDICA Driver: Unload, Delete, Disable WDICA Not started WDICA.sys Script: Quarantine, Delete, BC delete Detected - 190, recognized as trusted - 135 Autoruns File name Status Startup method Description C:\Program Files\AOL 9.0b\AOL.EXE Script: Quarantine, Delete, BC delete Active Registry key HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, AOL Fast Start C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, hpqSRMon C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, NVMixerTray C:\Program Files\SPYWAREfighter\spftray.exe Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, spywarefighterguard appmgmts.dll Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}, DLLName autocheck autochk *lsdelete Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager, BootExecute Autoruns items detected - 61, recognized as trusted - 55 Internet Explorer extension modules (BHOs, Toolbars ...) File name Type Description Manufacturer CLSID BHO {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Delete C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll Script: Quarantine, Delete, BC delete BHO IntelligentAdvisor © {6548BF73-58FF-71D5-F97D-17C71E323709} Delete c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll Script: Quarantine, Delete, BC delete BHO VSCore Script Scanner Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. {7DB2D5A0-7241-4E79-B68D-6309F01C5231} Delete c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll Script: Quarantine, Delete, BC delete Extension module VSCore Script Scanner Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. CmdMapping Delete C:\Program Files\Messenger\MSMSGS.EXE Script: Quarantine, Delete, BC delete Extension module Messenger Copyright © Microsoft Corporation 1997-2003 {FB5F1910-F110-11d2-BB9E-00C04F795683} Delete Elements detected - 9, recognized as trusted - 4 Windows Explorer extension modules File name Destination Description Manufacturer CLSID Display Panning CPL Extension {42071714-76d4-11d1-8b24-00a0c9068ff3} Shell extensions for file compression {764BF0E1-F219-11ce-972D-00AA00A14F56} Encryption Context Menu {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} Taskbar and Start Menu {0DF44EAA-FF21-4412-828E-260A8728E7F1} rundll32.exe C:\windows\system32\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} Script: Quarantine, Delete, BC delete Autoplay for SlideShow {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} User Accounts {7A9D77BD-5403-11d2-8785-2E0420524153} C:\WINDOWS\system32\mscoree.dll Script: Quarantine, Delete, BC delete Fusion Cache Microsoft .NET Runtime Execution Engine © Microsoft Corporation. All rights reserved. {1D2680C9-0E2A-469d-B787-065558BC7D43} Elements detected - 204, recognized as trusted - 197 Print system extensions (print monitors, providers) File name Type Name Description Manufacturer C:\windows\system32\hpz3l4pi.dll Script: Quarantine, Delete, BC delete Monitor PCL hpz3l4pi LanguageMonitor Copyright © 1999 Elements detected - 9, recognized as trusted - 8 Task Scheduler jobs File name Job name Job status Description Manufacturer c:\PROGRA~1\mcafee\mqc\QcConsol.exe Script: Quarantine, Delete, BC delete McDefragTask.job The task is ready to run at its next scheduled time. QuickClean Console Application Copyright © 2006 McAfee, Inc. c:\PROGRA~1\mcafee\mqc\QcConsol.exe Script: Quarantine, Delete, BC delete McQcTask.job The task has not yet run. QuickClean Console Application Copyright © 2006 McAfee, Inc. C:\Program Files\RegCure\RegCure.exe Script: Quarantine, Delete, BC delete RegCure Program Check.job The task is ready to run at its next scheduled time. RegCure Application Copyright © 2006 C:\Program Files\RegCure\RegCure.exe Script: Quarantine, Delete, BC delete RegCure.job The task is ready to run at its next scheduled time. RegCure Application Copyright © 2006 C:\Program Files\SpywareBot\SpywareBot.exe Script: Quarantine, Delete, BC delete SpywareBot Scheduled Scan.job The task has not yet run. Elements detected - 5, recognized as trusted - 0 SPI/LSP settings Namespace providers (NSP) Manufacturer Status Exe file Description GUID Detected - 3, recognized as trusted - 3 Transport protocol providers (TSP, LSP) Manufacturer Exe file Description Detected - 21, recognized as trusted - 21 Automatic SPI settings check results LSP settings checked. No errors detected TCP/UDP ports Port Status Remote Host Remote Port Application Notes TCP ports 135 LISTENING 0.0.0.0 22715 [1076] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate 139 LISTENING 0.0.0.0 26854 [4] System Script: Quarantine, Delete, BC delete, Terminate 445 LISTENING 0.0.0.0 38948 [4] System Script: Quarantine, Delete, BC delete, Terminate 1033 LISTENING 0.0.0.0 2112 [2932] c:\windows\system32\alg.exe Script: Quarantine, Delete, BC delete, Terminate 6646 LISTENING 0.0.0.0 14552 [124] c:\progra~1\common~1\mcafee\mna\mcnasvc.exe Script: Quarantine, Delete, BC delete, Terminate UDP ports 123 LISTENING -- -- [1112] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate 123 LISTENING -- -- [1112] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate 137 LISTENING -- -- [4] System Script: Quarantine, Delete, BC delete, Terminate 138 LISTENING -- -- [4] System Script: Quarantine, Delete, BC delete, Terminate 445 LISTENING -- -- [4] System Script: Quarantine, Delete, BC delete, Terminate 500 LISTENING -- -- [848] c:\windows\system32\lsass.exe Script: Quarantine, Delete, BC delete, Terminate 1026 LISTENING -- -- [1160] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate 1056 LISTENING -- -- [1812] c:\program files\common files\aol\acs\aolacsd.exe Script: Quarantine, Delete, BC delete, Terminate 1900 LISTENING -- -- [1304] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate 1900 LISTENING -- -- [1304] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate 4500 LISTENING -- -- [848] c:\windows\system32\lsass.exe Script: Quarantine, Delete, BC delete, Terminate 6646 LISTENING -- -- [124] c:\progra~1\common~1\mcafee\mna\mcnasvc.exe Script: Quarantine, Delete, BC delete, Terminate Downloaded Program Files (DPF) File name Description Manufacturer CLSID Source URL C:\WINDOWS\Downloaded Program Files\fscax.dll Script: Quarantine, Delete, BC delete fscax module © 2005-2006 F-Secure Corporation. All rights reserved. {0B79F48A-E8D6-11DB-9283-E25056D89593} Delete http://support.f-secure.com/ols/fscax.cab Elements detected - 5, recognized as trusted - 4 Control Panel Applets (CPL) File name Description Manufacturer Elements detected - 25, recognized as trusted - 25 Active Setup File name Description Manufacturer CLSID Elements detected - 15, recognized as trusted - 15 HOSTS file Hosts file record 127.0.0.1 localhost Protocols and handlers File name Type Description Manufacturer CLSID mscoree.dll Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D} mscoree.dll Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D} mscoree.dll Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D} Elements detected - 28, recognized as trusted - 25 Suspicious objects File Description Type C:\windows\system32\drivers\mfehidk.sys Script: Quarantine, Delete, BC delete Suspicion for Rootkit Kernel-mode hook C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe Script: Quarantine, Delete, BC delete Suspicion by File scanner Suspicion for Backdoor.Win32.JustJoke.26.a ( 07EF7DDB 05203645 00241305 0018D5B8 466944) -------------------------------------------------------------------------------- AVZ Antiviral Toolkit log; AVZ version is 4.29 Scanning started at 12/24/2007 9:33:11 PM Database loaded: signatures - 140626, NN profile(s) - 2, microprograms of healing - 55, signature database released 23.12.2007 19:45 Heuristic microprograms loaded: 371 SPV microprograms loaded: 9 Digital signatures of system files loaded: 68055 Heuristic analyzer mode: Maximum heuristics level Healing mode: disabled Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights System Recovery: enabled 1. Searching for Rootkits and programs intercepting API functions 1.1 Searching for user-mode API hooks Analysis: kernel32.dll, export table found in section .text Analysis: ntdll.dll, export table found in section .text Analysis: user32.dll, export table found in section .text Analysis: advapi32.dll, export table found in section .text Analysis: ws2_32.dll, export table found in section .text Analysis: wininet.dll, export table found in section .text Analysis: rasapi32.dll, export table found in section .text Analysis: urlmon.dll, export table found in section .text Analysis: netapi32.dll, export table found in section .text 1.2 Searching for kernel-mode API hooks Driver loaded successfully SDT found (RVA=07B380) Kernel ntkrnlpa.exe found in memory at address 804D7000 SDT = 80552380 KiST = 805011FC (284) Function NtCreateFile (25) - machine code modification Method of JmpTo. jmp B9D1F7CF\SystemRoot\system32\drivers\mfehidk.sys Function NtCreateKey (29) - machine code modification Method of JmpTo. jmp B9D1F74F\SystemRoot\system32\drivers\mfehidk.sys Function NtCreateProcess (2F) - machine code modification Method of JmpTo. jmp B9D1F7F9\SystemRoot\system32\drivers\mfehidk.sys Function NtDeleteKey (3F) - machine code modification Method of JmpTo. jmp B9D1F763\SystemRoot\system32\drivers\mfehidk.sys Function NtDeleteValueKey (41) - machine code modification Method of JmpTo. jmp B9D1F78F\SystemRoot\system32\drivers\mfehidk.sys Function NtMapViewOfSection (6C) - machine code modification Method of JmpTo. jmp B9D1F823\SystemRoot\system32\drivers\mfehidk.sys Function NtOpenKey (77) - machine code modification Method of JmpTo. jmp B9D1F73B\SystemRoot\system32\drivers\mfehidk.sys Function NtProtectVirtualMemory (89) - machine code modification Method of JmpTo. jmp B9D1F7E3\SystemRoot\system32\drivers\mfehidk.sys Function NtRenameKey (C0) - machine code modification Method of JmpTo. jmp B9D1F779\SystemRoot\system32\drivers\mfehidk.sys Function NtSetValueKey (F7) - machine code modification Method of JmpTo. jmp B9D1F7A5\SystemRoot\system32\drivers\mfehidk.sys Function NtTerminateProcess (101) - machine code modification Method of JmpTo. jmp B9D1F7BB\SystemRoot\system32\drivers\mfehidk.sys Function NtUnmapViewOfSection (10B) - machine code modification Method of JmpTo. jmp B9D1F839\SystemRoot\system32\drivers\mfehidk.sys Function NtYieldExecution (116) - machine code modification Method of JmpTo. jmp B9D1F80D\SystemRoot\system32\drivers\mfehidk.sys Function NtCreateFile (8056D3CA) - machine code modification Method of JmpTo. jmp B9D1F7CF \SystemRoot\system32\drivers\mfehidk.sys Function NtMapViewOfSection (805A6206) - machine code modification Method of JmpTo. jmp B9D1F823 \SystemRoot\system32\drivers\mfehidk.sys Functions checked: 284, intercepted: 0, restored: 0 1.3 Checking IDT and SYSENTER Analysis for CPU 1 Checking IDT and SYSENTER - complete 1.4 Searching for masking processes and drivers Checking not performed: the extended monitoring driver (AVZPM) is not installed 2. Scanning memory Number of processes found: 46 Analyzer - the process under analysis is 1812 C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Loads RASAPI DLL - may use dialing ? Analyzer - the process under analysis is 1952 C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Loads RASAPI DLL - may use dialing ? Analyzer - the process under analysis is 2028 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [ES]:Contains network functionality [ES]:Application has no visible windows Analyzer - the process under analysis is 188 C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [ES]:Contains network functionality [ES]:Application has no visible windows Analyzer - the process under analysis is 204 C:\PROGRA~1\McAfee\MSC\mcpromgr.exe [ES]:Contains network functionality [ES]:Application has no visible windows Analyzer - the process under analysis is 228 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [ES]:Contains network functionality [ES]:Application has no visible windows Analyzer - the process under analysis is 312 c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe [ES]:Application has no visible windows Analyzer - the process under analysis is 408 C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [ES]:Contains network functionality [ES]:Application has no visible windows Analyzer - the process under analysis is 492 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [ES]:Contains network functionality [ES]:Application has no visible windows Analyzer - the process under analysis is 620 C:\Program Files\McAfee\MPF\MPFSrv.exe [ES]:Contains network functionality [ES]:Application has no visible windows Analyzer - the process under analysis is 1476 c:\PROGRA~1\mcafee.com\agent\mcagent.exe [ES]:Contains network functionality [ES]:Application has no visible windows Analyzer - the process under analysis is 2312 C:\PROGRA~1\McAfee\MPS\mps.exe [ES]:Contains network functionality [ES]:Application has no visible windows Analyzer - the process under analysis is 2632 C:\Program Files\SPYWAREfighter\spftray.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Registered in autoruns !! Analyzer - the process under analysis is 2648 C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [ES]:Application has no visible windows [ES]:Registered in autoruns !! Analyzer - the process under analysis is 3500 C:\Program Files\McAfee\MPS\mpsevh.exe [ES]:Application has no visible windows Analyzer - the process under analysis is 2936 C:\Program Files\SPYWAREfighter\spfprc.exe [ES]:Contains network functionality [ES]:Application has no visible windows Analyzer - the process under analysis is 3140 C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Loads RASAPI DLL - may use dialing ? Analyzer - the process under analysis is 1436 C:\Program Files\AOL 9.0b\waol.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Loads RASAPI DLL - may use dialing ? Process c:\program files\aol 9.0b\waol.exe Contains network functionality (comm.dll) Analyzer - the process under analysis is 3320 C:\Program Files\AOL 9.0b\shellmon.exe [ES]:Application has no visible windows Number of modules loaded: 414 Memory checking - complete 3. Scanning disks Direct reading C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR2.tmp C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe >>> suspicion for Backdoor.Win32.JustJoke.26.a ( 07EF7DDB 05203645 00241305 0018D5B8 466944) 4. Checking Winsock Layered Service Provider (SPI/LSP) LSP settings checked. No errors detected 5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs) 6. Searching for opened TCP/UDP ports used by malicious programs Checking disabled by user 7. Heuristic system check Checking complete 8. Searching for vulnerabilities >> Services: potentially dangerous service allowed TermService (Terminal Services) >> Services: potentially dangerous service allowed SSDPSRV (SSDP Discovery Service) >> Services: potentially dangerous service allowed Schedule (Task Scheduler) >> Services: potentially dangerous service allowed mnmsrvc (NetMeeting Remote Desktop Sharing) >> Services: potentially dangerous service allowed RDSessMgr (Remote Desktop Help Session Manager) > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)! >> Security: disk drives' autorun is enabled >> Security: administrative shares (C$, D$ ...) are enabled >> Security: anonymous user access is enabled >> Security: sending Remote Assistant queries is enabled Checking complete 9. Troubleshooting wizard Checking complete Files scanned: 70180, extracted from archives: 45500, malicious programs found 0, suspicions - 1 Scanning finished at 12/24/2007 10:06:39 PM Time of scanning: 00:33:30 If you have a suspicion on presence of viruses or questions on the suspected objects, you can address http://virusinfo.info conference System Analysis in progress Script commands begin RegKeyIntParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\Terminal Server','fAllowToGetHelp', 0); RegKeyIntParamWrite('HKEY_LOCAL_MACHINE', 'System\CurrentControlSet\Services\CDROM','AutoRun', 0); end. Add commands to script:Blocking hooks using Anti-RootkitEnable AVZGuardBootCleaner - import list of deleted filesRegistry cleanup after deleting filesBootCleaner - activateRebootInsert template for QuarantineFile() - quarantining fileInsert template for BC_QrFile() - quarantining file via BootCleanerInsert template for DeleteFile() - deleting fileInsert template for DelCLSID() - deleting CLSID item from the registryAdditional operations:Performance tweaking: disable service TermService (Terminal Services)Performance tweaking: disable service SSDPSRV (SSDP Discovery Service)Performance tweaking: disable service Schedule (Task Scheduler)Performance tweaking: disable service mnmsrvc (NetMeeting Remote Desktop Sharing)Performance tweaking: disable service RDSessMgr (Remote Desktop Help Session Manager)Security tweaking: disable disk drives' autorunSecurity tweaking: disable administrative sharesSecurity tweaking: disable anonymous user accessSecurity: disable sending Remote Assistant queries-------------------------------------------------------------------------------- File list syscure Results of system analysis AVZ 4.29 http://z-oleg.com/secur/avz/ List of processes File name PID Description Copyright MD5 Information c:\program files\lavasoft\ad-aware 2007\aawservice.exe Script: Quarantine, Delete, BC delete, Terminate 1560 Ad-Aware 2007 Service Copyright © 2007 ?? 573.34 kb, rsAh, created: 10/29/2007 1:27:04 PM, modified: 10/29/2007 1:27:04 PM Command line: "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" c:\windows\system32\alg.exe Script: Quarantine, Delete, BC delete, Terminate 2932 Application Layer Gateway Service © Microsoft Corporation. All rights reserved. ?? 43.50 kb, rsAh, created: 8/4/2004 7:00:00 AM, modified: 8/4/2004 7:00:00 AM Command line: C:\windows\System32\alg.exe c:\program files\common files\aol\acs\aolacsd.exe Script: Quarantine, Delete, BC delete, Terminate 1812 AOL Connectivity Service Copyright © 2001-2006 AOL LLC ?? 45.55 kb, RsAh, created: 10/23/2006 7:50:35 AM, modified: 10/23/2006 7:50:35 AM Command line: "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" c:\program files\common files\aol\1175982866\ee\aolsoftware.exe Script: Quarantine, Delete, BC delete, Terminate 3140 AOL Copyright © 2007 AOL LLC ?? 41.05 kb, rsAh, created: 4/12/2007 4:23:31 PM, modified: 4/12/2007 4:23:31 PM Command line: "C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe" /h servicehost.defaultGrp c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe Script: Quarantine, Delete, BC delete, Terminate 2616 Adobe Photoshop Album Starter Edition 3.0 component © 2005 Adobe Systems Incorporated ?? 56.00 kb, rsAh, created: 6/6/2005 11:46:24 PM, modified: 6/6/2005 11:46:24 PM Command line: "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" c:\documents and settings\user\desktop\avz4\avz.exe Script: Quarantine, Delete, BC delete, Terminate 2628 ???????????? ??????? AVZ ???????????? ??????? AVZ ?? 715.50 kb, rsAh, created: 12/13/2007 3:28:04 PM, modified: 12/13/2007 3:28:04 PM Command line: "C:\Documents and Settings\user\Desktop\avz4\avz.exe" c:\windows\system32\csrss.exe Script: Quarantine, Delete, BC delete, Terminate 768 Client Server Runtime Process © Microsoft Corporation. All rights reserved. ?? 6.00 kb, rsAh, created: 8/4/2004 7:00:00 AM, modified: 8/4/2004 7:00:00 AM Command line: C:\windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 c:\windows\system32\ctfmon.exe Script: Quarantine, Delete, BC delete, Terminate 2664 CTF Loader © Microsoft Corporation. All rights reserved. ?? 15.00 kb, rsAh, created: 8/4/2004 7:00:00 AM, modified: 8/4/2004 7:00:00 AM Command line: "C:\windows\system32\ctfmon.exe" c:\windows\explorer.exe Script: Quarantine, Delete, BC delete, Terminate 944 Windows Explorer © Microsoft Corporation. All rights reserved. ?? 1009.00 kb, rsAh, created: 8/4/2004 7:00:00 AM, modified: 6/13/2007 5:23:07 AM Command line: C:\windows\Explorer.EXE c:\program files\hp\digital imaging\bin\hpqsrmon.exe Script: Quarantine, Delete, BC delete, Terminate 2648 HpqSRmon © Hewlett-Packard. All rights reserved. ?? 79.00 kb, rsAh, created: 8/22/2007 4:31:16 PM, modified: 8/22/2007 4:31:16 PM Command line: "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" c:\program files\hp\hp software update\hpwuschd2.exe Script: Quarantine, Delete, BC delete, Terminate 2640 Hewlett-Packard Product Assistant Copyright © Hewlett-Packard Development Company, L.P. 1995-2005 ?? 48.00 kb, rsAh, created: 2/19/2006 1:41:10 AM, modified: 2/19/2006 1:41:10 AM Command line: "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" c:\windows\system32\hpzipm12.exe Script: Quarantine, Delete, BC delete, Terminate 2848 PML Driver Copyright © 1998, 1999 Hewlett-Packard Company ?? 68.00 kb, rsah, created: 4/7/2007 6:54:07 PM, modified: 3/3/2006 8:03:10 PM Command line: C:\WINDOWS\system32\HPZipm12.exe c:\program files\common files\mcafee\hackerwatch\hwapi.exe Script: Quarantine, Delete, BC delete, Terminate 1952 McAfee HackerWatch Service © McAfee, Inc. All rights reserved. ?? 528.10 kb, rsAh, created: 12/7/2007 2:14:26 AM, modified: 2/13/2007 12:09:12 PM Command line: "C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe" c:\program files\java\jre1.6.0_03\bin\jusched.exe Script: Quarantine, Delete, BC delete, Terminate 2656 Java Platform SE binary Copyright © 2004 ?? 129.39 kb, rsAh, created: 12/22/2007 10:23:15 AM, modified: 9/25/2007 1:11:35 AM Command line: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" c:\windows\system32\lsass.exe Script: Quarantine, Delete, BC delete, Terminate 848 LSA Shell (Export Version) © Microsoft Corporation. All rights reserved. ?? 13.00 kb, rsAh, created: 8/4/2004 7:00:00 AM, modified: 8/4/2004 7:00:00 AM Command line: C:\windows\system32\lsass.exe c:\progra~1\mcafee.com\agent\mcagent.exe Script: Quarantine, Delete, BC delete, Terminate 1476 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. ?? 553.59 kb, rsAh, created: 12/7/2007 2:13:56 AM, modified: 1/5/2007 4:21:16 PM Command line: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding c:\progra~1\mcafee\msc\mcmscsvc.exe Script: Quarantine, Delete, BC delete, Terminate 2028 MISP User Manager Copyright © 2006 McAfee, Inc. ?? 353.09 kb, rsAh, created: 12/7/2007 2:13:51 AM, modified: 1/5/2007 4:22:12 PM Command line: C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\common~1\mcafee\mna\mcnasvc.exe Script: Quarantine, Delete, BC delete, Terminate 124 McAfee Network Agent Copyright © 2006 McAfee, Inc. ?? 2161.54 kb, rsAh, created: 12/7/2007 2:14:06 AM, modified: 3/9/2007 4:36:10 AM Command line: "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe" c:\progra~1\mcafee\viruss~1\mcods.exe Script: Quarantine, Delete, BC delete, Terminate 188 McAfee VirusScan - On Demand Scan Copyright © 2006 McAfee, Inc. ?? 353.58 kb, rsAh, created: 12/7/2007 2:15:09 AM, modified: 1/16/2007 6:03:36 PM Command line: C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe c:\progra~1\mcafee\msc\mcpromgr.exe Script: Quarantine, Delete, BC delete, Terminate 204 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. ?? 481.59 kb, rsAh, created: 12/7/2007 2:13:53 AM, modified: 1/5/2007 4:21:40 PM Command line: C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe Script: Quarantine, Delete, BC delete, Terminate 228 McAfee Proxy Service Module Copyright © 2006 McAfee, Inc. ?? 345.09 kb, rsAh, created: 12/7/2007 2:15:51 AM, modified: 4/12/2007 9:33:42 AM Command line: c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\progra~1\mcafee\viruss~1\mcshield.exe Script: Quarantine, Delete, BC delete, Terminate 408 On-Access Scanner service Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. ?? 141.56 kb, rsAh, created: 12/7/2007 2:14:35 AM, modified: 6/25/2007 10:56:42 AM Command line: C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe c:\progra~1\mcafee\viruss~1\mcsysmon.exe Script: Quarantine, Delete, BC delete, Terminate 492 McAfee SystemGuards Service Copyright © 2006 McAfee, Inc. ?? 628.58 kb, rsAh, created: 12/7/2007 2:14:39 AM, modified: 1/25/2007 4:01:58 PM Command line: C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe c:\program files\mcafee\mpf\mpfsrv.exe Script: Quarantine, Delete, BC delete, Terminate 620 McAfee Personal Firewall Service Copyright © 2005 McAfee, Inc. All Rights Reserved. ?? 821.54 kb, rsAh, created: 12/7/2007 2:15:27 AM, modified: 6/19/2007 8:55:24 AM Command line: "C:\Program Files\McAfee\MPF\MPFSrv.exe" c:\progra~1\mcafee\mps\mps.exe Script: Quarantine, Delete, BC delete, Terminate 2312 McAfee Privacy Service 9.0 Copyright © 2006 McAfee, Inc. ?? 885.54 kb, rsAh, created: 12/7/2007 2:15:56 AM, modified: 4/18/2007 2:08:06 PM Command line: C:\PROGRA~1\McAfee\MPS\mps.exe c:\program files\mcafee\mps\mpsevh.exe Script: Quarantine, Delete, BC delete, Terminate 3500 McAfee Privacy Service 9.0 Event Handler Copyright © 2006 McAfee, Inc. ?? 297.54 kb, rsAh, created: 12/7/2007 2:16:01 AM, modified: 4/18/2007 2:08:10 PM Command line: "C:\Program Files\McAfee\MPS\mpsevh.exe" -Embedding c:\windows\system32\nvsvc32.exe Script: Quarantine, Delete, BC delete, Terminate 2736 NVIDIA Driver Helper Service, Version 77.72 © NVIDIA Corporation. All rights reserved. ?? 124.07 kb, rsAh, created: 10/11/2004 4:17:16 AM, modified: 6/15/2005 7:20:00 PM Command line: C:\windows\system32\nvsvc32.exe c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe Script: Quarantine, Delete, BC delete, Terminate 312 McAfee Redirector Service Module Copyright © 2006 McAfee, Inc. ?? 250.09 kb, rsAh, created: 12/7/2007 2:14:23 AM, modified: 3/8/2007 3:42:42 PM Command line: c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe c:\windows\system32\services.exe Script: Quarantine, Delete, BC delete, Terminate 836 Services and Controller app © Microsoft Corporation. All rights reserved. ?? 105.50 kb, rsAh, created: 8/4/2004 7:00:00 AM, modified: 8/4/2004 7:00:00 AM Command line: C:\windows\system32\services.exe c:\program files\aol 9.0b\shellmon.exe Script: Quarantine, Delete, BC delete, Terminate 3320 waolmon Copyright © AOL, LLC 1999 - 2006 ?? 53.55 kb, rsAh, created: 4/18/2007 1:49:05 AM, modified: 4/18/2007 1:49:05 AM Command line: "C:\Program Files\AOL 9.0b\shellmon.exe" c:\program files\spywarefighter\spfprc.exe Script: Quarantine, Delete, BC delete, Terminate 2936 SpywareFighter SpamFighter APS. All rights reserved. ?? 400.90 kb, rsAh, created: 6/8/2007 11:52:14 AM, modified: 6/8/2007 11:52:14 AM Command line: "C:\Program Files\SPYWAREfighter\spfprc.exe" c:\program files\spywarefighter\spftray.exe Script: Quarantine, Delete, BC delete, Terminate 2632 Spywarefighter Tray ?? 112.90 kb, rsAh, created: 6/8/2007 11:52:18 AM, modified: 6/8/2007 11:52:18 AM Command line: "C:\Program Files\SPYWAREfighter\spftray.exe" c:\windows\system32\spoolsv.exe Script: Quarantine, Delete, BC delete, Terminate 1680 Spooler SubSystem App © Microsoft Corporation. All rights reserved. ?? 56.50 kb, rsAh, created: 8/4/2004 7:00:00 AM, modified: 6/10/2005 6:53:32 PM Command line: C:\windows\system32\spoolsv.exe c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate 3000 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 14.00 kb, rsAh, created: 8/4/2004 7:00:00 AM, modified: 8/4/2004 7:00:00 AM Command line: C:\windows\system32\svchost.exe -k imgsvc c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate 1076 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 14.00 kb, rsAh, created: 8/4/2004 7:00:00 AM, modified: 8/4/2004 7:00:00 AM Command line: C:\windows\system32\svchost -k rpcss c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate 1112 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 14.00 kb, rsAh, created: 8/4/2004 7:00:00 AM, modified: 8/4/2004 7:00:00 AM Command line: C:\windows\System32\svchost.exe -k netsvcs c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate 1912 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 14.00 kb, rsAh, created: 8/4/2004 7:00:00 AM, modified: 8/4/2004 7:00:00 AM Command line: C:\windows\System32\svchost.exe -k HTTPFilter c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate 1160 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 14.00 kb, rsAh, created: 8/4/2004 7:00:00 AM, modified: 8/4/2004 7:00:00 AM Command line: C:\windows\system32\svchost.exe -k NetworkService c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate 1304 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 14.00 kb, rsAh, created: 8/4/2004 7:00:00 AM, modified: 8/4/2004 7:00:00 AM Command line: C:\windows\system32\svchost.exe -k LocalService c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate 1000 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 14.00 kb, rsAh, created: 8/4/2004 7:00:00 AM, modified: 8/4/2004 7:00:00 AM Command line: C:\windows\system32\svchost -k DcomLaunch c:\program files\aol 9.0b\waol.exe Script: Quarantine, Delete, BC delete, Terminate 1436 AOL Software Copyright © AOL, LLC 1999 - 2006 ?? 38.55 kb, rsAh, created: 4/18/2007 1:49:07 AM, modified: 4/18/2007 1:49:07 AM Command line: -Brestart c:\windows\system32\winlogon.exe Script: Quarantine, Delete, BC delete, Terminate 792 Windows NT Logon Application © Microsoft Corporation. All rights reserved. ?? 490.50 kb, rsAh, created: 8/4/2004 7:00:00 AM, modified: 8/4/2004 7:00:00 AM Command line: winlogon.exe c:\windows\system32\wbem\wmiprvse.exe Script: Quarantine, Delete, BC delete, Terminate 1036 WMI © Microsoft Corporation. All rights reserved. ?? 213.00 kb, rsAh, created: 6/14/2005 7:31:40 PM, modified: 8/4/2004 7:00:00 AM Command line: C:\WINDOWS\system32\wbem\wmiprvse.exe-Embedding c:\program files\windows media player\wmpnetwk.exe Script: Quarantine, Delete, BC delete, Terminate 3444 Windows Media Player Network Sharing Service © Microsoft Corporation. All rights reserved. ?? 892.00 kb, rsah, created: 10/18/2006 7:05:24 PM, modified: 10/18/2006 7:05:24 PM Command line: "C:\Program Files\Windows Media Player\WMPNetwk.exe" c:\program files\windows media player\wmpnscfg.exe Script: Quarantine, Delete, BC delete, Terminate 2676 Windows Media Player Network Sharing Service Configuration Application © Microsoft Corporation. All rights reserved. ?? 199.50 kb, rsah, created: 10/18/2006 7:05:26 PM, modified: 10/18/2006 7:05:26 PM Command line: "C:\Program Files\Windows Media Player\WMPNSCFG.exe" Detected:47, recognized as trusted 24 Module name Handle Description Copyright MD5 Used by processes C:\Program Files\AOL 9.0b\acfBase.DLL Script: Quarantine, Delete, BC delete 1864368128 acf Module Copyright 2001 -- 1436 C:\Program Files\AOL 9.0b\APPDATA.dll Script: Quarantine, Delete, BC delete 1666973696 AppData Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\comm.dll Script: Quarantine, Delete, BC delete 1610612736 Comm Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\COOLAPI.dll Script: Quarantine, Delete, BC delete 1663041536 Cool Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\coolcore46.dll Script: Quarantine, Delete, BC delete 1074790400 COOL Core Component Library Copyright 1998-2007 AOL LLC -- 1436 C:\Program Files\AOL 9.0b\idleproc.dll Script: Quarantine, Delete, BC delete 1743781888 IDLEPROC DLL Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\manager.dll Script: Quarantine, Delete, BC delete 1729626112 Display Manager Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\ProxyMgr.dll Script: Quarantine, Delete, BC delete 1621098496 ProxyMgr DLL Copyright ¬ 1999 - 2003 -- 1436 C:\Program Files\AOL 9.0b\resource.dll Script: Quarantine, Delete, BC delete 1664090112 RESOURCE Tool Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\shellmon.exe Script: Quarantine, Delete, BC delete 4194304 waolmon Copyright © AOL, LLC 1999 - 2006 ?? 3320 C:\Program Files\AOL 9.0b\supersub.dll Script: Quarantine, Delete, BC delete 1616379904 SuperSub Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\SYNCCORE.dll Script: Quarantine, Delete, BC delete 1645215744 SYNCCORE.DLL Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\TOOL\actvx.rct Script: Quarantine, Delete, BC delete 1779433472 ActiveX Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\TOOL\chat.tol Script: Quarantine, Delete, BC delete 1787822080 Chat Tool Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\TOOL\coretool.rct Script: Quarantine, Delete, BC delete 1342242816 Coretool Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\TOOL\htmlview.tol Script: Quarantine, Delete, BC delete 1777270784 Managed By Tool Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\TOOL\imfdecode.rct Script: Quarantine, Delete, BC delete 1806696448 Imfdecode Tool Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\TOOL\lvi.tol Script: Quarantine, Delete, BC delete 1689255936 LVI Tool Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\TOOL\mip.tol Script: Quarantine, Delete, BC delete 1732771840 MIP Manager Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\TOOL\rich.rct Script: Quarantine, Delete, BC delete 1762131968 Rich Text Tool Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\TOOL\sec.cct Script: Quarantine, Delete, BC delete 1753481216 Security Tool Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\TOOL\talk.tol Script: Quarantine, Delete, BC delete 1649934336 Talk Tool Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\TOOL\www.tol Script: Quarantine, Delete, BC delete 1757806592 WWW Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\waol.dll Script: Quarantine, Delete, BC delete 5242880 AOL Software Copyright © AOL, LLC 1999 - 2006 -- 1436 C:\Program Files\AOL 9.0b\waol.exe Script: Quarantine, Delete, BC delete 4194304 AOL Software Copyright © AOL, LLC 1999 - 2006 ?? 1436 C:\Program Files\AOL 9.0b\xprt5.dll Script: Quarantine, Delete, BC delete 1073741824 XPRT Runtime Library Copyright 1998-2007 AOL LLC -- 1436 C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe Script: Quarantine, Delete, BC delete 4194304 AOL Copyright © 2007 AOL LLC ?? 3140 C:\Program Files\Common Files\AOL\1175982866\ee\AOLSvcMgr.dll Script: Quarantine, Delete, BC delete 1811939328 AOLSvcMgr Copyright © 2007 AOL LLC -- 3140, 1436 c:\program files\common files\aol\1175982866\ee\services\aolsystrayservice\ver3_0_16_1\AOLSysTrayService.dll Script: Quarantine, Delete, BC delete 1742995456 aolsystrayservice EE Service Copyright © 2006 AOL LLC. All rights reserved. -- 3140 c:\program files\common files\aol\1175982866\ee\services\localStorage\ver7_1_6_1\clsSvc.dll Script: Quarantine, Delete, BC delete 1732837376 clssvc EE Service Copyright © 2007 AOL LLC -- 3140 c:\program files\common files\aol\1175982866\ee\services\metrics\ver3_6_16_1\cmls.dll Script: Quarantine, Delete, BC delete 1729495040 Client Metrics Service Copyright © 2006 AOL LLC -- 3140 c:\program files\common files\aol\1175982866\ee\services\notification\ver6_2_6_1\Notify.dll Script: Quarantine, Delete, BC delete 1733230592 Notification Service Copyright © 2006 America Online, Inc. -- 3140 c:\program files\common files\aol\1175982866\ee\services\os\ver5_2_1_1\AOLIdleMon.dll Script: Quarantine, Delete, BC delete 268435456 AolIdleMon EE Service Copyright © 2006 AOL LLC -- 3140 c:\program files\common files\aol\1175982866\ee\services\os\ver5_2_1_1\OS.dll Script: Quarantine, Delete, BC delete 1733492736 os EE Service Copyright © 2006 AOL LLC -- 3140 c:\program files\common files\aol\1175982866\ee\services\suiteFramework\ver4_1_6_1\suiteFramework.dll Script: Quarantine, Delete, BC delete 1735917568 SuiteFramework Service Copyright © 2006 AOL LLC. -- 3140 C:\Program Files\Common Files\AOL\1175982866\ee\xprt5.dll Script: Quarantine, Delete, BC delete 17301504 XPRT Runtime Library Copyright 1998-2007 AOL LLC -- 3140 C:\Program Files\Common Files\AOL\1175982866\ee\xprt6.dll Script: Quarantine, Delete, BC delete 1073741824 XPRT Runtime Library Copyright 1998-2006 AOL LLC -- 3140, 1436 C:\Program Files\Common Files\AOL\ACS\AcsCmn.dll Script: Quarantine, Delete, BC delete 42008576 AOL Connectivity Service Common Code Copyright © 2001-2006 AOL LLC -- 1436 C:\Program Files\Common Files\AOL\ACS\ACSMDiag.dll Script: Quarantine, Delete, BC delete 12517376 AOL Connectivity Service Diagnostics Copyright © 2001-2006 AOL LLC -- 1812 C:\Program Files\Common Files\AOL\ACS\ACSSwu.dll Script: Quarantine, Delete, BC delete 24313856 AOL Connectivity Service Software Update Copyright © 2001-2006 AOL LLC -- 1812 C:\Program Files\Common Files\AOL\ACS\AOLacsd.dll Script: Quarantine, Delete, BC delete 268435456 AOL Connectivity Service Copyright © 2001-2006 AOL LLC -- 1812 C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe Script: Quarantine, Delete, BC delete 4194304 AOL Connectivity Service Copyright © 2001-2006 AOL LLC ?? 1812 C:\Program Files\Common Files\AOL\ACS\xpat.dll Script: Quarantine, Delete, BC delete 3407872 AOL Connectivity Service XML Parser Copyright © 2001-2006 AOL LLC -- 1812 C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll Script: Quarantine, Delete, BC delete 1811546112 AOL Diagnostics Copyright © 1998-2006 - SupportSoft Software, Inc. All Rights Reserved. -- 1812, 3140, 1436 C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe Script: Quarantine, Delete, BC delete 4194304 McAfee HackerWatch Service © McAfee, Inc. All rights reserved. ?? 1952 C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe Script: Quarantine, Delete, BC delete 4194304 HpqSRmon © Hewlett-Packard. All rights reserved. ?? 2648 C:\Program Files\McAfee\MPF\MPFSrv.exe Script: Quarantine, Delete, BC delete 4194304 McAfee Personal Firewall Service Copyright © 2005 McAfee, Inc. All Rights Reserved. ?? 620 C:\Program Files\McAfee\MPS\mpsevh.exe Script: Quarantine, Delete, BC delete 4194304 McAfee Privacy Service 9.0 Event Handler Copyright © 2006 McAfee, Inc. ?? 3500 C:\Program Files\McAfee\MSC\oem\578\Mccobres.dll Script: Quarantine, Delete, BC delete 1715470336 McAfee Co-Branded Resource DLL Copyright © 2006 McAfee, Inc. -- 1476, 2028, 124, 204, 3500 C:\Program Files\McAfee\VirusScan\mcscan32.dll Script: Quarantine, Delete, BC delete 301989888 AV Scanning Engine Copyright © 2007 McAfee, Inc. -- 408 C:\Program Files\SPYWAREfighter\engine.dll Script: Quarantine, Delete, BC delete 268435456 scan engine Copyright © 2005 Anti-Malware Development a.s. -- 2936 C:\Program Files\SPYWAREfighter\spfprc.exe Script: Quarantine, Delete, BC delete 4194304 SpywareFighter SpamFighter APS. All rights reserved. ?? 2936 C:\Program Files\SPYWAREfighter\spfrm.dll Script: Quarantine, Delete, BC delete 10158080 SpyWareFighter RS SpamFighter Aps. All rights reserved. -- 2936, 2632 C:\Program Files\SPYWAREfighter\spftray.exe Script: Quarantine, Delete, BC delete 4194304 Spywarefighter Tray ?? 2632 C:\Program Files\SPYWAREfighter\SPYWAREfighterBO.dll Script: Quarantine, Delete, BC delete 285212672 -- 2936, 2632 C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll Script: Quarantine, Delete, BC delete 343932928 Viewpoint Media Player for Internet Explorer Copyright © 2000 Viewpoint Corporation -- 1436 C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305000D.dll Script: Quarantine, Delete, BC delete 360710144 Viewpoint Media Player Component Manager Copyright © 2000 Viewpoint Corporation -- 1436 C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll Script: Quarantine, Delete, BC delete 549453824 Viewpoint Media Player AOLUserShell Copyright © 2000 Viewpoint Corporation -- 1436 C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll Script: Quarantine, Delete, BC delete 369098752 Viewpoint Media Player Scene Component Copyright © 2000 Viewpoint Corporation -- 1436 C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll Script: Quarantine, Delete, BC delete 385875968 Viewpoint Media Player Rasterizer Component Copyright © 2000 Viewpoint Corporation -- 1436 C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll Script: Quarantine, Delete, BC delete 394264576 Viewpoint Media Player SWFView Component Copyright © 2000 Viewpoint Corporation -- 1436 C:\Program Files\Windows Media Player\WMPNetwk.exe Script: Quarantine, Delete, BC delete 16777216 Windows Media Player Network Sharing Service © Microsoft Corporation. All rights reserved. ?? 3444 C:\Program Files\Windows Media Player\WMPNSCFG.exe Script: Quarantine, Delete, BC delete 16777216 Windows Media Player Network Sharing Service Configuration Application © Microsoft Corporation. All rights reserved. ?? 2676 C:\Program Files\Windows Media Player\wmpnssci.dll Script: Quarantine, Delete, BC delete 335413248 Windows Media Player Network Sharing Service Control Interface DLL © Microsoft Corporation. All rights reserved. -- 2676 c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll Script: Quarantine, Delete, BC delete 1654652928 McAfee Core Proxy Stub Copyright © 2006 McAfee, Inc. -- 1952, 1476, 2028, 124, 204, 408, 492, 620, 2312, 3500, 312 c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll Script: Quarantine, Delete, BC delete 1655701504 McAfee Event Broker Copyright © 2006 McAfee, Inc. -- 228, 408, 492, 620, 2312, 312 c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll Script: Quarantine, Delete, BC delete 1667235840 McAfee HackerWatch Proxy Stub © McAfee, Inc. All rights reserved. -- 1952, 492, 620, 312 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe Script: Quarantine, Delete, BC delete 4194304 McAfee Proxy Service Module Copyright © 2006 McAfee, Inc. ?? 228 c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe Script: Quarantine, Delete, BC delete 4194304 McAfee Network Agent Copyright © 2006 McAfee, Inc. ?? 124 c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL Script: Quarantine, Delete, BC delete 1801453568 McAfee Network Agent Proxy/Stub Copyright © 2006 McAfee, Inc. -- 124, 204 c:\PROGRA~1\COMMON~1\mcafee\mna\mcuj.dll Script: Quarantine, Delete, BC delete 1800404992 McAfee Unified Join Copyright © 2006 McAfee, Inc. -- 124 C:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll Script: Quarantine, Delete, BC delete 1650458624 McAfee Utility DLL Copyright © 2006 McAfee, Inc. -- 124, 204 C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll Script: Quarantine, Delete, BC delete 1652555776 Sqlite3 Database Module Copyright © 2006 McAfee, Inc. -- 2028 c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirps.dll Script: Quarantine, Delete, BC delete 1644167168 McAfee Redirector Service Proxy Stub Copyright © 2006 McAfee, Inc. -- 228, 312 c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe Script: Quarantine, Delete, BC delete 4194304 McAfee Redirector Service Module Copyright © 2006 McAfee, Inc. ?? 312 c:\PROGRA~1\mcafee.com\agent\mcagent.exe Script: Quarantine, Delete, BC delete 4194304 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. ?? 1476 c:\PROGRA~1\mcafee.com\agent\mcagntps.dll Script: Quarantine, Delete, BC delete 1711276032 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. -- 1476 c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll Script: Quarantine, Delete, BC delete 1665138688 McAfee Personal Firewall Plus Copyright © 2005 McAfee, Inc. All Rights Reserved. -- 620 C:\PROGRA~1\McAfee\MPS\mps.exe Script: Quarantine, Delete, BC delete 4194304 McAfee Privacy Service 9.0 Copyright © 2006 McAfee, Inc. ?? 2312 c:\PROGRA~1\mcafee\mps\mpsmisp.dll Script: Quarantine, Delete, BC delete 1681915904 McAfee Privacy Service 9.0 Copyright © 2006 McAfee, Inc. -- 3500 c:\PROGRA~1\mcafee\mps\mpsppm.dll Script: Quarantine, Delete, BC delete 1682964480 MPS Proxy Plugin Module Copyright © 2006 McAfee, Inc. -- 228 c:\PROGRA~1\mcafee\mps\mpsps.dll Script: Quarantine, Delete, BC delete 1684013056 McAfee Privacy Service 9.0 Proxy Stub Copyright © 2006 McAfee, Inc. -- 2312, 3500 C:\PROGRA~1\McAfee\MSC\McAltLib.dll Script: Quarantine, Delete, BC delete 1712324608 MISP Alert Library Copyright © 2006 McAfee, Inc. -- 3500 c:\PROGRA~1\mcafee\msc\mccfgpv.dll Script: Quarantine, Delete, BC delete 1714421760 MISP Default Configuration Provider Copyright © 2006 McAfee, Inc. -- 1476 C:\PROGRA~1\McAfee\MSC\Mccobres.dll Script: Quarantine, Delete, BC delete 13107200 McAfee Co-Branded Resource DLL Copyright © 2006 McAfee, Inc. -- 1476, 2028, 124, 204, 3500 c:\PROGRA~1\mcafee\msc\mcdbmgr.dll Script: Quarantine, Delete, BC delete 1719664640 McAfee Log Database Manager Copyright © 2006 McAfee, Inc. -- 2028 C:\PROGRA~1\McAfee\MSC\McLocRes.dll Script: Quarantine, Delete, BC delete 1716518912 McAfee Localized Resource DLL Copyright © 2006 McAfee, Inc. -- 1476, 2028, 124, 204, 3500 c:\PROGRA~1\mcafee\msc\mcmismgr.dll Script: Quarantine, Delete, BC delete 1718616064 McAfee Misc Manager Copyright © 2006 McAfee, Inc. -- 124 c:\PROGRA~1\mcafee\msc\mcmispps.dll Script: Quarantine, Delete, BC delete 1721761792 McAfee MISP Proxy Stub DLL Copyright © 2006 McAfee, Inc. -- 1476, 2028, 124, 204, 408, 492, 620, 3500 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe Script: Quarantine, Delete, BC delete 4194304 MISP User Manager Copyright © 2006 McAfee, Inc. ?? 2028 C:\PROGRA~1\McAfee\MSC\McNmcCoR.dll Script: Quarantine, Delete, BC delete 35454976 McAfee NMC Co-Branded Resource DLL Copyright © 2006 McAfee, Inc. -- 124, 204 C:\PROGRA~1\McAfee\MSC\McNmcLoR.dll Script: Quarantine, Delete, BC delete 35323904 McAfee NMC Localized Resource DLL Copyright © 2006 McAfee, Inc. -- 124, 204 c:\PROGRA~1\mcafee\msc\mcnmcprv.dll Script: Quarantine, Delete, BC delete 37879808 McAfee NMC Provider Copyright © 2006 McAfee, Inc. -- 204 C:\PROGRA~1\McAfee\MSC\McNmcRes.dll Script: Quarantine, Delete, BC delete 34930688 McAfee NMC Resource DLL Copyright © 2006 McAfee, Inc. -- 124, 204 c:\PROGRA~1\mcafee\msc\mcnmcsps.dll Script: Quarantine, Delete, BC delete 15794176 McAfee NMC Server Proxy Stub Copyright © 2006 McAfee, Inc. -- 124, 204 c:\PROGRA~1\mcafee\msc\mcnmcsrv.dll Script: Quarantine, Delete, BC delete 268435456 McAfee NMC Server Copyright © 2006 McAfee, Inc. -- 124 C:\PROGRA~1\McAfee\MSC\McProHlp.dll Script: Quarantine, Delete, BC delete 1725956096 Mc Security Index Copyright © 2006 McAfee, Inc. -- 204 C:\PROGRA~1\McAfee\MSC\mcpromgr.exe Script: Quarantine, Delete, BC delete 4194304 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. ?? 204 c:\PROGRA~1\mcafee\msc\mcprotpv.dll Script: Quarantine, Delete, BC delete 1727004672 MISP Default Protection Provider Copyright © 2006 McAfee, Inc. -- 204 c:\PROGRA~1\mcafee\msc\mcregobj\7_2_14~1\mcregobj.dll Script: Quarantine, Delete, BC delete 1729101824 MISP Registration Component Copyright © 2006 McAfee, Inc. -- 1476, 124 C:\PROGRA~1\McAfee\MSC\McRes.dll Script: Quarantine, Delete, BC delete 1730150400 McAfee Non-Localized Resource DLL Copyright © 2006 McAfee, Inc. -- 1476, 2028, 124, 204, 3500 c:\PROGRA~1\mcafee\msc\mcshllps.dll Script: Quarantine, Delete, BC delete 1731198976 McAfee McShell Proxy Stub DLL Copyright © 2006 McAfee, Inc. -- 124, 204 c:\PROGRA~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll Script: Quarantine, Delete, BC delete 1733296128 McAfee Subscription manager module Copyright © 2006 McAfee, Inc. -- 1476, 124, 204, 408, 492 c:\PROGRA~1\mcafee\msc\mcuicfg.dll Script: Quarantine, Delete, BC delete 1734344704 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. -- 1476 C:\PROGRA~1\McAfee\VIRUSS~1\FTL.Dll Script: Quarantine, Delete, BC delete 336068608 File Filter Library Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408 C:\PROGRA~1\McAfee\VIRUSS~1\LockDown.dll Script: Quarantine, Delete, BC delete 336461824 Provides self-protection functionality Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408 C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe Script: Quarantine, Delete, BC delete 4194304 McAfee VirusScan - On Demand Scan Copyright © 2006 McAfee, Inc. ?? 188 C:\PROGRA~1\McAfee\VIRUSS~1\McQtLib.dll Script: Quarantine, Delete, BC delete 1621098496 McAfee Quarantine Library Copyright © 2006 McAfee, Inc. -- 408 C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe Script: Quarantine, Delete, BC delete 4194304 On-Access Scanner service Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. ?? 408 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe Script: Quarantine, Delete, BC delete 4194304 McAfee SystemGuards Service Copyright © 2006 McAfee, Inc. ?? 492 c:\PROGRA~1\mcafee\VIRUSS~1\mcvsps.dll Script: Quarantine, Delete, BC delete 1624244224 McAfee VirusScan Proxy Stub dll Copyright © 2006 McAfee, Inc. -- 408, 492 c:\PROGRA~1\mcafee\VIRUSS~1\mcvsqt.dll Script: Quarantine, Delete, BC delete 1625292800 McAfee VirusScan Quarantine Interface Copyright © 2006 McAfee, Inc. -- 408 C:\PROGRA~1\McAfee\VIRUSS~1\mfeavfa.dll Script: Quarantine, Delete, BC delete 1862205440 Anti Virus File System Filter Driver API Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408 C:\PROGRA~1\McAfee\VIRUSS~1\mfebopa.dll Script: Quarantine, Delete, BC delete 1614610432 Buffer Overflow Protection Service Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408 C:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll Script: Quarantine, Delete, BC delete 1713635328 Host Intrusion Detection Link Driver Communication Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408, 492 C:\PROGRA~1\McAfee\VIRUSS~1\mfesmfa.dll Script: Quarantine, Delete, BC delete 1786970112 System Monitor Filter Driver API Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 492 c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll Script: Quarantine, Delete, BC delete 1627389952 McAfee Configuration Object Tool Copyright © 2006 McAfee, Inc. -- 408, 492 C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll Script: Quarantine, Delete, BC delete 1630535680 McAfee VirusScan Log Helper Copyright © 2006 McAfee, Inc. -- 408, 492 C:\PROGRA~1\McAfee\VIRUSS~1\mytilus.dll Script: Quarantine, Delete, BC delete 337117184 Common Shell - Scanners' interface to the engine Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408 C:\PROGRA~1\McAfee\VIRUSS~1\mytilus2.dll Script: Quarantine, Delete, BC delete 337772544 Common Shell2 - Scanners' interface to the 5000 series engine Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408 C:\PROGRA~1\McAfee\VIRUSS~1\naiann.dll Script: Quarantine, Delete, BC delete 1636827136 McAfee VirusScan Announcer Copyright © 2006 McAfee, Inc. -- 408 c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll Script: Quarantine, Delete, BC delete 1637875712 McAfee VirusScan Announcer Proxy Stub dll Copyright © 2006 McAfee, Inc. -- 408 C:\PROGRA~1\McAfee\VIRUSS~1\RES00\McShield.dll Script: Quarantine, Delete, BC delete 336592896 Resources for McShield Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408 c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll Script: Quarantine, Delete, BC delete 340328448 VSCore Script Scanner Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 944, 1436 C:\PROGRA~1\McAfee\VIRUSS~1\scriptsv.dll Script: Quarantine, Delete, BC delete 340328448 VSCore Script Scanner Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408 C:\windows\Explorer.EXE Script: Quarantine, Delete, BC delete 16777216 Windows Explorer © Microsoft Corporation. All rights reserved. ?? 944 C:\windows\system32\BROWSEUI.dll Script: Quarantine, Delete, BC delete 1979187200 Shell Browser UI Library © Microsoft Corporation. All rights reserved. -- 944 C:\windows\system32\comctl32.dll Script: Quarantine, Delete, BC delete 1560870912 Common Controls Library © Microsoft Corporation. All rights reserved. -- 1560, 2932, 1812, 3140, 2616, 944, 2648, 2640, 1952, 2656, 848, 1476, 2028, 124, 188, 204, 228, 408, 492, 620, 2312, 3500, 2736, 312, 3320, 2936, 2632, 1680, 3000, 1076, 1112, 1912, 1160, 1304, 1000, 1436, 792, 1036, 3444 c:\windows\system32\dhcpcsvc.dll Script: Quarantine, Delete, BC delete 1993867264 DHCP Client Service © Microsoft Corporation. All rights reserved. -- 1112 C:\windows\system32\DNSAPI.dll Script: Quarantine, Delete, BC delete 1995571200 DNS Client API DLL © Microsoft Corporation. All rights reserved. -- 1812, 3140, 2628, 1952, 848, 124, 204, 492, 2936, 1680, 1076, 1112, 1160, 1036 C:\windows\system32\Dunzip32.dll Script: Quarantine, Delete, BC delete 805306368 DynaZIP-32 Multi-Threading UnZIP DLL Copyright © 1995 - 2004 by Inner Media, Inc. All Rights Reserved. -- 2312 C:\WINDOWS\system32\Dxtmsft.dll Script: Quarantine, Delete, BC delete 902496256 DirectX Media -- Image DirectX Transforms © Microsoft Corporation. All rights reserved. -- 1436 C:\WINDOWS\system32\Dxtrans.dll Script: Quarantine, Delete, BC delete 1108082688 DirectX Media -- DirectX Transform Core © Microsoft Corporation. All rights reserved. -- 1436 c:\windows\system32\ESENT.dll Script: Quarantine, Delete, BC delete 1617625088 Server Database Storage Engine © Microsoft Corporation. All rights reserved. -- 1112 C:\windows\system32\GDI32.dll Script: Quarantine, Delete, BC delete 2012282880 GDI Client DLL © Microsoft Corporation. All rights reserved. -- 1560, 2932, 1812, 3140, 2616, 2628, 768, 2664, 944, 2648, 2640, 2848, 1952, 2656, 848, 1476, 2028, 124, 188, 204, 228, 408, 492, 620, 2312, 3500, 2736, 312, 836, 3320, 2936, 2632, 1680, 3000, 1076, 1112, 1912, 1160, 1304, 1000, 1436, 792, 1036, 3444, 2676 C:\windows\system32\hpz3l463.dll Script: Quarantine, Delete, BC delete 9895936 LanguageMonitor Copyright © 1999 -- 1680 C:\windows\system32\hpz3l4pi.dll Script: Quarantine, Delete, BC delete 9961472 LanguageMonitor Copyright © 1999 -- 1680 C:\windows\system32\ieframe.dll Script: Quarantine, Delete, BC delete 1122959360 Internet Explorer © Microsoft Corporation. All rights reserved. -- 944, 1436 C:\windows\system32\iertutil.dll Script: Quarantine, Delete, BC delete 1117323264 Run time utility for Internet Explorer © Microsoft Corporation. All rights reserved. -- 1560, 1812, 2616, 2628, 944, 2656, 1476, 124, 204, 620, 1112, 1304, 1436 C:\windows\system32\iphlpapi.dll Script: Quarantine, Delete, BC delete 1993736192 IP Helper API © Microsoft Corporation. All rights reserved. -- 1812, 3140, 2616, 2628, 944, 848, 2028, 124, 188, 620, 2736, 2936, 2632, 1076, 1112, 1160, 1304, 1000, 1436, 792, 3444 C:\windows\system32\jgdw400.dll Script: Quarantine, Delete, BC delete 60620800 JG ART DLL Copyright © 1997 America Online, Inc. -- 1436 C:\windows\system32\jgpl400.dll Script: Quarantine, Delete, BC delete 60555264 JG ART Player DLL ©1996 AOL/Johnson-Grace Company -- 1436 C:\windows\system32\JScript.dll Script: Quarantine, Delete, BC delete 1664614400 Microsoft ® JScript Copyright © Microsoft Corp. 1996-2006, All Rights Reserved -- 944, 1436 C:\windows\system32\kernel32.dll Script: Quarantine, Delete, BC delete 2088763392 Windows NT BASE API Client DLL © Microsoft Corporation. All rights reserved. -- 1560, 2932, 1812, 3140, 2616, 2628, 768, 2664, 944, 2648, 2640, 2848, 1952, 2656, 848, 1476, 2028, 124, 188, 204, 228, 408, 492, 620, 2312, 3500, 2736, 312, 836, 3320, 2936, 2632, 1680, 3000, 1076, 1112, 1912, 1160, 1304, 1000, 1436, 792, 1036, 3444, 2676 C:\windows\system32\LSASRV.dll Script: Quarantine, Delete, BC delete 1970470912 LSA Server DLL © Microsoft Corporation. All rights reserved. -- 848 C:\windows\system32\MFPlat.DLL Script: Quarantine, Delete, BC delete 200212480 Media Foundation Platform DLL © Microsoft Corporation. All rights reserved. -- 3444 C:\WINDOWS\system32\mshtml.dll Script: Quarantine, Delete, BC delete 1130168320 Microsoft ® HTML Viewer © Microsoft Corporation. All rights reserved. -- 1436 C:\WINDOWS\system32\mshtmled.dll Script: Quarantine, Delete, BC delete 1119420416 Microsoft® HTML Editing Component © Microsoft Corporation. All rights reserved. -- 1436 C:\windows\system32\msi.dll Script: Quarantine, Delete, BC delete 2099118080 Windows Installer © Microsoft Corporation. All rights reserved. -- 3140, 944, 124, 204, 2312, 3500, 2936, 2632, 1112, 1436, 3444 C:\WINDOWS\system32\msls31.dll Script: Quarantine, Delete, BC delete 1953234944 Microsoft Line Services library file Copyright © Microsoft Corp. 1996-1999 -- 1436 C:\windows\system32\msxml3.dll Script: Quarantine, Delete, BC delete 1956118528 MSXML 3.0 SP9 Copyright © Microsoft Corporation. 1981-2007 -- 1476, 492, 3500, 1436 C:\WINDOWS\system32\MTXCLU.DLL Script: Quarantine, Delete, BC delete 1963917312 MS DTC amd MTS clustering support DLL Copyright © Microsoft Corp. 1995-1998 -- 1112 C:\windows\system32\NETAPI32.dll Script: Quarantine, Delete, BC delete 1535508480 Net Win32 API DLL © Microsoft Corporation. All rights reserved. -- 1812, 3140, 2628, 944, 2648, 1952, 848, 1476, 2028, 124, 188, 204, 228, 408, 492, 620, 2312, 3500, 2736, 312, 836, 2936, 1680, 3000, 1112, 1304, 1000, 1436, 792, 1036, 3444, 2676 C:\windows\system32\OLEAUT32.dll Script: Quarantine, Delete, BC delete 1997668352 Copyright © Microsoft Corp. 1993-2001. -- 2932, 1812, 3140, 2616, 2628, 2664, 944, 2648, 1952, 2656, 848, 1476, 2028, 124, 188, 204, 228, 408, 492, 620, 2312, 3500, 312, 2936, 2632, 1680, 3000, 1076, 1112, 1912, 1160, 1304, 1000, 1436, 792, 1036, 3444, 2676 C:\WINDOWS\system32\PortableDeviceTypes.dll Script: Quarantine, Delete, BC delete 278659072 Windows Portable Device (Parameter) Types Component © Microsoft Corporation. All rights reserved. -- 944 C:\windows\System32\rasmans.dll Script: Quarantine, Delete, BC delete 2113077248 Remote Access Connection Manager © Microsoft Corporation. All rights reserved. -- 1112 C:\windows\system32\RPCRT4.dll Script: Quarantine, Delete, BC delete 2011627520 Remote Procedure Call Runtime © Microsoft Corporation. All rights reserved. -- 1560, 2932, 1812, 3140, 2616, 2628, 768, 2664, 944, 2648, 2640, 2848, 1952, 2656, 848, 1476, 2028, 124, 188, 204, 228, 408, 492, 620, 2312, 3500, 2736, 312, 836, 3320, 2936, 2632, 1680, 3000, 1076, 1112, 1912, 1160, 1304, 1000, 1436, 792, 1036, 3444, 2676 C:\windows\system32\schannel.dll Script: Quarantine, Delete, BC delete 1988034560 TLS / SSL Security Provider © Microsoft Corporation. All rights reserved. -- 848, 1112 C:\windows\system32\SHDOCVW.dll Script: Quarantine, Delete, BC delete 2004221952 Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. -- 944 C:\windows\system32\SHELL32.dll Script: Quarantine, Delete, BC delete 2090598400 Windows Shell Common Dll © Microsoft Corporation. All rights reserved. -- 1560, 2932, 1812, 3140, 2616, 2628, 2664, 944, 2648, 2640, 1952, 2656, 848, 1476, 2028, 124, 204, 408, 492, 620, 2312, 3500, 2936, 2632, 1680, 3000, 1076, 1112, 1912, 1160, 1304, 1000, 1436, 792, 1036, 3444 C:\windows\system32\SHLWAPI.dll Script: Quarantine, Delete, BC delete 2012610560 Shell Light-weight Utility Library © Microsoft Corporation. All rights reserved. -- 1560, 2932, 1812, 3140, 2616, 2628, 2664, 944, 2648, 2640, 1952, 2656, 848, 1476, 2028, 124, 188, 204, 228, 408, 492, 620, 2312, 3500, 2736, 312, 3320, 2936, 2632, 1680, 3000, 1076, 1112, 1912, 1160, 1304, 1000, 1436, 792, 1036, 3444, 2676 c:\windows\system32\shsvcs.dll Script: Quarantine, Delete, BC delete 2003697664 Windows Shell Services Dll © Microsoft Corporation. All rights reserved. -- 1112, 792 C:\windows\System32\spool\PRTPROCS\W32X86\hpzpp463.dll Script: Quarantine, Delete, BC delete 13828096 Copyright © Hewlett-Packard Corp. 1997-2002 -- 1680 C:\windows\System32\spool\PRTPROCS\W32X86\hpzpp4pi.dll Script: Quarantine, Delete, BC delete 13959168 Copyright © Hewlett-Packard Corp. 1997-2002 -- 1680 C:\windows\system32\sxs.dll Script: Quarantine, Delete, BC delete 1978204160 Fusion 2.5 © Microsoft Corporation. All rights reserved. -- 768, 944, 188, 204, 408, 492, 620, 2312, 3500, 2936, 2632, 1112, 1436, 792, 3444 c:\windows\system32\upnphost.dll Script: Quarantine, Delete, BC delete 1656684544 UPnP Device Host © Microsoft Corporation. All rights reserved. -- 1304 C:\windows\system32\urlmon.dll Script: Quarantine, Delete, BC delete 1120862208 OLE32 Extensions for Win32 © Microsoft Corporation. All rights reserved. -- 944, 204, 620, 1436 C:\windows\system32\USER32.dll Script: Quarantine, Delete, BC delete 2118189056 Windows XP USER API Client DLL © Microsoft Corporation. All rights reserved. -- 1560, 2932, 1812, 3140, 2616, 2628, 768, 2664, 944, 2648, 2640, 2848, 1952, 2656, 848, 1476, 2028, 124, 188, 204, 228, 408, 492, 620, 2312, 3500, 2736, 312, 836, 3320, 2936, 2632, 1680, 3000, 1076, 1112, 1912, 1160, 1304, 1000, 1436, 792, 1036, 3444, 2676 C:\windows\system32\vb script: Quarantine, Delete, BC delete 1932525568 Microsoft ® vb script: Quarantine, Delete, BC delete 1949827072 Microsoft Digest Access © Microsoft Corporation. All rights reserved. -- 848 C:\WINDOWS\system32\webcheck.dll Script: Quarantine, Delete, BC delete 1122238464 Web Site Monitor © Microsoft Corporation. All rights reserved. -- 944 c:\windows\system32\webclnt.dll Script: Quarantine, Delete, BC delete 1517158400 Web DAV Service DLL © Microsoft Corporation. All rights reserved. -- 1304 c:\windows\system32\wiaservc.dll Script: Quarantine, Delete, BC delete 1974075392 Still Image Devices Service © Microsoft Corporation. All rights reserved. -- 3000 C:\windows\system32\WININET.dll Script: Quarantine, Delete, BC delete 1119944704 Internet Extensions for Win32 © Microsoft Corporation. All rights reserved. -- 1560, 1812, 2616, 2628, 944, 2656, 1476, 124, 204, 620, 1112, 1304, 1436 C:\windows\system32\winsrv.dll Script: Quarantine, Delete, BC delete 1974861824 Windows Server DLL © Microsoft Corporation. All rights reserved. -- 768 c:\windows\system32\wkssvc.dll Script: Quarantine, Delete, BC delete 1994653696 Workstation Service DLL © Microsoft Corporation. All rights reserved. -- 1112 C:\WINDOWS\system32\wmp.dll Script: Quarantine, Delete, BC delete 311754752 Windows Media Player © Microsoft Corporation. All rights reserved. -- 3444 C:\WINDOWS\system32\wmploc.dll Script: Quarantine, Delete, BC delete 326369280 Windows Media Player Resources © Microsoft Corporation. All rights reserved. -- 3444 C:\windows\system32\wmpmde.dll Script: Quarantine, Delete, BC delete 334692352 WMPMDE DLL © Microsoft Corporation. All rights reserved. -- 3444 C:\WINDOWS\system32\wmpps.dll Script: Quarantine, Delete, BC delete 335740928 Windows Media Player Proxy Stub Dll © Microsoft Corporation. All rights reserved. -- 3444 C:\WINDOWS\system32\WPDShServiceObj.dll Script: Quarantine, Delete, BC delete 373948416 Windows Portable Device Shell Service Object © Microsoft Corporation. All rights reserved. -- 944 C:\windows\system32\wuaueng.dll Script: Quarantine, Delete, BC delete 1342439424 Windows Update Agent © Microsoft Corporation. All rights reserved. -- 1112 C:\WINDOWS\system32\wups2.dll Script: Quarantine, Delete, BC delete 1357250560 Windows Update client proxy stub 2 © Microsoft Corporation. All rights reserved. -- 1112 C:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\MSVCP80.dll Script: Quarantine, Delete, BC delete 2084700160 Microsoft® C++ Runtime Library © Microsoft Corporation. All rights reserved. -- 2648 C:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\MSVCR80.dll Script: Quarantine, Delete, BC delete 2014511104 Microsoft® C Runtime Library © Microsoft Corporation. All rights reserved. -- 2648 C:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll Script: Quarantine, Delete, BC delete 2000486400 User Experience Controls Library © Microsoft Corporation. All rights reserved. -- 1560, 2932, 1812, 3140, 2616, 2628, 2664, 944, 2648, 2640, 1952, 2656, 848, 1476, 2028, 124, 188, 204, 228, 408, 492, 620, 2312, 3500, 2736, 312, 3320, 2936, 2632, 1680, 3000, 1076, 1112, 1912, 1160, 1304, 1000, 1436, 792, 1036, 3444, 2676 Modules detected:433, recognized as trusted 247 Kernel space modules Module Base address Size in memory Description Manufacturer C:\windows\System32\Drivers\dump_atapi.sys Script: Quarantine, Delete, BC delete F45AB000 018000 (98304) C:\windows\System32\Drivers\dump_WMILIB.SYS Script: Quarantine, Delete, BC delete F7B2C000 002000 (8192) C:\windows\system32\Drivers\fltMgr.sys Script: Quarantine, Delete, BC delete F7445000 020000 (131072) Microsoft Filesystem Filter Manager © Microsoft Corporation. All rights reserved. C:\windows\System32\Drivers\HTTP.sys Script: Quarantine, Delete, BC delete BA1D2000 041000 (266240) HTTP Protocol Stack © Microsoft Corporation. All rights reserved. C:\windows\system32\drivers\kmixer.sys Script: Quarantine, Delete, BC delete B7B78000 02B000 (176128) Kernel Mode Audio Mixer © Microsoft Corporation. All rights reserved. C:\windows\system32\drivers\mfeavfk.sys Script: Quarantine, Delete, BC delete BA308000 010000 (65536) Anti-Virus File System Filter Driver Copyright© 1995-2006 McAfee, Inc. All Rights Reserved. C:\windows\system32\drivers\mfebopk.sys Script: Quarantine, Delete, BC delete F78EC000 007000 (28672) Buffer Overflow Protection Driver Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. C:\windows\system32\drivers\mfehidk.sys Script: Quarantine, Delete, BC delete B9D0C000 029000 (167936) Host Intrusion Detection Link Driver Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. C:\windows\system32\drivers\mfesmfk.sys Script: Quarantine, Delete, BC delete F78DC000 008000 (32768) System Monitor Filter Driver Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. C:\windows\System32\Drivers\Mpfp.sys Script: Quarantine, Delete, BC delete F47DB000 023000 (143360) McAfee Personal Firewall Plus Driver Copyright © 2005 McAfee, Inc. All rights reserved. C:\windows\system32\DRIVERS\mrxsmb.sys Script: Quarantine, Delete, BC delete F462F000 06F000 (454656) Windows NT SMB Minirdr © Microsoft Corporation. All rights reserved. C:\windows\system32\Drivers\Ntfs.sys Script: Quarantine, Delete, BC delete F738F000 08D000 (577536) NT File System Driver © Microsoft Corporation. All rights reserved. C:\windows\system32\ntkrnlpa.exe Script: Quarantine, Delete, BC delete 804D7000 1F6580 (2057600) NT Kernel & System © Microsoft Corporation. All rights reserved. C:\windows\system32\drivers\nvapu.sys Script: Quarantine, Delete, BC delete F6B81000 066000 (417792) NVIDIA® nForce Audio Driver Copyright© 2000-2005 NVIDIA Corporation C:\windows\system32\drivers\nvarm.sys Script: Quarantine, Delete, BC delete F6A6A000 011000 (69632) NVIDIA® nForce APU Resource Manager Copyright© 2000-2005 NVIDIA Corporation C:\windows\system32\drivers\nvax.sys Script: Quarantine, Delete, BC delete F783C000 00E000 (57344) NVIDIA® nForce MCP Audio Enumerator Copyright© 2000-2005 NVIDIA Corporation C:\windows\system32\DRIVERS\NVENETFD.sys Script: Quarantine, Delete, BC delete F777C000 009000 (36864) NVIDIA Networking Function Driver. Copyright © 2001-2003 NVIDIA Corporation C:\windows\system32\drivers\nvmcp.sys Script: Quarantine, Delete, BC delete F6A7B000 0E2000 (925696) NVIDIA® nForce MCP APU Audio Library Copyright© 2000-2005 NVIDIA Corporation C:\windows\system32\DRIVERS\nvnetbus.sys Script: Quarantine, Delete, BC delete F7AB8000 004000 (16384) NVIDIA Networking Bus Driver. Copyright © 2001-2003 NVIDIA Corporation C:\windows\system32\DRIVERS\NVNRM.SYS Script: Quarantine, Delete, BC delete F71A7000 044000 (278528) NVIDIA Network Resource Manager. Copyright © 2001-2003 NVIDIA Corporation C:\windows\system32\DRIVERS\NVSNPU.SYS Script: Quarantine, Delete, BC delete F7174000 033000 (208896) NVIDIA Networking Soft-NPU Driver. Copyright © 2001-2003 NVIDIA Corporation C:\windows\system32\DRIVERS\rdbss.sys Script: Quarantine, Delete, BC delete F46C6000 02B000 (176128) Redirected Drive Buffering SubSystem Driver © Microsoft Corporation. All rights reserved. C:\Program Files\SPYWAREfighter\spyfighter.sys Script: Quarantine, Delete, BC delete F78C4000 005000 (20480) C:\windows\system32\DRIVERS\srv.sys Script: Quarantine, Delete, BC delete BA0B8000 052000 (335872) Server driver © Microsoft Corporation. All rights reserved. C:\windows\system32\DRIVERS\wanatw4.sys Script: Quarantine, Delete, BC delete F7934000 006000 (24576) Wan Miniport (ATW) Copyright © 2001-2002 America Online, Inc. C:\windows\system32\drivers\wdmaud.sys Script: Quarantine, Delete, BC delete B9D83000 015000 (86016) MMSYSTEM Wave/Midi API mapper © Microsoft Corporation. All rights reserved. C:\windows\System32\win32k.sys Script: Quarantine, Delete, BC delete BF800000 1C3000 (1847296) Multi-User Win32 Driver © Microsoft Corporation. All rights reserved. C:\windows\system32\DRIVERS\WniHdd51.sys Script: Quarantine, Delete, BC delete F71EB000 0CE000 (843776) Airgo Networks True MIMO Wireless Adapter Copyright © Airgo Networks, Inc.,2004 Modules detected - 132, recognized as trusted - 104 Services Service Description Status File Group Dependencies AOL ACS Service: Stop, Delete, Disable AOL Connectivity Service Running C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe Script: Quarantine, Delete, BC delete McAfee HackerWatch Service Service: Stop, Delete, Disable McAfee HackerWatch Service Running C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe Script: Quarantine, Delete, BC delete RPCSS mcmscsvc Service: Stop, Delete, Disable McAfee Services Running C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe Script: Quarantine, Delete, BC delete McNASvc Service: Stop, Delete, Disable McAfee Network Agent Running c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe Script: Quarantine, Delete, BC delete RPCSS McODS Service: Stop, Delete, Disable McAfee Scanner Running C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe Script: Quarantine, Delete, BC delete mcpromgr Service: Stop, Delete, Disable McAfee Protection Manager Running C:\PROGRA~1\McAfee\MSC\mcpromgr.exe Script: Quarantine, Delete, BC delete McProxy Service: Stop, Delete, Disable McAfee Proxy Service Running c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe Script: Quarantine, Delete, BC delete McRedirector Service: Stop, Delete, Disable McAfee Redirector Service Running c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe Script: Quarantine, Delete, BC delete McShield Service: Stop, Delete, Disable McAfee Real-time Scanner Running C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe Script: Quarantine, Delete, BC delete McSysmon Service: Stop, Delete, Disable McAfee SystemGuards Running C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe Script: Quarantine, Delete, BC delete MpfService Service: Stop, Delete, Disable McAfee Personal Firewall Service Running C:\Program Files\McAfee\MPF\MPFSrv.exe Script: Quarantine, Delete, BC delete MPS9 Service: Stop, Delete, Disable McAfee Privacy Service Running C:\PROGRA~1\McAfee\MPS\mps.exe Script: Quarantine, Delete, BC delete McProxy SPYWAREfighterRP Service: Stop, Delete, Disable SPYWAREfighterRP Running C:\Program Files\SPYWAREfighter\spfprc.exe Script: Quarantine, Delete, BC delete RPCSS WMPNetworkSvc Service: Stop, Delete, Disable Windows Media Player Network Sharing Service Running C:\Program Files\Windows Media Player\WMPNetwk.exe Script: Quarantine, Delete, BC delete upnphost Adobe LM Service Service: Stop, Delete, Disable Adobe LM Service Not started C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe Script: Quarantine, Delete, BC delete ATI Smart Service: Stop, Delete, Disable ATI Smart Not started C:\WINDOWS\system32\ati2sgag.exe Script: Quarantine, Delete, BC delete Emproxy Service: Stop, Delete, Disable McAfee E-mail Proxy Not started C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe Script: Quarantine, Delete, BC delete iPod Service Service: Stop, Delete, Disable iPod Service Not started iPod Service.sys Script: Quarantine, Delete, BC delete RpcSs mcmispupdmgr Service: Stop, Delete, Disable McAfee Update Manager Not started C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe Script: Quarantine, Delete, BC delete Detected - 102, recognized as trusted - 83 Drivers Service Description Status File Group Dependencies Airgo Driver: Unload, Delete, Disable Wireless-G PCI Adapter with SRX Driver Running C:\windows\system32\DRIVERS\WniHdd51.sys Script: Quarantine, Delete, BC delete NDIS FltMgr Driver: Unload, Delete, Disable FltMgr Running C:\windows\system32\DRIVERS\fltMgr.sys Script: Quarantine, Delete, BC delete FSFilter Infrastructure HTTP Driver: Unload, Delete, Disable HTTP Running C:\windows\system32\Drivers\HTTP.sys Script: Quarantine, Delete, BC delete kmixer Driver: Unload, Delete, Disable Microsoft Kernel Wave Audio Mixer Running C:\windows\system32\drivers\kmixer.sys Script: Quarantine, Delete, BC delete mfeavfk Driver: Unload, Delete, Disable McAfee Inc. Running C:\windows\system32\drivers\mfeavfk.sys Script: Quarantine, Delete, BC delete mfebopk Driver: Unload, Delete, Disable McAfee Inc. Running C:\windows\system32\drivers\mfebopk.sys Script: Quarantine, Delete, BC delete mfehidk Driver: Unload, Delete, Disable McAfee Inc. Running C:\windows\system32\drivers\mfehidk.sys Script: Quarantine, Delete, BC delete mfesmfk Driver: Unload, Delete, Disable McAfee Inc. Running C:\windows\system32\drivers\mfesmfk.sys Script: Quarantine, Delete, BC delete MPFP Driver: Unload, Delete, Disable MPFP Running C:\windows\system32\Drivers\Mpfp.sys Script: Quarantine, Delete, BC delete PNP_TDI TcpIp MRxSmb Driver: Unload, Delete, Disable MRxSmb Running C:\windows\system32\DRIVERS\mrxsmb.sys Script: Quarantine, Delete, BC delete Network Ntfs Driver: Unload, Delete, Disable Ntfs Running C:\windows\system32\Drivers\Ntfs.sys Script: Quarantine, Delete, BC delete File system nvax Driver: Unload, Delete, Disable Service for NVIDIA® nForce Audio Enumerator Running C:\windows\system32\drivers\nvax.sys Script: Quarantine, Delete, BC delete NVENETFD Driver: Unload, Delete, Disable NVIDIA nForce Networking Controller Driver Running C:\windows\system32\DRIVERS\NVENETFD.sys Script: Quarantine, Delete, BC delete NDIS nvnetbus Driver: Unload, Delete, Disable NVIDIA Network Bus Enumerator Running C:\windows\system32\DRIVERS\nvnetbus.sys Script: Quarantine, Delete, BC delete Extended Base nvnforce Driver: Unload, Delete, Disable Service for NVIDIA® nForce Audio Running C:\windows\system32\drivers\nvapu.sys Script: Quarantine, Delete, BC delete Rdbss Driver: Unload, Delete, Disable Rdbss Running C:\windows\system32\DRIVERS\rdbss.sys Script: Quarantine, Delete, BC delete Network SpyFighter Driver: Unload, Delete, Disable SpyFighter Guard Device Running C:\Program Files\SPYWAREfighter\spyfighter.sys Script: Quarantine, Delete, BC delete Srv Driver: Unload, Delete, Disable Srv Running C:\windows\system32\DRIVERS\srv.sys Script: Quarantine, Delete, BC delete Network wanatw Driver: Unload, Delete, Disable WAN Miniport (ATW) Running C:\windows\system32\DRIVERS\wanatw4.sys Script: Quarantine, Delete, BC delete NDIS wdmaud Driver: Unload, Delete, Disable Microsoft WINMM WDM Audio Compatibility Driver Running C:\windows\system32\drivers\wdmaud.sys Script: Quarantine, Delete, BC delete Abiosdsk Driver: Unload, Delete, Disable Abiosdsk Not started Abiosdsk.sys Script: Quarantine, Delete, BC delete Primary disk abp480n5 Driver: Unload, Delete, Disable abp480n5 Not started abp480n5.sys Script: Quarantine, Delete, BC delete SCSI miniport adpu160m Driver: Unload, Delete, Disable adpu160m Not started adpu160m.sys Script: Quarantine, Delete, BC delete SCSI miniport aec Driver: Unload, Delete, Disable Microsoft Kernel Acoustic Echo Canceller Not started C:\windows\system32\drivers\aec.sys Script: Quarantine, Delete, BC delete Aha154x Driver: Unload, Delete, Disable Aha154x Not started Aha154x.sys Script: Quarantine, Delete, BC delete SCSI miniport aic78u2 Driver: Unload, Delete, Disable aic78u2 Not started aic78u2.sys Script: Quarantine, Delete, BC delete SCSI miniport aic78xx Driver: Unload, Delete, Disable aic78xx Not started aic78xx.sys Script: Quarantine, Delete, BC delete SCSI miniport AliIde Driver: Unload, Delete, Disable AliIde Not started AliIde.sys Script: Quarantine, Delete, BC delete System Bus Extender amsint Driver: Unload, Delete, Disable amsint Not started amsint.sys Script: Quarantine, Delete, BC delete SCSI miniport asc Driver: Unload, Delete, Disable asc Not started asc.sys Script: Quarantine, Delete, BC delete SCSI miniport asc3350p Driver: Unload, Delete, Disable asc3350p Not started asc3350p.sys Script: Quarantine, Delete, BC delete SCSI miniport asc3550 Driver: Unload, Delete, Disable asc3550 Not started asc3550.sys Script: Quarantine, Delete, BC delete SCSI miniport Atdisk Driver: Unload, Delete, Disable Atdisk Not started Atdisk.sys Script: Quarantine, Delete, BC delete Primary disk catchme Driver: Unload, Delete, Disable catchme Not started C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys Script: Quarantine, Delete, BC delete Base cd20xrnt Driver: Unload, Delete, Disable cd20xrnt Not started cd20xrnt.sys Script: Quarantine, Delete, BC delete SCSI miniport Changer Driver: Unload, Delete, Disable Changer Not started Changer.sys Script: Quarantine, Delete, BC delete Filter CmdIde Driver: Unload, Delete, Disable CmdIde Not started CmdIde.sys Script: Quarantine, Delete, BC delete System Bus Extender Cpqarray Driver: Unload, Delete, Disable Cpqarray Not started Cpqarray.sys Script: Quarantine, Delete, BC delete SCSI miniport dac960nt Driver: Unload, Delete, Disable dac960nt Not started dac960nt.sys Script: Quarantine, Delete, BC delete SCSI miniport dpti2o Driver: Unload, Delete, Disable dpti2o Not started dpti2o.sys Script: Quarantine, Delete, BC delete SCSI miniport FXDRV Driver: Unload, Delete, Disable FXDRV Not started D:\Fxdrv.sys Script: Quarantine, Delete, BC delete hpn Driver: Unload, Delete, Disable hpn Not started hpn.sys Script: Quarantine, Delete, BC delete SCSI miniport i2omgmt Driver: Unload, Delete, Disable i2omgmt Not started i2omgmt.sys Script: Quarantine, Delete, BC delete SCSI Class i2omp Driver: Unload, Delete, Disable i2omp Not started i2omp.sys Script: Quarantine, Delete, BC delete SCSI miniport ini910u Driver: Unload, Delete, Disable ini910u Not started ini910u.sys Script: Quarantine, Delete, BC delete SCSI miniport IntelIde Driver: Unload, Delete, Disable IntelIde Not started IntelIde.sys Script: Quarantine, Delete, BC delete System Bus Extender lbrtfdc Driver: Unload, Delete, Disable lbrtfdc Not started lbrtfdc.sys Script: Quarantine, Delete, BC delete System Bus Extender mferkdk Driver: Unload, Delete, Disable McAfee Inc. Not started C:\windows\system32\drivers\mferkdk.sys Script: Quarantine, Delete, BC delete mraid35x Driver: Unload, Delete, Disable mraid35x Not started mraid35x.sys Script: Quarantine, Delete, BC delete SCSI miniport OmniUsb Driver: Unload, Delete, Disable Ideazon USB Zboard Driver Not started C:\windows\system32\DRIVERS\OmniUsb.sys Script: Quarantine, Delete, BC delete Keyboard Port OmniUsbl Driver: Unload, Delete, Disable Ideazon USBl Zboard Driver Not started C:\windows\system32\DRIVERS\OmniUsbl.sys Script: Quarantine, Delete, BC delete Keyboard Port PCIDump Driver: Unload, Delete, Disable PCIDump Not started PCIDump.sys Script: Quarantine, Delete, BC delete PCI Configuration PDCOMP Driver: Unload, Delete, Disable PDCOMP Not started PDCOMP.sys Script: Quarantine, Delete, BC delete PDFRAME Driver: Unload, Delete, Disable PDFRAME Not started PDFRAME.sys Script: Quarantine, Delete, BC delete PDRELI Driver: Unload, Delete, Disable PDRELI Not started PDRELI.sys Script: Quarantine, Delete, BC delete PDRFRAME Driver: Unload, Delete, Disable PDRFRAME Not started PDRFRAME.sys Script: Quarantine, Delete, BC delete perc2 Driver: Unload, Delete, Disable perc2 Not started perc2.sys Script: Quarantine, Delete, BC delete SCSI miniport perc2hib Driver: Unload, Delete, Disable perc2hib Not started perc2hib.sys Script: Quarantine, Delete, BC delete Filter ql1080 Driver: Unload, Delete, Disable ql1080 Not started ql1080.sys Script: Quarantine, Delete, BC delete SCSI miniport Ql10wnt Driver: Unload, Delete, Disable Ql10wnt Not started Ql10wnt.sys Script: Quarantine, Delete, BC delete SCSI miniport ql12160 Driver: Unload, Delete, Disable ql12160 Not started ql12160.sys Script: Quarantine, Delete, BC delete SCSI miniport ql1240 Driver: Unload, Delete, Disable ql1240 Not started ql1240.sys Script: Quarantine, Delete, BC delete SCSI miniport ql1280 Driver: Unload, Delete, Disable ql1280 Not started ql1280.sys Script: Quarantine, Delete, BC delete SCSI miniport RDPWD Driver: Unload, Delete, Disable RDPWD Not started C:\windows\system32\Drivers\RDPWD.sys Script: Quarantine, Delete, BC delete Secdrv Driver: Unload, Delete, Disable Secdrv Not started C:\windows\system32\DRIVERS\secdrv.sys Script: Quarantine, Delete, BC delete Simbad Driver: Unload, Delete, Disable Simbad Not started Simbad.sys Script: Quarantine, Delete, BC delete Filter Sparrow Driver: Unload, Delete, Disable Sparrow Not started Sparrow.sys Script: Quarantine, Delete, BC delete SCSI miniport splitter Driver: Unload, Delete, Disable Microsoft Kernel Audio Splitter Not started C:\windows\system32\drivers\splitter.sys Script: Quarantine, Delete, BC delete sym_hi Driver: Unload, Delete, Disable sym_hi Not started sym_hi.sys Script: Quarantine, Delete, BC delete SCSI miniport sym_u3 Driver: Unload, Delete, Disable sym_u3 Not started sym_u3.sys Script: Quarantine, Delete, BC delete SCSI miniport symc810 Driver: Unload, Delete, Disable symc810 Not started symc810.sys Script: Quarantine, Delete, BC delete SCSI miniport symc8xx Driver: Unload, Delete, Disable symc8xx Not started symc8xx.sys Script: Quarantine, Delete, BC delete SCSI miniport TosIde Driver: Unload, Delete, Disable TosIde Not started TosIde.sys Script: Quarantine, Delete, BC delete System Bus Extender ultra Driver: Unload, Delete, Disable ultra Not started ultra.sys Script: Quarantine, Delete, BC delete SCSI miniport ViaIde Driver: Unload, Delete, Disable ViaIde Not started ViaIde.sys Script: Quarantine, Delete, BC delete System Bus Extender WDICA Driver: Unload, Delete, Disable WDICA Not started WDICA.sys Script: Quarantine, Delete, BC delete WudfPf Driver: Unload, Delete, Disable Windows Driver Foundation - User-mode Driver Framework Platform Driver Not started C:\windows\system32\DRIVERS\WudfPf.sys Script: Quarantine, Delete, BC delete base Detected - 190, recognized as trusted - 113 Autoruns File name Status Startup method Description C:\Program Files\AOL 9.0b\AOL.EXE Script: Quarantine, Delete, BC delete Active Registry key HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, AOL Fast Start C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, hpqSRMon C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, NVMixerTray C:\Program Files\SPYWAREfighter\spftray.exe Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, spywarefighterguard C:\Program Files\Windows Media Player\WMPNSCFG.exe Script: Quarantine, Delete, BC delete Active Registry key HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, WMPNSCFG C:\WINDOWS\system32\WPDShServiceObj.dll Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, WPDShServiceObj C:\WINDOWS\system32\webcheck.dll Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, WebCheck C:\windows\system32\SHELL32.dll Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, PostBootReminder C:\windows\system32\SHELL32.dll Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, CDBurn C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler, {438755C2-A8BA-11D1-B96B-00A0C90312E1} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler, {8C7461EF-2B13-11d2-BE35-3078302C2030} C:\windows\system32\dfrg.msc %c: Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath, C:\windows\system32\iedkcs32.dll Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}, DLLName C:\windows\system32\iedkcs32.dll Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}, DLLName C:\windows\system32\schannel.dll Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Control\SecurityProviders, SecurityProviders C:\windows\system32\shell32.dll Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {AEB6717E-7E19-11d0-97EE-00C04FD91972} appmgmts.dll Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}, DLLName autocheck autochk *lsdelete Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager, BootExecute Autoruns items detected - 61, recognized as trusted - 43 Internet Explorer extension modules (BHOs, Toolbars ...) File name Type Description Manufacturer CLSID BHO {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Delete C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll Script: Quarantine, Delete, BC delete BHO IntelligentAdvisor © {6548BF73-58FF-71D5-F97D-17C71E323709} Delete c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll Script: Quarantine, Delete, BC delete BHO VSCore Script Scanner Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. {7DB2D5A0-7241-4E79-B68D-6309F01C5231} Delete c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll Script: Quarantine, Delete, BC delete Extension module VSCore Script Scanner Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. CmdMapping Delete C:\windows\Network Diagnostic\xpnetdiag.exe Script: Quarantine, Delete, BC delete Extension module Network Diagnostic for Windows XP © Microsoft Corporation. All rights reserved. {e2e2dd38-d088-4134-82b7-f2ba38496583} Delete C:\Program Files\Messenger\MSMSGS.EXE Script: Quarantine, Delete, BC delete Extension module Messenger Copyright © Microsoft Corporation 1997-2003 {FB5F1910-F110-11d2-BB9E-00C04F795683} Delete Elements detected - 9, recognized as trusted - 3 Windows Explorer extension modules File name Destination Description Manufacturer CLSID Display Panning CPL Extension {42071714-76d4-11d1-8b24-00a0c9068ff3} Shell extensions for file compression {764BF0E1-F219-11ce-972D-00AA00A14F56} Encryption Context Menu {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} C:\windows\system32\shdocvw.dll Script: Quarantine, Delete, BC delete Set Program Access and Defaults Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} C:\WINDOWS\system32\wuaucpl.cpl Script: Quarantine, Delete, BC delete Auto Update Property Sheet Extension Automatic Updates Control Panel © Microsoft Corporation. All rights reserved. {5F327514-6C5E-4d60-8F16-D07FA08A78ED} Taskbar and Start Menu {0DF44EAA-FF21-4412-828E-260A8728E7F1} C:\windows\system32\shdocvw.dll Script: Quarantine, Delete, BC delete Search Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} C:\windows\system32\shdocvw.dll Script: Quarantine, Delete, BC delete Help and Support Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} C:\windows\system32\shdocvw.dll Script: Quarantine, Delete, BC delete Help and Support Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} C:\windows\system32\shdocvw.dll Script: Quarantine, Delete, BC delete Run... Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} C:\windows\system32\shdocvw.dll Script: Quarantine, Delete, BC delete Internet Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} C:\windows\system32\shdocvw.dll Script: Quarantine, Delete, BC delete E-mail Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} C:\windows\system32\shdocvw.dll Script: Quarantine, Delete, BC delete Fonts Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {D20EA4E1-3957-11d2-A40B-0C5020524152} C:\windows\system32\shdocvw.dll Script: Quarantine, Delete, BC delete Administrative Tools Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {D20EA4E1-3957-11d2-A40B-0C5020524153} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete Microsoft Internet Toolbar Shell Browser UI Library © Microsoft Corporation. All rights reserved. {5E6AB780-7743-11CF-A12B-00AA004AE837} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete Download Status Shell Browser UI Library © Microsoft Corporation. All rights reserved. {22BF0C20-6DA7-11D0-B373-00A0C9034938} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete Augmented Shell Folder Shell Browser UI Library © Microsoft Corporation. All rights reserved. {91EA3F8B-C99B-11d0-9815-00C04FD91972} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete Augmented Shell Folder 2 Shell Browser UI Library © Microsoft Corporation. All rights reserved. {6413BA2C-B461-11d1-A18A-080036B11A03} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete BandProxy Shell Browser UI Library © Microsoft Corporation. All rights reserved. {F61FFEC1-754F-11d0-80CA-00AA005B4383} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete Microsoft BrowserBand Shell Browser UI Library © Microsoft Corporation. All rights reserved. {7BA4C742-9E81-11CF-99D3-00AA004AE837} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete IE Search Band Internet Explorer © Microsoft Corporation. All rights reserved. {30D02401-6A81-11d0-8274-00C04FD5AE38} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete In-pane search Shell Browser UI Library © Microsoft Corporation. All rights reserved. {169A0691-8DF9-11d1-A1C4-00C04FD75D13} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete Web Search Shell Browser UI Library © Microsoft Corporation. All rights reserved. {07798131-AF23-11d1-9111-00A0C98BA67D} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete Registry Tree Options Utility Shell Browser UI Library © Microsoft Corporation. All rights reserved. {AF4F6510-F982-11d0-8595-00AA004CD6D8} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete &Address Shell Browser UI Library © Microsoft Corporation. All rights reserved. {01E04581-4EEE-11d0-BFE9-00AA005B4383} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete Address EditBox Shell Browser UI Library © Microsoft Corporation. All rights reserved. {A08C11D2-A228-11d0-825B-00AA005B4383} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete Microsoft AutoComplete Shell Browser UI Library © Microsoft Corporation. All rights reserved. {00BB2763-6A77-11D0-A535-00C04FD7D062} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete TridentImageExtractor Shell Browser UI Library © Microsoft Corporation. All rights reserved. {7376D660-C583-11d0-A3A5-00C04FD706EC} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete MRU AutoComplete List Shell Browser UI Library © Microsoft Corporation. All rights reserved. {6756A641-DE71-11d0-831B-00AA005B4383} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete Custom MRU AutoCompleted List Shell Browser UI Library © Microsoft Corporation. All rights reserved. {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete Accessible Shell Browser UI Library © Microsoft Corporation. All rights reserved. {7e653215-fa25-46bd-a339-34a2790f3cb7} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete Track Popup Bar Shell Browser UI Library © Microsoft Corporation. All rights reserved. {acf35015-526e-4230-9596-becbe19f0ac9} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete Microsoft History AutoComplete List Shell Browser UI Library © Microsoft Corporation. All rights reserved. {00BB2764-6A77-11D0-A535-00C04FD7D062} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete Microsoft Shell Folder AutoComplete List Shell Browser UI Library © Microsoft Corporation. All rights reserved. {03C036F1-A186-11D0-824A-00AA005B4383} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete Microsoft Multiple AutoComplete List Container Shell Browser UI Library © Microsoft Corporation. All rights reserved. {00BB2765-6A77-11D0-A535-00C04FD7D062} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete Shell Band Site Menu Shell Browser UI Library © Microsoft Corporation. All rights reserved. {ECD4FC4E-521C-11D0-B792-00A0C90312E1} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete Shell DeskBarApp Shell Browser UI Library © Microsoft Corporation. All rights reserved. {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete Shell DeskBar Shell Browser UI Library © Microsoft Corporation. All rights reserved. {ECD4FC4C-521C-11D0-B792-00A0C90312E1} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete Shell Rebar BandSite Shell Browser UI Library © Microsoft Corporation. All rights reserved. {ECD4FC4D-521C-11D0-B792-00A0C90312E1} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete User Assist Shell Browser UI Library © Microsoft Corporation. All rights reserved. {DD313E04-FEFF-11d1-8ECD-0000F87A470C} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete Global Folder Settings Shell Browser UI Library © Microsoft Corporation. All rights reserved. {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} C:\windows\system32\shdocvw.dll Script: Quarantine, Delete, BC delete Favorites Band Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {EFA24E61-B078-11d0-89E4-00C04FC9E26E} C:\windows\system32\shdocvw.dll Script: Quarantine, Delete, BC delete Shell Automation Inproc Service Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {0A89A860-D7B1-11CE-8350-444553540000} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete Shell DocObject Viewer Internet Explorer © Microsoft Corporation. All rights reserved. {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} C:\windows\system32\shdocvw.dll Script: Quarantine, Delete, BC delete Microsoft Browser Architecture Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete InternetShortcut Internet Explorer © Microsoft Corporation. All rights reserved. {FBF23B40-E3F0-101B-8488-00AA003E56F8} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete Microsoft Url History Service Internet Explorer © Microsoft Corporation. All rights reserved. {3C374A40-BAE4-11CF-BF7D-00AA006946EE} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete History Internet Explorer © Microsoft Corporation. All rights reserved. {FF393560-C2A7-11CF-BFF4-444553540000} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete Temporary Internet Files Internet Explorer © Microsoft Corporation. All rights reserved. {7BD29E00-76C1-11CF-9DD0-00A0C9034933} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete Temporary Internet Files Internet Explorer © Microsoft Corporation. All rights reserved. {7BD29E01-76C1-11CF-9DD0-00A0C9034933} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete Microsoft Url Search Hook Internet Explorer © Microsoft Corporation. All rights reserved. {CFBFAE00-17A6-11D0-99CB-00C04FD64497} C:\windows\system32\shdocvw.dll Script: Quarantine, Delete, BC delete IE4 Suite Splash Screen Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} C:\windows\system32\shdocvw.dll Script: Quarantine, Delete, BC delete CDF Extension Copy Hook Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {67EA19A0-CCEF-11d0-8024-00C04FD75D13} C:\windows\system32\shdocvw.dll Script: Quarantine, Delete, BC delete ISFBand OC Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {131A6951-7F78-11D0-A979-00C04FD705A2} C:\windows\system32\shdocvw.dll Script: Quarantine, Delete, BC delete Search Assistant OC Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {9461b922-3c5a-11d2-bf8b-00c04fb93661} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete The Internet Internet Explorer © Microsoft Corporation. All rights reserved. {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete Internet Name Space Internet Explorer © Microsoft Corporation. All rights reserved. {871C5380-42A0-1069-A2EA-08002B30309D} C:\windows\system32\shdocvw.dll Script: Quarantine, Delete, BC delete Explorer Band Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {EFA24E64-B078-11d0-89E4-00C04FC9E26E} C:\WINDOWS\system32\occache.dll Script: Quarantine, Delete, BC delete ActiveX Cache Folder Object Control Viewer © Microsoft Corporation. All rights reserved. {88C6C381-2E85-11D0-94DE-444553540000} C:\WINDOWS\system32\webcheck.dll Script: Quarantine, Delete, BC delete WebCheck Web Site Monitor © Microsoft Corporation. All rights reserved. {E6FB5E20-DE35-11CF-9C87-00AA005127ED} C:\WINDOWS\system32\webcheck.dll Script: Quarantine, Delete, BC delete Subscription Mgr Web Site Monitor © Microsoft Corporation. All rights reserved. {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} C:\WINDOWS\system32\webcheck.dll Script: Quarantine, Delete, BC delete Subscription Folder Web Site Monitor © Microsoft Corporation. All rights reserved. {F5175861-2688-11d0-9C5E-00AA00A45957} C:\WINDOWS\system32\webcheck.dll Script: Quarantine, Delete, BC delete WebCheckWebCrawler Web Site Monitor © Microsoft Corporation. All rights reserved. {08165EA0-E946-11CF-9C87-00AA005127ED} C:\windows\system32\webcheck.dll Script: Quarantine, Delete, BC delete WebCheckChannelAgent Web Site Monitor © Microsoft Corporation. All rights reserved. {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} C:\windows\system32\webcheck.dll Script: Quarantine, Delete, BC delete TrayAgent Web Site Monitor © Microsoft Corporation. All rights reserved. {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} C:\WINDOWS\system32\webcheck.dll Script: Quarantine, Delete, BC delete Code Download Agent Web Site Monitor © Microsoft Corporation. All rights reserved. {7D559C10-9FE9-11d0-93F7-00AA0059CE02} C:\windows\system32\webcheck.dll Script: Quarantine, Delete, BC delete ConnectionAgent Web Site Monitor © Microsoft Corporation. All rights reserved. {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} C:\windows\system32\webcheck.dll Script: Quarantine, Delete, BC delete PostAgent Web Site Monitor © Microsoft Corporation. All rights reserved. {D8BD2030-6FC9-11D0-864F-00AA006809D9} C:\WINDOWS\system32\webcheck.dll Script: Quarantine, Delete, BC delete WebCheck SyncMgr Handler Web Site Monitor © Microsoft Corporation. All rights reserved. {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} rundll32.exe C:\windows\system32\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} Script: Quarantine, Delete, BC delete Autoplay for SlideShow {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} User Accounts {7A9D77BD-5403-11d2-8785-2E0420524153} C:\WINDOWS\system32\extmgr.dll Script: Quarantine, Delete, BC delete Extensions Manager Folder Extensions Manager © Microsoft Corporation. All rights reserved. {692F0339-CBAA-47e6-B5B5-3B84DB604E87} C:\WINDOWS\system32\wmpshell.dll Script: Quarantine, Delete, BC delete Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher © Microsoft Corporation. All rights reserved. {8DD448E6-C188-4aed-AF92-44956194EB1F} C:\WINDOWS\system32\wmpshell.dll Script: Quarantine, Delete, BC delete Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher © Microsoft Corporation. All rights reserved. {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} C:\WINDOWS\system32\wmpshell.dll Script: Quarantine, Delete, BC delete Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher © Microsoft Corporation. All rights reserved. {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} C:\windows\system32\browseui.dll Script: Quarantine, Delete, BC delete Shell Search Band Shell Browser UI Library © Microsoft Corporation. All rights reserved. {21569614-B795-46b1-85F4-E737A8DC09AD} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete IE Microsoft BrowserBand Internet Explorer © Microsoft Corporation. All rights reserved. {07C45BB1-4A8C-4642-A1F5-237E7215FF66} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete IE Fade Task Internet Explorer © Microsoft Corporation. All rights reserved. {1C1EDB47-CE22-4bbb-B608-77B48F83C823} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete IE Menu Desk Bar Internet Explorer © Microsoft Corporation. All rights reserved. {205D7A97-F16D-4691-86EF-F3075DCCA57D} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete IE AutoComplete Internet Explorer © Microsoft Corporation. All rights reserved. {3028902F-6374-48b2-8DC6-9725E775B926} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete IE Navigation Bar Internet Explorer © Microsoft Corporation. All rights reserved. {43886CD5-6529-41c4-A707-7B3C92C05E68} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete IE Menu Site Internet Explorer © Microsoft Corporation. All rights reserved. {44C76ECD-F7FA-411c-9929-1B77BA77F524} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete IE Menu Band Internet Explorer © Microsoft Corporation. All rights reserved. {4B78D326-D922-44f9-AF2A-07805C2A3560} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete IE Microsoft History AutoComplete List Internet Explorer © Microsoft Corporation. All rights reserved. {6038EF75-ABFC-4e59-AB6F-12D397F6568D} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete IE Tracking Shell Menu Internet Explorer © Microsoft Corporation. All rights reserved. {6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete IE IShellFolderBand Internet Explorer © Microsoft Corporation. All rights reserved. {6CF48EF8-44CD-45d2-8832-A16EA016311B} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete IE BandProxy Internet Explorer © Microsoft Corporation. All rights reserved. {73CFD649-CD48-4fd8-A272-2070EA56526B} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete IE MRU AutoComplete List Internet Explorer © Microsoft Corporation. All rights reserved. {98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete IE RSS Feeder Folder Internet Explorer © Microsoft Corporation. All rights reserved. {9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete IE Microsoft Shell Folder AutoComplete List Internet Explorer © Microsoft Corporation. All rights reserved. {9D958C62-3954-4b44-8FAB-C4670C1DB4C2} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete IE Microsoft Multiple AutoComplete List Container Internet Explorer © Microsoft Corporation. All rights reserved. {B31C5FAE-961F-415b-BAF0-E697A5178B94} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete Microsoft Browser Architecture Internet Explorer © Microsoft Corporation. All rights reserved. {BC476F4C-D9D7-4100-8D4E-E043F6DEC409} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete IE Shell Rebar BandSite Internet Explorer © Microsoft Corporation. All rights reserved. {BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete IE Shell Band Site Menu Internet Explorer © Microsoft Corporation. All rights reserved. {E6EE9AAC-F76B-4947-8260-A9F136138E11} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete &Links Internet Explorer © Microsoft Corporation. All rights reserved. {F2CF5485-4E02-4f68-819C-B92DE9277049} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete IE Registry Tree Options Utility Internet Explorer © Microsoft Corporation. All rights reserved. {F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete IE User Assist Internet Explorer © Microsoft Corporation. All rights reserved. {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} C:\WINDOWS\system32\ieframe.dll Script: Quarantine, Delete, BC delete IE Custom MRU AutoCompleted List Internet Explorer © Microsoft Corporation. All rights reserved. {FDE7673D-2E19-4145-8376-BBD58C4BC7BA} C:\windows\system32\wpdshext.dll Script: Quarantine, Delete, BC delete Portable Devices Portable Devices Shell Extension © Microsoft Corporation. All rights reserved. {35786D3C-B075-49b9-88DD-029876E11C01} C:\windows\system32\wpdshext.dll Script: Quarantine, Delete, BC delete Portable Devices Menu Portable Devices Shell Extension © Microsoft Corporation. All rights reserved. {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} C:\windows\system32\Audiodev.dll Script: Quarantine, Delete, BC delete Portable Media Devices Portable Media Devices Shell Extension Copyright © Microsoft Corporation. All rights reserved. {640167b4-59b0-47a6-b335-a6b3c0695aea} C:\WINDOWS\system32\mscoree.dll Script: Quarantine, Delete, BC delete Fusion Cache Microsoft .NET Runtime Execution Engine © Microsoft Corporation. All rights reserved. {1D2680C9-0E2A-469d-B787-065558BC7D43} Elements detected - 204, recognized as trusted - 102 Print system extensions (print monitors, providers) File name Type Name Description Manufacturer C:\windows\system32\hpz3l463.dll Script: Quarantine, Delete, BC delete Monitor PCL hpz3l463 LanguageMonitor Copyright © 1999 C:\windows\system32\hpz3l4pi.dll Script: Quarantine, Delete, BC delete Monitor PCL hpz3l4pi LanguageMonitor Copyright © 1999 Elements detected - 9, recognized as trusted - 7 Task Scheduler jobs File name Job name Job status Description Manufacturer c:\PROGRA~1\mcafee\mqc\QcConsol.exe Script: Quarantine, Delete, BC delete McDefragTask.job The task is ready to run at its next scheduled time. QuickClean Console Application Copyright © 2006 McAfee, Inc. c:\PROGRA~1\mcafee\mqc\QcConsol.exe Script: Quarantine, Delete, BC delete McQcTask.job The task has not yet run. QuickClean Console Application Copyright © 2006 McAfee, Inc. C:\Program Files\RegCure\RegCure.exe Script: Quarantine, Delete, BC delete RegCure Program Check.job The task is ready to run at its next scheduled time. RegCure Application Copyright © 2006 C:\Program Files\RegCure\RegCure.exe Script: Quarantine, Delete, BC delete RegCure.job The task is ready to run at its next scheduled time. RegCure Application Copyright © 2006 C:\Program Files\SpywareBot\SpywareBot.exe Script: Quarantine, Delete, BC delete SpywareBot Scheduled Scan.job The task has not yet run. Elements detected - 5, recognized as trusted - 0 SPI/LSP settings Namespace providers (NSP) Manufacturer Status Exe file Description GUID Detected - 3, recognized as trusted - 3 Transport protocol providers (TSP, LSP) Manufacturer Exe file Description Detected - 21, recognized as trusted - 21 Automatic SPI settings check results LSP settings checked. No errors detected TCP/UDP ports Port Status Remote Host Remote Port Application Notes TCP ports 135 LISTENING 0.0.0.0 22715 [1076] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate 139 LISTENING 0.0.0.0 26854 [4] System Script: Quarantine, Delete, BC delete, Terminate 445 LISTENING 0.0.0.0 38948 [4] System Script: Quarantine, Delete, BC delete, Terminate 1033 LISTENING 0.0.0.0 2112 [2932] c:\windows\system32\alg.exe Script: Quarantine, Delete, BC delete, Terminate 6646 LISTENING 0.0.0.0 14552 [124] c:\progra~1\common~1\mcafee\mna\mcnasvc.exe Script: Quarantine, Delete, BC delete, Terminate UDP ports 123 LISTENING -- -- [1112] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate 123 LISTENING -- -- [1112] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate 137 LISTENING -- -- [4] System Script: Quarantine, Delete, BC delete, Terminate 138 LISTENING -- -- [4] System Script: Quarantine, Delete, BC delete, Terminate 445 LISTENING -- -- [4] System Script: Quarantine, Delete, BC delete, Terminate 500 LISTENING -- -- [848] c:\windows\system32\lsass.exe Script: Quarantine, Delete, BC delete, Terminate 1026 LISTENING -- -- [1160] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate 1056 LISTENING -- -- [1812] c:\program files\common files\aol\acs\aolacsd.exe Script: Quarantine, Delete, BC delete, Terminate 1900 LISTENING -- -- [1304] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate 1900 LISTENING -- -- [1304] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate 4500 LISTENING -- -- [848] c:\windows\system32\lsass.exe Script: Quarantine, Delete, BC delete, Terminate 6646 LISTENING -- -- [124] c:\progra~1\common~1\mcafee\mna\mcnasvc.exe Script: Quarantine, Delete, BC delete, Terminate Downloaded Program Files (DPF) File name Description Manufacturer CLSID Source URL C:\WINDOWS\Downloaded Program Files\fscax.dll Script: Quarantine, Delete, BC delete fscax module © 2005-2006 F-Secure Corporation. All rights reserved. {0B79F48A-E8D6-11DB-9283-E25056D89593} Delete http://support.f-secure.com/ols/fscax.cab Elements detected - 5, recognized as trusted - 4 Control Panel Applets (CPL) File name Description Manufacturer C:\windows\system32\inetcpl.cpl Script: Quarantine, Delete, BC delete Internet Control Panel © Microsoft Corporation. All rights reserved. C:\windows\system32\wuaucpl.cpl Script: Quarantine, Delete, BC delete Automatic Updates Control Panel © Microsoft Corporation. All rights reserved. Elements detected - 25, recognized as trusted - 23 Active Setup File name Description Manufacturer CLSID C:\WINDOWS\system32\ieudinit.exe Script: Quarantine, Delete, BC delete IE Per User Active Setup Uninstall Utility © Microsoft Corporation. All rights reserved. <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} C:\WINDOWS\inf\unregmp2.exe Script: Quarantine, Delete, BC delete Microsoft Windows Media Player Setup Utility © Microsoft Corporation. All rights reserved. >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} C:\WINDOWS\system32\ie4uinit.exe Script: Quarantine, Delete, BC delete IE Per-User Initialization Utility © Microsoft Corporation. All rights reserved. >{26923b43-4d38-484f-9b9e-de460746276c} C:\windows\system32\IEDKCS32.DLL Script: Quarantine, Delete, BC delete IEAK branding © Microsoft Corporation. All rights reserved. >{60B49E34-C7CC-11D0-8953-00A0C90347FF} C:\windows\system32\IEDKCS32.DLL Script: Quarantine, Delete, BC delete IEAK branding © Microsoft Corporation. All rights reserved. >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS C:\windows\system32\advpack.dll Script: Quarantine, Delete, BC delete ADVPACK © Microsoft Corporation. All rights reserved. {44BBA842-CC51-11CF-AAFA-00AA00B6015B} C:\windows\system32\advpack.dll Script: Quarantine, Delete, BC delete ADVPACK © Microsoft Corporation. All rights reserved. {5945c046-1e7d-11d1-bc44-00c04fd912be} C:\windows\system32\advpack.dll Script: Quarantine, Delete, BC delete ADVPACK © Microsoft Corporation. All rights reserved. {6BF52A52-394A-11d3-B153-00C04F79FAA6} C:\WINDOWS\system32\ie4uinit.exe Script: Quarantine, Delete, BC delete IE Per-User Initialization Utility © Microsoft Corporation. All rights reserved. {89820200-ECBD-11cf-8B85-00AA005B4383} Elements detected - 15, recognized as trusted - 6 HOSTS file Hosts file record 127.0.0.1 localhost Protocols and handlers File name Type Description Manufacturer CLSID mscoree.dll Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D} mscoree.dll Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D} mscoree.dll Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D} C:\windows\system32\urlmon.dll Script: Quarantine, Delete, BC delete Protocol OLE32 Extensions for Win32 (AP Class Install Handler filter) © Microsoft Corporation. All rights reserved. {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} C:\windows\system32\urlmon.dll Script: Quarantine, Delete, BC delete Protocol OLE32 Extensions for Win32 (AP Deflate Encoding/Decoding Filter) © Microsoft Corporation. All rights reserved. {8f6b0360-b80d-11d0-a9b3-006097942311} C:\windows\system32\urlmon.dll Script: Quarantine, Delete, BC delete Protocol OLE32 Extensions for Win32 (AP GZIP Encoding/Decoding Filter) © Microsoft Corporation. All rights reserved. {8f6b0360-b80d-11d0-a9b3-006097942311} C:\windows\system32\urlmon.dll Script: Quarantine, Delete, BC delete Protocol OLE32 Extensions for Win32 (AP lzdhtml encoding/decoding Filter) © Microsoft Corporation. All rights reserved. {8f6b0360-b80d-11d0-a9b3-006097942311} C:\windows\system32\SHELL32.dll Script: Quarantine, Delete, BC delete Protocol Windows Shell Common Dll (WebView MIME Filter) © Microsoft Corporation. All rights reserved. {733AC4CB-F1A4-11d0-B951-00A0C90312E1} C:\WINDOWS\system32\mshtml.dll Script: Quarantine, Delete, BC delete Handler Microsoft ® HTML Viewer () © Microsoft Corporation. All rights reserved. {3050F406-98B5-11CF-BB82-00AA00BDCE0B} C:\windows\system32\urlmon.dll Script: Quarantine, Delete, BC delete Handler OLE32 Extensions for Win32 (CDL: Asychronous Pluggable Protocol Handler) © Microsoft Corporation. All rights reserved. {3dd53d40-7b8b-11D0-b013-00aa0059ce02} C:\windows\system32\urlmon.dll Script: Quarantine, Delete, BC delete Handler OLE32 Extensions for Win32 (file:, local: Asychronous Pluggable Protocol Handler) © Microsoft Corporation. All rights reserved. {79eac9e7-baf9-11ce-8c82-00aa004ba90b} C:\windows\system32\urlmon.dll Script: Quarantine, Delete, BC delete Handler OLE32 Extensions for Win32 (ftp: Asychronous Pluggable Protocol Handler) © Microsoft Corporation. All rights reserved. {79eac9e3-baf9-11ce-8c82-00aa004ba90b} C:\windows\system32\urlmon.dll Script: Quarantine, Delete, BC delete Handler OLE32 Extensions for Win32 (gopher: Asychronous Pluggable Protocol Handler) © Microsoft Corporation. All rights reserved. {79eac9e4-baf9-11ce-8c82-00aa004ba90b} C:\windows\system32\urlmon.dll Script: Quarantine, Delete, BC delete Handler OLE32 Extensions for Win32 (http: Asychronous Pluggable Protocol Handler) © Microsoft Corporation. All rights reserved. {79eac9e2-baf9-11ce-8c82-00aa004ba90b} C:\windows\system32\urlmon.dll Script: Quarantine, Delete, BC delete Handler OLE32 Extensions for Win32 (https: Asychronous Pluggable Protocol Handler) © Microsoft Corporation. All rights reserved. {79eac9e5-baf9-11ce-8c82-00aa004ba90b} C:\WINDOWS\system32\mshtml.dll Script: Quarantine, Delete, BC delete Handler Microsoft ® HTML Viewer () © Microsoft Corporation. All rights reserved. {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} C:\windows\system32\urlmon.dll Script: Quarantine, Delete, BC delete Handler OLE32 Extensions for Win32 (file:, local: Asychronous Pluggable Protocol Handler) © Microsoft Corporation. All rights reserved. {79eac9e7-baf9-11ce-8c82-00aa004ba90b} C:\WINDOWS\system32\mshtml.dll Script: Quarantine, Delete, BC delete Handler Microsoft ® HTML Viewer () © Microsoft Corporation. All rights reserved. {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} C:\windows\system32\inetcomm.dll Script: Quarantine, Delete, BC delete Handler Microsoft Internet Messaging API (MHTML Asychronous Pluggable Protocol Handler) © Microsoft Corporation. All rights reserved. {05300401-BCBC-11d0-85E3-00C04FD85AB4} C:\windows\system32\urlmon.dll Script: Quarantine, Delete, BC delete Handler OLE32 Extensions for Win32 (mk: Asychronous Pluggable Protocol Handler) © Microsoft Corporation. All rights reserved. {79eac9e6-baf9-11ce-8c82-00aa004ba90b} C:\WINDOWS\system32\mshtml.dll Script: Quarantine, Delete, BC delete Handler Microsoft ® HTML Viewer () © Microsoft Corporation. All rights reserved. {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} C:\windows\system32\mshtml.dll Script: Quarantine, Delete, BC delete Handler Microsoft ® HTML Viewer () © Microsoft Corporation. All rights reserved. {76E67A63-06E9-11D2-A840-006008059382} C:\WINDOWS\system32\mshtml.dll Script: Quarantine, Delete, BC delete Handler Microsoft ® HTML Viewer () © Microsoft Corporation. All rights reserved. {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} Elements detected - 28, recognized as trusted - 5 Suspicious objects File Description Type C:\windows\system32\drivers\mfehidk.sys Script: Quarantine, Delete, BC delete Suspicion for Rootkit Kernel-mode hook C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe Script: Quarantine, Delete, BC delete Suspicion by File scanner Suspicion for Backdoor.Win32.JustJoke.26.a ( 07EF7DDB 05203645 00241305 0018D5B8 466944) C:\windows\system32\iertutil.dll Script: Quarantine, Delete, BC delete Suspicion for Keylogger Suspicion for a Keylogger or Trojan DLL -------------------------------------------------------------------------------- AVZ Antiviral Toolkit log; AVZ version is 4.29 Scanning started at 12/24/2007 10:07:50 PM Database loaded: signatures - 140626, NN profile(s) - 2, microprograms of healing - 55, signature database released 23.12.2007 19:45 Heuristic microprograms loaded: 371 SPV microprograms loaded: 9 Digital signatures of system files loaded: 68055 Heuristic analyzer mode: Maximum heuristics level Healing mode: enabled Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights System Recovery: enabled 1. Searching for Rootkits and programs intercepting API functions 1.1 Searching for user-mode API hooks Analysis: kernel32.dll, export table found in section .text Analysis: ntdll.dll, export table found in section .text Analysis: user32.dll, export table found in section .text Analysis: advapi32.dll, export table found in section .text Analysis: ws2_32.dll, export table found in section .text Analysis: wininet.dll, export table found in section .text Analysis: rasapi32.dll, export table found in section .text Analysis: urlmon.dll, export table found in section .text Analysis: netapi32.dll, export table found in section .text 1.2 Searching for kernel-mode API hooks Driver loaded successfully SDT found (RVA=07B380) Kernel ntkrnlpa.exe found in memory at address 804D7000 SDT = 80552380 KiST = 805011FC (284) Function NtCreateFile (25) - machine code modification Method of JmpTo. jmp B9D1F7CF\SystemRoot\system32\drivers\mfehidk.sys >>> Function recovered successfully ! Function NtCreateKey (29) - machine code modification Method of JmpTo. jmp B9D1F74F\SystemRoot\system32\drivers\mfehidk.sys >>> Function recovered successfully ! Function NtCreateProcess (2F) - machine code modification Method of JmpTo. jmp B9D1F7F9\SystemRoot\system32\drivers\mfehidk.sys >>> Function recovered successfully ! Function NtDeleteKey (3F) - machine code modification Method of JmpTo. jmp B9D1F763\SystemRoot\system32\drivers\mfehidk.sys >>> Function recovered successfully ! Function NtDeleteValueKey (41) - machine code modification Method of JmpTo. jmp B9D1F78F\SystemRoot\system32\drivers\mfehidk.sys >>> Function recovered successfully ! Function NtMapViewOfSection (6C) - machine code modification Method of JmpTo. jmp B9D1F823\SystemRoot\system32\drivers\mfehidk.sys >>> Function recovered successfully ! Function NtOpenKey (77) - machine code modification Method of JmpTo. jmp B9D1F73B\SystemRoot\system32\drivers\mfehidk.sys >>> Function recovered successfully ! Function NtProtectVirtualMemory (89) - machine code modification Method of JmpTo. jmp B9D1F7E3\SystemRoot\system32\drivers\mfehidk.sys >>> Function recovered successfully ! Function NtRenameKey (C0) - machine code modification Method of JmpTo. jmp B9D1F779\SystemRoot\system32\drivers\mfehidk.sys >>> Function recovered successfully ! Function NtSetValueKey (F7) - machine code modification Method of JmpTo. jmp B9D1F7A5\SystemRoot\system32\drivers\mfehidk.sys >>> Function recovered successfully ! Function NtTerminateProcess (101) - machine code modification Method of JmpTo. jmp B9D1F7BB\SystemRoot\system32\drivers\mfehidk.sys >>> Function recovered successfully ! Function NtUnmapViewOfSection (10B) - machine code modification Method of JmpTo. jmp B9D1F839\SystemRoot\system32\drivers\mfehidk.sys >>> Function recovered successfully ! Function NtYieldExecution (116) - machine code modification Method of JmpTo. jmp B9D1F80D\SystemRoot\system32\drivers\mfehidk.sys >>> Function recovered successfully ! Functions checked: 284, intercepted: 0, restored: 13 1.3 Checking IDT and SYSENTER Analysis for CPU 1 Checking IDT and SYSENTER - complete 1.4 Searching for masking processes and drivers Checking not performed: the extended monitoring driver (AVZPM) is not installed 2. Scanning memory Number of processes found: 46 Analyzer - the process under analysis is 1812 C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Loads RASAPI DLL - may use dialing ? Analyzer - the process under analysis is 1952 C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Loads RASAPI DLL - may use dialing ? Analyzer - the process under analysis is 2028 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [ES]:Contains network functionality [ES]:Application has no visible windows Analyzer - the process under analysis is 188 C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [ES]:Contains network functionality [ES]:Application has no visible windows Analyzer - the process under analysis is 204 C:\PROGRA~1\McAfee\MSC\mcpromgr.exe [ES]:Contains network functionality [ES]:Application has no visible windows Analyzer - the process under analysis is 228 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [ES]:Contains network functionality [ES]:Application has no visible windows Analyzer - the process under analysis is 312 c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe [ES]:Application has no visible windows Analyzer - the process under analysis is 408 C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [ES]:Contains network functionality [ES]:Application has no visible windows Analyzer - the process under analysis is 492 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [ES]:Contains network functionality [ES]:Application has no visible windows Analyzer - the process under analysis is 620 C:\Program Files\McAfee\MPF\MPFSrv.exe [ES]:Contains network functionality [ES]:Application has no visible windows Analyzer - the process under analysis is 1476 c:\PROGRA~1\mcafee.com\agent\mcagent.exe [ES]:Contains network functionality [ES]:Application has no visible windows Analyzer - the process under analysis is 2312 C:\PROGRA~1\McAfee\MPS\mps.exe [ES]:Contains network functionality [ES]:Application has no visible windows Analyzer - the process under analysis is 2632 C:\Program Files\SPYWAREfighter\spftray.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Registered in autoruns !! Analyzer - the process under analysis is 2648 C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [ES]:Application has no visible windows [ES]:Registered in autoruns !! Analyzer - the process under analysis is 3500 C:\Program Files\McAfee\MPS\mpsevh.exe [ES]:Application has no visible windows Analyzer - the process under analysis is 2936 C:\Program Files\SPYWAREfighter\spfprc.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Loads RASAPI DLL - may use dialing ? Analyzer - the process under analysis is 3140 C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Loads RASAPI DLL - may use dialing ? Analyzer - the process under analysis is 1436 C:\Program Files\AOL 9.0b\waol.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Loads RASAPI DLL - may use dialing ? Process c:\program files\aol 9.0b\waol.exe Contains network functionality (comm.dll) Analyzer - the process under analysis is 3320 C:\Program Files\AOL 9.0b\shellmon.exe [ES]:Application has no visible windows Number of modules loaded: 399 Memory checking - complete 3. Scanning disks Direct reading C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR2.tmp C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe >>> suspicion for Backdoor.Win32.JustJoke.26.a ( 07EF7DDB 05203645 00241305 0018D5B8 466944) 4. Checking Winsock Layered Service Provider (SPI/LSP) LSP settings checked. No errors detected 5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs) C:\windows\system32\iertutil.dll --> Suspicion for a Keylogger or Trojan DLL C:\windows\system32\iertutil.dll>>> Behavioral analysis: Behaviour typical for keyloggers not detected Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs 6. Searching for opened TCP/UDP ports used by malicious programs Checking disabled by user 7. Heuristic system check Checking complete 8. Searching for vulnerabilities >> Services: potentially dangerous service allowed TermService (Terminal Services) >> Services: potentially dangerous service allowed SSDPSRV (SSDP Discovery Service) >> Services: potentially dangerous service allowed Schedule (Task Scheduler) >> Services: potentially dangerous service allowed mnmsrvc (NetMeeting Remote Desktop Sharing) >> Services: potentially dangerous service allowed RDSessMgr (Remote Desktop Help Session Manager) > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)! >> Security: disk drives' autorun is enabled >> Security: administrative shares (C$, D$ ...) are enabled >> Security: anonymous user access is enabled >> Security: sending Remote Assistant queries is enabled Checking complete 9. Troubleshooting wizard Checking complete Files scanned: 70165, extracted from archives: 45500, malicious programs found 0, suspicions - 1 Scanning finished at 12/24/2007 10:30:06 PM !!! Attention !!! Recovered 13 KiST functions during Anti-Rootkit operation This may affect execution of several programs, so it is strongly recommended to reboot Time of scanning: 00:22:19 If you have a suspicion on presence of viruses or questions on the suspected objects, you can address http://virusinfo.info conference Creating archive of files from Quarantine Creating archive of files from Quarantine - complete System Analysis in progress Script commands Add commands to script:Blocking hooks using Anti-RootkitEnable AVZGuardBootCleaner - import list of deleted filesRegistry cleanup after deleting filesBootCleaner - activateRebootInsert template for QuarantineFile() - quarantining fileInsert template for BC_QrFile() - quarantining file via BootCleanerInsert template for DeleteFile() - deleting fileInsert template for DelCLSID() - deleting CLSID item from the registryAdditional operations:Performance tweaking: disable service TermService (Terminal Services)Performance tweaking: disable service SSDPSRV (SSDP Discovery Service)Performance tweaking: disable service Schedule (Task Scheduler)Performance tweaking: disable service mnmsrvc (NetMeeting Remote Desktop Sharing)Performance tweaking: disable service RDSessMgr (Remote Desktop Help Session Manager)Security tweaking: disable disk drives' autorunSecurity tweaking: disable administrative sharesSecurity tweaking: disable anonymous user accessSecurity: disable sending Remote Assistant queries-------------------------------------------------------------------------------- File list
  3. So sorry to hear that. I'm not sure about the password...I never put on on it but I thinkk this is the files you need. Thank you so much Joy syscheck <?xml version="1.0" encoding="windows-1251" ?> - <!-- AVZ XML Report --> - <AVZ> - <PROCESS> <ITEM PID="1812" File="c:\program files\common files\aol\acs\aolacsd.exe" CheckResult="-1" Descr="AOL Connectivity Service" LegalCopyright="Copyright © 2001-2006 AOL LLC" CmdLine="@quot;C:\Program Files\Common Files\AOL\ACS\[email protected];" Size="46640" Attr="RsAh" CreateDate="10/23/2006 7:50:35 AM" ChageDate="10/23/2006 7:50:35 AM" MD5="85180CF88C5EBAD73B452A43A004CA51" /> <ITEM PID="3140" File="c:\program files\common files\aol\1175982866\ee\aolsoftware.exe" CheckResult="-1" Descr="AOL" LegalCopyright="Copyright © 2007 AOL LLC" CmdLine="@quot;C:\Program Files\Common Files\AOL\1175982866\ee\[email protected]; /h servicehost.defaultGrp" Size="42032" Attr="rsAh" CreateDate="4/12/2007 4:23:31 PM" ChageDate="4/12/2007 4:23:31 PM" MD5="8C1081F3F99A78597A7CAAA85A3C1FFE" /> <ITEM PID="944" File="c:\windows\explorer.exe" CheckResult="0" Descr="Windows Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\Explorer.EXE" Size="1033216" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="6/13/2007 5:23:07 AM" MD5="97BD6515465659FF8F3B7BE375B2EA87" /> <ITEM PID="2648" File="c:\program files\hp\digital imaging\bin\hpqsrmon.exe" CheckResult="-1" Descr="HpqSRmon" LegalCopyright="© Hewlett-Packard. All rights reserved." CmdLine="@quot;C:\Program Files\HP\Digital Imaging\bin\[email protected];" Size="80896" Attr="rsAh" CreateDate="8/22/2007 4:31:16 PM" ChageDate="8/22/2007 4:31:16 PM" MD5="941A08CBDEEDF16B6C986B6BA7C9A5D0" /> <ITEM PID="1952" File="c:\program files\common files\mcafee\hackerwatch\hwapi.exe" CheckResult="-1" Descr="McAfee HackerWatch Service" LegalCopyright="© McAfee, Inc. All rights reserved." CmdLine="@quot;C:\Program Files\Common Files\McAfee\HackerWatch\[email protected];" Size="540776" Attr="rsAh" CreateDate="12/7/2007 2:14:26 AM" ChageDate="2/13/2007 12:09:12 PM" MD5="38BCCF016B694A745E1CDBC0B080A59C" /> <ITEM PID="1476" File="c:\progra~1\mcafee.com\agent\mcagent.exe" CheckResult="-1" Descr="McAfee Integrated Security Platform" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding" Size="566872" Attr="rsAh" CreateDate="12/7/2007 2:13:56 AM" ChageDate="1/5/2007 4:21:16 PM" MD5="4C4F3DE9CF6E0F8B7A4AE639FF981BFF" /> <ITEM PID="2028" File="c:\progra~1\mcafee\msc\mcmscsvc.exe" CheckResult="-1" Descr="MISP User Manager" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe" Size="361560" Attr="rsAh" CreateDate="12/7/2007 2:13:51 AM" ChageDate="1/5/2007 4:22:12 PM" MD5="BB8A45E65BE310996A201F8A75646A8D" /> <ITEM PID="124" File="c:\progra~1\common~1\mcafee\mna\mcnasvc.exe" CheckResult="-1" Descr="McAfee Network Agent" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="@quot;c:\PROGRA~1\COMMON~1\mcafee\mna\[email protected];" Size="2213416" Attr="rsAh" CreateDate="12/7/2007 2:14:06 AM" ChageDate="3/9/2007 4:36:10 AM" MD5="39621D46D16AF1FCF6063BCED5CA60FC" /> <ITEM PID="188" File="c:\progra~1\mcafee\viruss~1\mcods.exe" CheckResult="-1" Descr="McAfee VirusScan - On Demand Scan" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe" Size="362064" Attr="rsAh" CreateDate="12/7/2007 2:15:09 AM" ChageDate="1/16/2007 6:03:36 PM" MD5="" /> <ITEM PID="204" File="c:\progra~1\mcafee\msc\mcpromgr.exe" CheckResult="-1" Descr="McAfee Integrated Security Platform" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="C:\PROGRA~1\McAfee\MSC\mcpromgr.exe" Size="493144" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:21:40 PM" MD5="14313FF5203DF7CB53E8D2F18F59D4D2" /> <ITEM PID="228" File="c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe" CheckResult="-1" Descr="McAfee Proxy Service Module" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe" Size="353368" Attr="rsAh" CreateDate="12/7/2007 2:15:51 AM" ChageDate="4/12/2007 9:33:42 AM" MD5="7BC413411A8A0E58ECB6868FFC2180D9" /> <ITEM PID="408" File="c:\progra~1\mcafee\viruss~1\mcshield.exe" CheckResult="-1" Descr="On-Access Scanner service" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." CmdLine="C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe" Size="144960" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:56:42 AM" MD5="6611420C3CC970126C86ADCDC376AE39" /> <ITEM PID="492" File="c:\progra~1\mcafee\viruss~1\mcsysmon.exe" CheckResult="-1" Descr="McAfee SystemGuards Service" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe" Size="643664" Attr="rsAh" CreateDate="12/7/2007 2:14:39 AM" ChageDate="1/25/2007 4:01:58 PM" MD5="9770A8706BBA3C4CBEA998D2A6BF2D08" /> <ITEM PID="620" File="c:\program files\mcafee\mpf\mpfsrv.exe" CheckResult="-1" Descr="McAfee Personal Firewall Service" LegalCopyright="Copyright © 2005 McAfee, Inc. All Rights Reserved." CmdLine="@quot;C:\Program Files\McAfee\MPF\[email protected];" Size="841256" Attr="rsAh" CreateDate="12/7/2007 2:15:27 AM" ChageDate="6/19/2007 8:55:24 AM" MD5="1CAD000C45ED402F9C61F90CF8D208C2" /> <ITEM PID="2312" File="c:\progra~1\mcafee\mps\mps.exe" CheckResult="-1" Descr="McAfee Privacy Service 9.0" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="C:\PROGRA~1\McAfee\MPS\mps.exe" Size="906792" Attr="rsAh" CreateDate="12/7/2007 2:15:56 AM" ChageDate="4/18/2007 2:08:06 PM" MD5="" /> <ITEM PID="3500" File="c:\program files\mcafee\mps\mpsevh.exe" CheckResult="-1" Descr="McAfee Privacy Service 9.0 Event Handler" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="@quot;C:\Program Files\McAfee\MPS\[email protected]; -Embedding" Size="304680" Attr="rsAh" CreateDate="12/7/2007 2:16:01 AM" ChageDate="4/18/2007 2:08:10 PM" MD5="6510D5303CC0D1CF1908B8BD21063420" /> <ITEM PID="312" File="c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe" CheckResult="-1" Descr="McAfee Redirector Service Module" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe" Size="256096" Attr="rsAh" CreateDate="12/7/2007 2:14:23 AM" ChageDate="3/8/2007 3:42:42 PM" MD5="DAF486036F2F6EE9DBA390D3CF2E5C29" /> <ITEM PID="3320" File="c:\program files\aol 9.0b\shellmon.exe" CheckResult="-1" Descr="waolmon" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" CmdLine="@quot;C:\Program Files\AOL 9.0b\[email protected];" Size="54832" Attr="rsAh" CreateDate="4/18/2007 1:49:05 AM" ChageDate="4/18/2007 1:49:05 AM" MD5="1E859A926D7896F51BB5E1E3055D4C8F" /> <ITEM PID="2936" File="c:\program files\spywarefighter\spfprc.exe" CheckResult="-1" Descr="SpywareFighter" LegalCopyright="SpamFighter APS. All rights reserved." CmdLine="@quot;C:\Program Files\SPYWAREfighter\[email protected];" Size="410520" Attr="rsAh" CreateDate="6/8/2007 11:52:14 AM" ChageDate="6/8/2007 11:52:14 AM" MD5="DD634A9825135DDD919683A7DC04360B" /> <ITEM PID="2632" File="c:\program files\spywarefighter\spftray.exe" CheckResult="-1" Descr="Spywarefighter Tray" LegalCopyright="" CmdLine="@quot;C:\Program Files\SPYWAREfighter\[email protected];" Size="115608" Attr="rsAh" CreateDate="6/8/2007 11:52:18 AM" ChageDate="6/8/2007 11:52:18 AM" MD5="B98D723FBDF2508C8959258BD42F46E9" /> <ITEM PID="1680" File="c:\windows\system32\spoolsv.exe" CheckResult="0" Descr="Spooler SubSystem App" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\system32\spoolsv.exe" Size="57856" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="6/10/2005 6:53:32 PM" MD5="DA81EC57ACD4CDC3D4C51CF3D409AF9F" /> <ITEM PID="1436" File="c:\program files\aol 9.0b\waol.exe" CheckResult="-1" Descr="AOL Software" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" CmdLine="-Brestart" Size="39472" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="DCF06AFB01E890FE4D89FA09D64524ED" /> </PROCESS> - <DLL> <ITEM File="C:\Program Files\Common Files\AOL\ACS\AOLacsd.dll" CheckResult="-1" Descr="AOL Connectivity Service" LegalCopyright="Copyright © 2001-2006 AOL LLC" UsedBy="1812" Hidden="-1" Size="1263152" Attr="RsAh" CreateDate="4/13/2007 12:29:27 PM" ChageDate="4/13/2007 12:29:27 PM" MD5="B1081E9380ACEEF7B9C5F928261EC569" /> <ITEM File="C:\Program Files\Common Files\AOL\ACS\xpat.dll" CheckResult="-1" Descr="AOL Connectivity Service XML Parser" LegalCopyright="Copyright © 2001-2006 AOL LLC" UsedBy="1812" Hidden="-1" Size="124464" Attr="RsAh" CreateDate="4/13/2007 12:29:50 PM" ChageDate="4/13/2007 12:29:50 PM" MD5="C64B23D10FAFE5BFABD89C53EBDB270E" /> <ITEM File="C:\Program Files\Common Files\AOL\ACS\ACSMDiag.dll" CheckResult="-1" Descr="AOL Connectivity Service Diagnostics" LegalCopyright="Copyright © 2001-2006 AOL LLC" UsedBy="1812" Hidden="-1" Size="87600" Attr="RsAh" CreateDate="4/13/2007 12:29:25 PM" ChageDate="4/13/2007 12:29:25 PM" MD5="6181BD3B38F360B53D76C0802FE842C3" /> <ITEM File="C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll" CheckResult="-1" Descr="AOL Diagnostics" LegalCopyright="Copyright © 1998-2006 - SupportSoft Software, Inc. All Rights Reserved." UsedBy="1812,3140,1436" Hidden="-1" Size="106496" Attr="rsAh" CreateDate="8/11/2006 4:38:55 PM" ChageDate="3/8/2007 8:39:52 PM" MD5="15B9CC21717F3CD0F660AF315521E3C0" /> <ITEM File="C:\Program Files\Common Files\AOL\ACS\AcsCmn.dll" CheckResult="-1" Descr="AOL Connectivity Service Common Code" LegalCopyright="Copyright © 2001-2006 AOL LLC" UsedBy="1812,1436" Hidden="-1" Size="206384" Attr="RsAh" CreateDate="4/13/2007 12:29:36 PM" ChageDate="4/13/2007 12:29:36 PM" MD5="E3C1E0E02EBF63BAF138EC42CE39BA7C" /> <ITEM File="C:\Program Files\Common Files\AOL\ACS\ACSSwu.dll" CheckResult="-1" Descr="AOL Connectivity Service Software Update" LegalCopyright="Copyright © 2001-2006 AOL LLC" UsedBy="1812" Hidden="-1" Size="235056" Attr="RsAh" CreateDate="4/13/2007 12:29:16 PM" ChageDate="4/13/2007 12:29:16 PM" MD5="24B23C8E8C69A158B09B3C4690B5750B" /> <ITEM File="C:\Program Files\Common Files\AOL\1175982866\ee\AOLSvcMgr.dll" CheckResult="-1" Descr="AOLSvcMgr" LegalCopyright="Copyright © 2007 AOL LLC" UsedBy="3140,1436" Hidden="-1" Size="595456" Attr="rsAh" CreateDate="9/25/2006 7:51:46 PM" ChageDate="4/12/2007 4:22:49 PM" MD5="AC55822CD0156228032052BD9A945D61" /> <ITEM File="C:\Program Files\Common Files\AOL\1175982866\ee\xprt6.dll" CheckResult="-1" Descr="XPRT Runtime Library" LegalCopyright="Copyright 1998-2006 AOL LLC" UsedBy="3140,1436" Hidden="-1" Size="241664" Attr="rsAh" CreateDate="8/4/2006 12:03:52 PM" ChageDate="8/4/2006 12:03:52 PM" MD5="B6EB80232F24EC02CE75B23A66ED88C2" /> <ITEM File="c:\program files\common files\aol\1175982866\ee\services\os\ver5_2_1_1\OS.dll" CheckResult="-1" Descr="os EE Service" LegalCopyright="Copyright © 2006 AOL LLC" UsedBy="3140" Hidden="-1" Size="180736" Attr="rsAh" CreateDate="9/21/2006 10:19:02 AM" ChageDate="9/21/2006 10:19:02 AM" MD5="483302397A9A1334FB9D44DD16638898" /> <ITEM File="C:\Program Files\Common Files\AOL\1175982866\ee\xprt5.dll" CheckResult="-1" Descr="XPRT Runtime Library" LegalCopyright="Copyright 1998-2007 AOL LLC" UsedBy="3140" Hidden="-1" Size="249856" Attr="rsAh" CreateDate="3/12/2007 2:12:31 PM" ChageDate="3/12/2007 2:12:31 PM" MD5="01D280B0DFB2A0580F72AAD3BD2EF15D" /> <ITEM File="c:\program files\common files\aol\1175982866\ee\services\os\ver5_2_1_1\AOLIdleMon.dll" CheckResult="-1" Descr="AolIdleMon EE Service" LegalCopyright="Copyright © 2006 AOL LLC" UsedBy="3140" Hidden="-1" Size="5632" Attr="rsAh" CreateDate="9/21/2006 10:18:49 AM" ChageDate="9/21/2006 10:18:49 AM" MD5="1337EF044854F38B9DFD085E56EBC3A2" /> <ITEM File="c:\program files\common files\aol\1175982866\ee\services\notification\ver6_2_6_1\Notify.dll" CheckResult="-1" Descr="Notification Service" LegalCopyright="Copyright © 2006 America Online, Inc." UsedBy="3140" Hidden="-1" Size="145920" Attr="rsAh" CreateDate="8/1/2006 4:26:55 PM" ChageDate="8/1/2006 4:26:55 PM" MD5="DA8CFF2E849BB7C09BF4A6E170615E35" /> <ITEM File="c:\program files\common files\aol\1175982866\ee\services\localStorage\ver7_1_6_1\clsSvc.dll" CheckResult="-1" Descr="clssvc EE Service" LegalCopyright="Copyright © 2007 AOL LLC" UsedBy="3140" Hidden="-1" Size="334848" Attr="rsAh" CreateDate="4/24/2007 6:40:14 PM" ChageDate="4/24/2007 6:40:14 PM" MD5="8AA0F6018B3B52DBE74CE77A9A7E85AA" /> <ITEM File="c:\program files\common files\aol\1175982866\ee\services\metrics\ver3_6_16_1\cmls.dll" CheckResult="-1" Descr="Client Metrics Service" LegalCopyright="Copyright © 2006 AOL LLC" UsedBy="3140" Hidden="-1" Size="262144" Attr="rsAh" CreateDate="9/11/2006 10:38:51 AM" ChageDate="9/11/2006 10:38:51 AM" MD5="7204F76E069854A2785796A0911AFB27" /> <ITEM File="c:\program files\common files\aol\1175982866\ee\services\aolsystrayservice\ver3_0_16_1\AOLSysTrayService.dll" CheckResult="-1" Descr="aolsystrayservice EE Service" LegalCopyright="Copyright © 2006 AOL LLC. All rights reserved." UsedBy="3140" Hidden="-1" Size="180224" Attr="rsAh" CreateDate="10/13/2006 9:31:46 AM" ChageDate="10/13/2006 9:31:46 AM" MD5="2856C172401B665FB7451B4B4CC5D657" /> <ITEM File="c:\program files\common files\aol\1175982866\ee\services\suiteFramework\ver4_1_6_1\suiteFramework.dll" CheckResult="-1" Descr="SuiteFramework Service" LegalCopyright="Copyright © 2006 AOL LLC." UsedBy="3140" Hidden="-1" Size="292864" Attr="rsAh" CreateDate="10/18/2006 4:06:14 PM" ChageDate="10/18/2006 4:06:14 PM" MD5="4A9476E8EF7051BCF06D33A746339E9C" /> <ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll" CheckResult="-1" Descr="VSCore Script Scanner" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="944,1436" Hidden="-1" Size="67136" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:44 AM" MD5="AAB55DDA71DA25DDED70FEA55B61CC19" /> <ITEM File="C:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\MSVCP80.dll" CheckResult="-1" Descr="Microsoft® C++ Runtime Library" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="2648" Hidden="-1" Size="548864" Attr="rsAh" CreateDate="8/22/2007 4:34:26 PM" ChageDate="8/22/2007 4:34:26 PM" MD5="392FADBA4883243C97A56075FA86882D" /> <ITEM File="C:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\MSVCR80.dll" CheckResult="-1" Descr="Microsoft® C Runtime Library" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="2648" Hidden="-1" Size="626688" Attr="rsAh" CreateDate="8/22/2007 4:34:26 PM" ChageDate="8/22/2007 4:34:26 PM" MD5="F39FAF4C1A7C832946DFF4313FFA4572" /> <ITEM File="c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll" CheckResult="-1" Descr="McAfee Core Proxy Stub" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1952,1476,2028,124,204,408,492,620,2312,3500,312" Hidden="-1" Size="84064" Attr="rsAh" CreateDate="12/7/2007 2:13:39 AM" ChageDate="1/5/2007 2:50:04 PM" MD5="" /> <ITEM File="c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll" CheckResult="-1" Descr="McAfee HackerWatch Proxy Stub" LegalCopyright="© McAfee, Inc. All rights reserved." UsedBy="1952,492,620,312" Hidden="-1" Size="54376" Attr="rsAh" CreateDate="12/7/2007 2:14:26 AM" ChageDate="2/13/2007 12:09:14 PM" MD5="314CBFBC64F78F8EB8CFB7B50C387A0B" /> <ITEM File="C:\PROGRA~1\McAfee\MSC\McRes.dll" CheckResult="-1" Descr="McAfee Non-Localized Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,2028,124,204,3500" Hidden="-1" Size="80984" Attr="rsAh" CreateDate="12/7/2007 2:13:45 AM" ChageDate="1/5/2007 4:21:48 PM" MD5="D970BE54162487D495B36EF5006ED3B9" /> <ITEM File="C:\PROGRA~1\McAfee\MSC\McLocRes.dll" CheckResult="-1" Descr="McAfee Localized Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,2028,124,204,3500" Hidden="-1" Size="58920" Attr="rsAh" CreateDate="12/7/2007 2:13:45 AM" ChageDate="4/16/2007 11:28:18 AM" MD5="BC986FD58A63384BC3897A71CB1E9ED9" /> <ITEM File="C:\Program Files\McAfee\MSC\oem\578\Mccobres.dll" CheckResult="-1" Descr="McAfee Co-Branded Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,2028,124,204,3500" Hidden="-1" Size="558400" Attr="rsah" CreateDate="12/7/2007 2:14:13 AM" ChageDate="8/17/2007 2:31:14 PM" MD5="57143713AD6E5C1C135739925B2088CC" /> <ITEM File="C:\PROGRA~1\McAfee\MSC\Mccobres.dll" CheckResult="-1" Descr="McAfee Co-Branded Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,2028,124,204,3500" Hidden="-1" Size="558632" Attr="rsAh" CreateDate="12/7/2007 2:13:44 AM" ChageDate="4/16/2007 11:29:18 AM" MD5="24CB52C210224430E3DAAB8ED1918AD0" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll" CheckResult="-1" Descr="McAfee Subscription manager module" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,124,204,492" Hidden="-1" Size="480856" Attr="rsAh" CreateDate="3/7/2007 4:01:10 PM" ChageDate="3/7/2007 4:01:10 PM" MD5="860424B66E83F6ECA9E6A0663F788095" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mcregobj\7_2_14~1\mcregobj.dll" CheckResult="-1" Descr="MISP Registration Component" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,124" Hidden="-1" Size="290392" Attr="rsAh" CreateDate="1/5/2007 4:21:46 PM" ChageDate="1/5/2007 4:21:46 PM" MD5="F4393AB71EFA25568A1E07C2AB3B7CF7" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mcmispps.dll" CheckResult="-1" Descr="McAfee MISP Proxy Stub DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,2028,124,204,408,492,620,3500" Hidden="-1" Size="66648" Attr="rsAh" CreateDate="12/7/2007 2:13:42 AM" ChageDate="1/5/2007 4:21:30 PM" MD5="A95DC5F7A4D0FC94E0DAA86A2C82AAC2" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mccfgpv.dll" CheckResult="-1" Descr="MISP Default Configuration Provider" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476" Hidden="-1" Size="397912" Attr="rsAh" CreateDate="12/7/2007 2:13:48 AM" ChageDate="1/5/2007 4:21:22 PM" MD5="1CA04CB62607C6C7ADC50E6ED7CBC1D2" /> <ITEM File="c:\PROGRA~1\mcafee.com\agent\mcagntps.dll" CheckResult="-1" Descr="McAfee Integrated Security Platform" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476" Hidden="-1" Size="67160" Attr="rsAh" CreateDate="12/7/2007 2:13:56 AM" ChageDate="1/5/2007 4:21:18 PM" MD5="B99DB2A48AEBFD9B8E49DDCB7991C2DA" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mcuicfg.dll" CheckResult="-1" Descr="McAfee Integrated Security Platform" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476" Hidden="-1" Size="116312" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:21:58 PM" MD5="DFB3C949D6C2A7E67AA18063D31A0CD9" /> <ITEM File="C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll" CheckResult="-1" Descr="Sqlite3 Database Module" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="2028" Hidden="-1" Size="374384" Attr="rsAh" CreateDate="12/7/2007 2:13:41 AM" ChageDate="1/8/2007 1:46:28 PM" MD5="F01A387CF3051431A5BA0FB25118BC92" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mcdbmgr.dll" CheckResult="-1" Descr="McAfee Log Database Manager" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="2028" Hidden="-1" Size="253528" Attr="rsAh" CreateDate="12/7/2007 2:13:51 AM" ChageDate="1/5/2007 4:21:24 PM" MD5="8446C6000BD0B981BC4B6BBF09A1DD6B" /> <ITEM File="C:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll" CheckResult="-1" Descr="McAfee Utility DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="110704" Attr="rsAh" CreateDate="12/7/2007 2:13:41 AM" ChageDate="1/8/2007 1:46:18 PM" MD5="63A184C25C12D6922B4A00D286CF3DE9" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mcnmcsrv.dll" CheckResult="-1" Descr="McAfee NMC Server" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124" Hidden="-1" Size="894504" Attr="rsAh" CreateDate="12/7/2007 2:14:09 AM" ChageDate="3/6/2007 6:26:52 PM" MD5="3FC22BA888356B0ACDB7E1D6FC0F002C" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mcshllps.dll" CheckResult="-1" Descr="McAfee McShell Proxy Stub DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="87640" Attr="rsAh" CreateDate="12/7/2007 2:13:43 AM" ChageDate="1/5/2007 4:21:52 PM" MD5="B811AAC93D5BD5DCA6CCB0251ED59586" /> <ITEM File="c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL" CheckResult="-1" Descr="McAfee Network Agent Proxy/Stub" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="83496" Attr="rsAh" CreateDate="12/7/2007 2:14:06 AM" ChageDate="3/9/2007 4:36:12 AM" MD5="975F9F1EAFB8566A51D696E61D7845EA" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mcnmcsps.dll" CheckResult="-1" Descr="McAfee NMC Server Proxy Stub" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="67112" Attr="rsAh" CreateDate="12/7/2007 2:14:09 AM" ChageDate="3/6/2007 6:26:50 PM" MD5="935873C869BE551ABE18C4C1C5A12520" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mcmismgr.dll" CheckResult="-1" Descr="McAfee Misc Manager" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124" Hidden="-1" Size="394840" Attr="rsAh" CreateDate="12/7/2007 2:13:46 AM" ChageDate="1/5/2007 4:21:34 PM" MD5="CC6A41FF46C4EFC8F2EBD433FA47F91F" /> <ITEM File="c:\PROGRA~1\COMMON~1\mcafee\mna\mcuj.dll" CheckResult="-1" Descr="McAfee Unified Join" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124" Hidden="-1" Size="333352" Attr="rsAh" CreateDate="12/7/2007 2:14:06 AM" ChageDate="3/9/2007 4:36:14 AM" MD5="4129F3D399370271074463D15AAB4565" /> <ITEM File="C:\PROGRA~1\McAfee\MSC\McNmcRes.dll" CheckResult="-1" Descr="McAfee NMC Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="333352" Attr="rsAh" CreateDate="12/7/2007 2:14:11 AM" ChageDate="3/6/2007 6:26:48 PM" MD5="1E55194336D7639EBEB95E75AEDDB218" /> <ITEM File="C:\PROGRA~1\McAfee\MSC\McNmcLoR.dll" CheckResult="-1" Descr="McAfee NMC Localized Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="14376" Attr="rsAh" CreateDate="12/7/2007 2:14:11 AM" ChageDate="3/6/2007 6:33:36 PM" MD5="2D297D63417EF342BE55E99F6F935CE2" /> <ITEM File="C:\PROGRA~1\McAfee\MSC\McNmcCoR.dll" CheckResult="-1" Descr="McAfee NMC Co-Branded Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="13352" Attr="rsAh" CreateDate="12/7/2007 2:14:12 AM" ChageDate="3/6/2007 6:33:56 PM" MD5="F9733A366B95C5387A6EFB6DE1354A61" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mcprotpv.dll" CheckResult="-1" Descr="MISP Default Protection Provider" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="204" Hidden="-1" Size="317016" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:21:42 PM" MD5="CE0150BC423490294E40697B0F47E3AD" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mcnmcprv.dll" CheckResult="-1" Descr="McAfee NMC Provider" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="204" Hidden="-1" Size="349736" Attr="rsAh" CreateDate="12/7/2007 2:14:09 AM" ChageDate="3/6/2007 6:26:46 PM" MD5="DE16DB48B1B925C8B75B386576EDB606" /> <ITEM File="C:\PROGRA~1\McAfee\MSC\McProHlp.dll" CheckResult="-1" Descr="Mc Security Index" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="204" Hidden="-1" Size="231000" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:21:40 PM" MD5="FE763F9B4DF58577DA50409BF837F3E3" /> <ITEM File="c:\PROGRA~1\mcafee\mps\mpsppm.dll" CheckResult="-1" Descr="MPS Proxy Plugin Module" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="228" Hidden="-1" Size="207912" Attr="rsAh" CreateDate="12/7/2007 2:15:56 AM" ChageDate="4/18/2007 2:07:46 PM" MD5="12F30D8D6D2300F7F42B9B9B752FFBA2" /> <ITEM File="c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll" CheckResult="-1" Descr="McAfee Event Broker" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="228,408,492,620,2312,312" Hidden="-1" Size="267856" Attr="rsAh" CreateDate="12/7/2007 2:13:39 AM" ChageDate="1/5/2007 2:50:04 PM" MD5="5F2A40A32C06BD4AD4450121ADB95AD7" /> <ITEM File="c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirps.dll" CheckResult="-1" Descr="McAfee Redirector Service Proxy Stub" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="228,312" Hidden="-1" Size="76896" Attr="rsAh" CreateDate="12/7/2007 2:14:23 AM" ChageDate="3/8/2007 3:42:36 PM" MD5="F2C5BB8DC685D31C1895BD74BE2F5FA3" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\LockDown.dll" CheckResult="-1" Descr="Provides self-protection functionality" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="25152" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:56:40 AM" MD5="A5BFECDD6127A276A9B24A1007C34800" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mytilus.dll" CheckResult="-1" Descr="Common Shell - [email protected]; interface to the engine" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="132672" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:57:30 AM" MD5="E7E7C5E2253A741EF7269C5F21D73BB4" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mytilus2.dll" CheckResult="-1" Descr="Common Shell2 - [email protected]; interface to the 5000 series engine" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="226880" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:57:30 AM" MD5="13515CB8D6602D3433537104D6055A52" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\RES00\McShield.dll" CheckResult="-1" Descr="Resources for McShield" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="24664" Attr="rsAh" CreateDate="12/7/2007 2:14:36 AM" ChageDate="6/25/2007 10:55:10 AM" MD5="3A384EBBAEE0151233C02FCE02A7CEE1" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\FTL.Dll" CheckResult="-1" Descr="File Filter Library" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="41024" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:56:58 AM" MD5="181D9F8B63960DA647B4B9A9B3EEB985" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\naiann.dll" CheckResult="-1" Descr="McAfee VirusScan Announcer" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408" Hidden="-1" Size="321104" Attr="rsAh" CreateDate="12/7/2007 2:14:38 AM" ChageDate="1/16/2007 2:06:14 PM" MD5="5BE90201048153C3975C7C4339199514" /> <ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\mcvsps.dll" CheckResult="-1" Descr="McAfee VirusScan Proxy Stub dll" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408,492" Hidden="-1" Size="169552" Attr="rsAh" CreateDate="12/7/2007 2:14:37 AM" ChageDate="1/16/2007 2:06:10 PM" MD5="" /> <ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll" CheckResult="-1" Descr="McAfee VirusScan Announcer Proxy Stub dll" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408" Hidden="-1" Size="24656" Attr="rsAh" CreateDate="12/7/2007 2:14:37 AM" ChageDate="1/16/2007 2:06:16 PM" MD5="792480860CB2ABF6AB643CBE0CE4BBBD" /> <ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll" CheckResult="-1" Descr="McAfee Configuration Object Tool" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408,492" Hidden="-1" Size="296528" Attr="rsAh" CreateDate="12/7/2007 2:14:37 AM" ChageDate="4/18/2007 8:26:08 AM" MD5="F496CA7746E0CE9266900B1632B4E29E" /> <ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\mcvsqt.dll" CheckResult="-1" Descr="McAfee VirusScan Quarantine Interface" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408" Hidden="-1" Size="185936" Attr="rsAh" CreateDate="12/7/2007 2:14:37 AM" ChageDate="1/16/2007 2:05:42 PM" MD5="2217F3EBE3A041C423DC9DB840A0DB80" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\McQtLib.dll" CheckResult="-1" Descr="McAfee Quarantine Library" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408" Hidden="-1" Size="194128" Attr="rsAh" CreateDate="12/7/2007 2:14:37 AM" ChageDate="1/16/2007 2:06:08 PM" MD5="7B34ACE0CFCC7346E31E300CB4C00ED5" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll" CheckResult="-1" Descr="McAfee VirusScan Log Helper" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408,492" Hidden="-1" Size="276048" Attr="rsAh" CreateDate="12/7/2007 2:15:12 AM" ChageDate="1/16/2007 6:03:50 PM" MD5="C3E3DD3D79807127A52C5625CE10BC76" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\scriptsv.dll" CheckResult="-1" Descr="VSCore Script Scanner" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="17984" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:46 AM" MD5="2369DAE0A438B9BEC65871420D53CF86" /> <ITEM File="C:\Program Files\McAfee\VirusScan\mcscan32.dll" CheckResult="-1" Descr="AV Scanning Engine" LegalCopyright="Copyright © 2007 McAfee, Inc." UsedBy="408" Hidden="-1" Size="2724006" Attr="RsAh" CreateDate="12/7/2007 2:14:49 AM" ChageDate="7/9/2007 5:20:00 AM" MD5="7D89C620128AC1B1D2BEADAE59C5EDF2" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mfebopa.dll" CheckResult="-1" Descr="Buffer Overflow Protection Service" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="58944" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:10 AM" MD5="4711D113468155AC27983BE349408618" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll" CheckResult="-1" Descr="Host Intrusion Detection Link Driver Communication" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408,492" Hidden="-1" Size="19008" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:57:12 AM" MD5="1FC2D830CFA073C55AF2C08CCA8F25B7" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mfeavfa.dll" CheckResult="-1" Descr="Anti Virus File System Filter Driver API" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="58944" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:57:04 AM" MD5="EFBC8534AC8BE9F03AF580AE354B998C" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mfesmfa.dll" CheckResult="-1" Descr="System Monitor Filter Driver API" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="492" Hidden="-1" Size="17472" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:26 AM" MD5="2BF1F42442060609DD7E2A8FEFD68141" /> <ITEM File="c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll" CheckResult="-1" Descr="McAfee Personal Firewall Plus" LegalCopyright="Copyright © 2005 McAfee, Inc. All Rights Reserved." UsedBy="620" Hidden="-1" Size="972328" Attr="rsAh" CreateDate="12/7/2007 2:15:35 AM" ChageDate="3/9/2007 4:21:10 PM" MD5="30191EB8EE14AF39ABDC438F33916182" /> <ITEM File="C:\windows\system32\Dunzip32.dll" CheckResult="-1" Descr="DynaZIP-32 Multi-Threading UnZIP DLL" LegalCopyright="Copyright © 1995 - 2004 by Inner Media, Inc. All Rights Reserved." UsedBy="2312" Hidden="-1" Size="143360" Attr="rsAh" CreateDate="12/7/2007 2:15:57 AM" ChageDate="3/3/2006 11:07:02 AM" MD5="C293127E169B0F2F02BB2CBED1057471" /> <ITEM File="c:\PROGRA~1\mcafee\mps\mpsps.dll" CheckResult="-1" Descr="McAfee Privacy Service 9.0 Proxy Stub" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="2312,3500" Hidden="-1" Size="58408" Attr="rsAh" CreateDate="12/7/2007 2:15:56 AM" ChageDate="4/18/2007 2:08:12 PM" MD5="E43DA3F7CF8BB44A360F2A66026E542B" /> <ITEM File="C:\PROGRA~1\McAfee\MSC\McAltLib.dll" CheckResult="-1" Descr="MISP Alert Library" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="3500" Hidden="-1" Size="288344" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:22:06 PM" MD5="B8D3D1737DC48D9B08B408F53F2B5E8E" /> <ITEM File="c:\PROGRA~1\mcafee\mps\mpsmisp.dll" CheckResult="-1" Descr="McAfee Privacy Service 9.0" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="3500" Hidden="-1" Size="415784" Attr="rsAh" CreateDate="12/7/2007 2:16:01 AM" ChageDate="4/18/2007 2:07:42 PM" MD5="F165CF0FABCBE256F5885AE4BC1C6BB5" /> <ITEM File="C:\Program Files\SPYWAREfighter\engine.dll" CheckResult="-1" Descr="scan engine" LegalCopyright="Copyright © 2005 Anti-Malware Development a.s." UsedBy="2936" Hidden="-1" Size="471960" Attr="rsAh" CreateDate="6/8/2007 11:52:24 AM" ChageDate="6/8/2007 11:52:24 AM" MD5="8D14075841481A2D59F3227EE5E72417" /> <ITEM File="C:\Program Files\SPYWAREfighter\spfrm.dll" CheckResult="-1" Descr="SpyWareFighter RS" LegalCopyright="SpamFighter Aps. All rights reserved." UsedBy="2936,2632" Hidden="-1" Size="230296" Attr="rsAh" CreateDate="6/8/2007 11:52:40 AM" ChageDate="6/8/2007 11:52:40 AM" MD5="B534F5F1AADB2BE2E46FCC2E774A1E87" /> <ITEM File="C:\Program Files\SPYWAREfighter\SPYWAREfighterBO.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="2936,2632" Hidden="-1" Size="119704" Attr="rsAh" CreateDate="6/8/2007 11:52:42 AM" ChageDate="6/8/2007 11:52:42 AM" MD5="BE486297D5DEE1F3C7ADBAFEF9D28AE1" /> <ITEM File="C:\windows\system32\hpz3l4pi.dll" CheckResult="-1" Descr="LanguageMonitor" LegalCopyright="Copyright © 1999" UsedBy="1680" Hidden="-1" Size="48128" Attr="rsAh" CreateDate="4/7/2007 6:55:22 PM" ChageDate="6/3/2006 8:29:16 PM" MD5="37EAAE02EBF3B89F4F7BD1D40761F80B" /> <ITEM File="C:\windows\System32\spool\PRTPROCS\W32X86\hpzpp4pi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © Hewlett-Packard Corp. 1997-2002" UsedBy="1680" Hidden="-1" Size="76288" Attr="rsAh" CreateDate="4/7/2007 6:55:23 PM" ChageDate="6/3/2006 8:29:06 PM" MD5="9B8DDEEDB31EDD8042D3B337B47D0409" /> <ITEM File="C:\Program Files\AOL 9.0b\waol.dll" CheckResult="-1" Descr="AOL Software" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="364544" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="7A039521B550697ECEC12F3A8688672A" /> <ITEM File="C:\Program Files\AOL 9.0b\supersub.dll" CheckResult="-1" Descr="SuperSub" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="454656" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="5DCE7F8D6AB93F4FC798EB9EB133F10D" /> <ITEM File="C:\Program Files\AOL 9.0b\xprt5.dll" CheckResult="-1" Descr="XPRT Runtime Library" LegalCopyright="Copyright 1998-2007 AOL LLC" UsedBy="1436" Hidden="-1" Size="249856" Attr="rsAh" CreateDate="4/18/2007 1:49:08 AM" ChageDate="4/18/2007 1:49:08 AM" MD5="BF9D64E0ECD591BC1B38BD335156B66F" /> <ITEM File="C:\Program Files\AOL 9.0b\coolcore46.dll" CheckResult="-1" Descr="COOL Core Component Library" LegalCopyright="Copyright 1998-2007 AOL LLC" UsedBy="1436" Hidden="-1" Size="749568" Attr="rsAh" CreateDate="4/18/2007 1:49:00 AM" ChageDate="4/18/2007 1:49:00 AM" MD5="2522A70E4818281C27C9BD1952C376A1" /> <ITEM File="C:\Program Files\AOL 9.0b\comm.dll" CheckResult="-1" Descr="Comm" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="245760" Attr="rsAh" CreateDate="4/18/2007 1:49:00 AM" ChageDate="4/18/2007 1:49:00 AM" MD5="AABE0FDB863D088AD3A3751C8D40E2C6" /> <ITEM File="C:\Program Files\AOL 9.0b\manager.dll" CheckResult="-1" Descr="Display Manager" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="901120" Attr="rsAh" CreateDate="4/18/2007 1:49:02 AM" ChageDate="9/14/2007 11:50:58 AM" MD5="A2BC762A42DC8A4BCE27CE3EA5ACF97B" /> <ITEM File="C:\Program Files\AOL 9.0b\SYNCCORE.dll" CheckResult="-1" Descr="SYNCCORE.DLL" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="22528" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="56501D3BE21525DB985700CD0FDE0414" /> <ITEM File="C:\Program Files\AOL 9.0b\ProxyMgr.dll" CheckResult="-1" Descr="ProxyMgr DLL" LegalCopyright="Copyright ¬ 1999 - 2003" UsedBy="1436" Hidden="-1" Size="114688" Attr="rsAh" CreateDate="4/18/2007 1:49:05 AM" ChageDate="4/18/2007 1:49:05 AM" MD5="465B58B8EE6BABDDEA6EB082B3E62ACC" /> <ITEM File="C:\Program Files\AOL 9.0b\APPDATA.dll" CheckResult="-1" Descr="AppData" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="11264" Attr="rsAh" CreateDate="4/18/2007 1:49:00 AM" ChageDate="4/18/2007 1:49:00 AM" MD5="FD7B588D956F07BF3EAF22D84C061296" /> <ITEM File="C:\Program Files\AOL 9.0b\acfBase.DLL" CheckResult="-1" Descr="acf Module" LegalCopyright="Copyright 2001" UsedBy="1436" Hidden="-1" Size="41472" Attr="rsAh" CreateDate="4/18/2007 1:48:59 AM" ChageDate="4/18/2007 1:48:59 AM" MD5="959141849AFD2F062DDA9BD64C3CBD54" /> <ITEM File="C:\Program Files\AOL 9.0b\resource.dll" CheckResult="-1" Descr="RESOURCE Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="2703360" Attr="rsAh" CreateDate="4/18/2007 1:49:05 AM" ChageDate="4/18/2007 1:49:05 AM" MD5="6F20433C6889F1909A930474D6CB9515" /> <ITEM File="C:\Program Files\AOL 9.0b\TOOL\imfdecode.rct" CheckResult="-1" Descr="Imfdecode Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="421888" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="5A67C2F49A59FFAE8FEA0F719C7B9F99" /> <ITEM File="C:\Program Files\AOL 9.0b\TOOL\coretool.rct" CheckResult="-1" Descr="Coretool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="401408" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="713A0F8C867BEEB435EFEF0FA9C7E49E" /> <ITEM File="C:\Program Files\AOL 9.0b\TOOL\mip.tol" CheckResult="-1" Descr="MIP Manager" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="315392" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="A9D4A63B1EA63D557DD6FAFD1BD0FFF9" /> <ITEM File="C:\Program Files\AOL 9.0b\ABOOK.dll" CheckResult="-1" Descr="ABook Library" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="380928" Attr="rsAh" CreateDate="4/18/2007 1:48:59 AM" ChageDate="4/18/2007 1:48:59 AM" MD5="FAD65A905B609722AC0704313C0849D7" /> <ITEM File="C:\Program Files\AOL 9.0b\TOOL\rich.rct" CheckResult="-1" Descr="Rich Text Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="434176" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="9E0C34DA3F3265F846ABA1DBCFA0EE98" /> <ITEM File="C:\Program Files\AOL 9.0b\TOOL\actvx.rct" CheckResult="-1" Descr="ActiveX" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="167936" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="" /> <ITEM File="C:\Program Files\AOL 9.0b\TOOL\sec.cct" CheckResult="-1" Descr="Security Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="163840" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="600FBBE776FDA52A57F550057E23163F" /> <ITEM File="C:\Program Files\AOL 9.0b\TOOL\chat.tol" CheckResult="-1" Descr="Chat Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="364544" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="3B35DEE5F1A44CAE9F0097005435EA0A" /> <ITEM File="C:\Program Files\AOL 9.0b\TOOL\htmlview.tol" CheckResult="-1" Descr="Managed By Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="352256" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="" /> <ITEM File="C:\Program Files\AOL 9.0b\TOOL\www.tol" CheckResult="-1" Descr="WWW" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="249856" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="D54B93C40FD04039D66230BE054A4D45" /> <ITEM File="C:\Program Files\AOL 9.0b\TOOL\lvi.tol" CheckResult="-1" Descr="LVI Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="77824" Attr="rsAh" CreateDate="10/2/2007 7:53:03 AM" ChageDate="4/18/2007 1:49:08 AM" MD5="81C9940357741049320B8EC79EC13AA3" /> <ITEM File="C:\Program Files\AOL 9.0b\COOLAPI.dll" CheckResult="-1" Descr="Cool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="196608" Attr="rsAh" CreateDate="4/18/2007 1:49:00 AM" ChageDate="4/18/2007 1:49:00 AM" MD5="E754F58B4D61202C823DF0D61B5691A0" /> <ITEM File="C:\Program Files\AOL 9.0b\idleproc.dll" CheckResult="-1" Descr="IDLEPROC DLL" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="6144" Attr="rsAh" CreateDate="4/18/2007 1:49:01 AM" ChageDate="4/18/2007 1:49:01 AM" MD5="180D0E0733DB9BB7EBC3C0675A055E32" /> <ITEM File="C:\Program Files\AOL 9.0b\TOOL\talk.tol" CheckResult="-1" Descr="Talk Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="27648" Attr="rsAh" CreateDate="10/2/2007 7:53:02 AM" ChageDate="4/18/2007 1:49:08 AM" MD5="F6ACE72ED4960BB0DE3E81DA2EC1C2A6" /> <ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll" CheckResult="-1" Descr="Viewpoint Media Player for Internet Explorer" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="254022" Attr="rsAh" CreateDate="2/15/2007 9:50:19 AM" ChageDate="2/15/2007 9:50:18 AM" MD5="" /> <ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305000D.dll" CheckResult="-1" Descr="Viewpoint Media Player Component Manager" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="213062" Attr="rsAh" CreateDate="2/15/2007 9:50:19 AM" ChageDate="2/15/2007 9:50:19 AM" MD5="CB92EBF6A404E9CFCE1C226BB0D86AFF" /> <ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll" CheckResult="-1" Descr="Viewpoint Media Player Scene Component" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="1282120" Attr="rsAh" CreateDate="7/7/2005 5:26:32 PM" ChageDate="6/15/2007 11:27:15 AM" MD5="18AE6C06D816E187DBF73C88A6358FF5" /> <ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll" CheckResult="-1" Descr="Viewpoint Media Player AOLUserShell" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="413746" Attr="rsAh" CreateDate="7/7/2005 5:26:33 PM" ChageDate="2/20/2004 2:57:31 PM" MD5="930D959F612AA545DEF48CA94616E5D8" /> <ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll" CheckResult="-1" Descr="Viewpoint Media Player Rasterizer Component" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="528430" Attr="rsAh" CreateDate="7/7/2005 5:26:32 PM" ChageDate="2/20/2004 3:02:25 PM" MD5="3BADDC0379DC2E57F654E900F403D5AE" /> <ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll" CheckResult="-1" Descr="Viewpoint Media Player SWFView Component" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="659501" Attr="rsAh" CreateDate="7/7/2005 5:26:32 PM" ChageDate="2/20/2004 3:08:01 PM" MD5="20085B5B8BC179425ED29DCE0C5DD6DD" /> <ITEM File="C:\windows\system32\jgpl400.dll" CheckResult="-1" Descr="JG ART Player DLL" LegalCopyright="©1996 AOL/Johnson-Grace Company" UsedBy="1436" Hidden="-1" Size="27648" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="BBB92EFC61A2D867EB21CE24FC1BB5CA" /> <ITEM File="C:\windows\system32\jgdw400.dll" CheckResult="-1" Descr="JG ART DLL" LegalCopyright="Copyright © 1997 America Online, Inc." UsedBy="1436" Hidden="-1" Size="163840" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="07F5D42EA81FC1A8A2F59D5104714546" /> </DLL> - <KERNELOBJ> <ITEM File="C:\windows\System32\Drivers\dump_atapi.sys" CheckResult="-1" Base="F45AB000" MemSize="018000" Descr="" LegalCopyright="" /> <ITEM File="C:\windows\System32\Drivers\dump_WMILIB.SYS" CheckResult="-1" Base="F7B2C000" MemSize="002000" Descr="" LegalCopyright="" /> <ITEM File="C:\windows\system32\drivers\mfebopk.sys" CheckResult="-1" Base="F78EC000" MemSize="007000" Descr="Buffer Overflow Protection Driver" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." Size="34184" Attr="rsAh" CreateDate="12/7/2007 2:14:33 AM" ChageDate="6/25/2007 10:57:10 AM" MD5="3E9886C65CC655044BABB6869B69E8A3" /> <ITEM File="C:\windows\system32\drivers\mfehidk.sys" CheckResult="-1" Base="B9D0C000" MemSize="029000" Descr="Host Intrusion Detection Link Driver" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." Size="171240" Attr="rsAh" CreateDate="12/7/2007 2:14:31 AM" ChageDate="6/25/2007 10:57:20 AM" MD5="8FF78B6959BC106834F583B9ABE33E33" /> <ITEM File="C:\windows\system32\drivers\mfesmfk.sys" CheckResult="-1" Base="F78DC000" MemSize="008000" Descr="System Monitor Filter Driver" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." Size="37480" Attr="rsAh" CreateDate="12/7/2007 2:14:33 AM" ChageDate="6/25/2007 10:57:28 AM" MD5="465E114B2D2DD7C79951F4A8E9FD9CD2" /> <ITEM File="C:\windows\System32\Drivers\Mpfp.sys" CheckResult="-1" Base="F47DB000" MemSize="023000" Descr="McAfee Personal Firewall Plus Driver" LegalCopyright="Copyright © 2005 McAfee, Inc. All rights reserved." Size="109608" Attr="rsAh" CreateDate="12/7/2007 2:14:21 AM" ChageDate="3/2/2007 2:16:52 PM" MD5="B53A1134237A49A10352D5DD54BB2A54" /> <ITEM File="C:\Program Files\SPYWAREfighter\spyfighter.sys" CheckResult="-1" Base="F78C4000" MemSize="005000" Descr="" LegalCopyright="" Size="8600" Attr="rsAh" CreateDate="6/8/2007 11:52:46 AM" ChageDate="6/8/2007 11:52:46 AM" MD5="07263F66EEF61331D9FBC0EEA316FF86" /> </KERNELOBJ> - <Service> <ITEM File="C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" Name="AOL ACS" CheckResult="-1" Type="272" State="4" Size="46640" Attr="RsAh" CreateDate="10/23/2006 7:50:35 AM" ChageDate="10/23/2006 7:50:35 AM" MD5="85180CF88C5EBAD73B452A43A004CA51" /> <ITEM File="C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe" Name="McAfee HackerWatch Service" CheckResult="-1" Type="16" State="4" Size="540776" Attr="rsAh" CreateDate="12/7/2007 2:14:26 AM" ChageDate="2/13/2007 12:09:12 PM" MD5="38BCCF016B694A745E1CDBC0B080A59C" /> <ITEM File="C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe" Name="mcmscsvc" CheckResult="-1" Type="16" State="4" Size="361560" Attr="rsAh" CreateDate="12/7/2007 2:13:51 AM" ChageDate="1/5/2007 4:22:12 PM" MD5="BB8A45E65BE310996A201F8A75646A8D" /> <ITEM File="c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe" Name="McNASvc" CheckResult="-1" Type="16" State="4" Size="2213416" Attr="rsAh" CreateDate="12/7/2007 2:14:06 AM" ChageDate="3/9/2007 4:36:10 AM" MD5="39621D46D16AF1FCF6063BCED5CA60FC" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe" Name="McODS" CheckResult="-1" Type="16" State="4" Size="362064" Attr="rsAh" CreateDate="12/7/2007 2:15:09 AM" ChageDate="1/16/2007 6:03:36 PM" MD5="" /> <ITEM File="C:\PROGRA~1\McAfee\MSC\mcpromgr.exe" Name="mcpromgr" CheckResult="-1" Type="16" State="4" Size="493144" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:21:40 PM" MD5="14313FF5203DF7CB53E8D2F18F59D4D2" /> <ITEM File="c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe" Name="McProxy" CheckResult="-1" Type="16" State="4" Size="353368" Attr="rsAh" CreateDate="12/7/2007 2:15:51 AM" ChageDate="4/12/2007 9:33:42 AM" MD5="7BC413411A8A0E58ECB6868FFC2180D9" /> <ITEM File="c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe" Name="McRedirector" CheckResult="-1" Type="16" State="4" Size="256096" Attr="rsAh" CreateDate="12/7/2007 2:14:23 AM" ChageDate="3/8/2007 3:42:42 PM" MD5="DAF486036F2F6EE9DBA390D3CF2E5C29" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe" Name="McShield" CheckResult="-1" Type="16" State="4" Size="144960" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:56:42 AM" MD5="6611420C3CC970126C86ADCDC376AE39" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe" Name="McSysmon" CheckResult="-1" Type="16" State="4" Size="643664" Attr="rsAh" CreateDate="12/7/2007 2:14:39 AM" ChageDate="1/25/2007 4:01:58 PM" MD5="9770A8706BBA3C4CBEA998D2A6BF2D08" /> <ITEM File="C:\Program Files\McAfee\MPF\MPFSrv.exe" Name="MpfService" CheckResult="-1" Type="16" State="4" Size="841256" Attr="rsAh" CreateDate="12/7/2007 2:15:27 AM" ChageDate="6/19/2007 8:55:24 AM" MD5="1CAD000C45ED402F9C61F90CF8D208C2" /> <ITEM File="C:\PROGRA~1\McAfee\MPS\mps.exe" Name="MPS9" CheckResult="-1" Type="16" State="4" Size="906792" Attr="rsAh" CreateDate="12/7/2007 2:15:56 AM" ChageDate="4/18/2007 2:08:06 PM" MD5="" /> <ITEM File="C:\Program Files\SPYWAREfighter\spfprc.exe" Name="SPYWAREfighterRP" CheckResult="-1" Type="272" State="4" Size="410520" Attr="rsAh" CreateDate="6/8/2007 11:52:14 AM" ChageDate="6/8/2007 11:52:14 AM" MD5="DD634A9825135DDD919683A7DC04360B" /> <ITEM File="C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" Name="Adobe LM Service" CheckResult="-1" Type="16" State="1" Size="72704" Attr="rsAh" CreateDate="8/17/2005 8:18:22 PM" ChageDate="8/17/2005 8:18:22 PM" MD5="8B46D5A1D3EF08232C04D0EAFB871FB2" /> <ITEM File="C:\WINDOWS\system32\ati2sgag.exe" Name="ATI Smart" CheckResult="-1" Type="272" State="1" Size="516096" Attr="rsah" CreateDate="6/15/2005 10:44:41 AM" ChageDate="3/22/2005 11:05:00 PM" MD5="E08F67A80BF2FA7DF80F99F1E771EF3E" /> <ITEM File="C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe" Name="Emproxy" CheckResult="-1" Type="16" State="1" Size="341328" Attr="rsAh" CreateDate="12/7/2007 2:14:28 AM" ChageDate="10/5/2007 5:33:26 PM" MD5="A75FF052CC5682A197DD5CD4E89C218A" /> <ITEM File="iPod Service.sys" Name="iPod Service" CheckResult="-1" Type="16" State="1" /> <ITEM File="C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe" Name="mcmispupdmgr" CheckResult="-1" Type="272" State="1" Size="689752" Attr="rsAh" CreateDate="12/7/2007 2:13:48 AM" ChageDate="1/5/2007 4:22:18 PM" MD5="993582EC1CF765206CF9D4D5CA22589F" /> </Service> - <Drivers> <ITEM File="C:\windows\system32\drivers\mfebopk.sys" Name="mfebopk" CheckResult="-1" Type="1" State="4" Size="34184" Attr="rsAh" CreateDate="12/7/2007 2:14:33 AM" ChageDate="6/25/2007 10:57:10 AM" MD5="3E9886C65CC655044BABB6869B69E8A3" /> <ITEM File="C:\windows\system32\drivers\mfehidk.sys" Name="mfehidk" CheckResult="-1" Type="1" State="4" Size="171240" Attr="rsAh" CreateDate="12/7/2007 2:14:31 AM" ChageDate="6/25/2007 10:57:20 AM" MD5="8FF78B6959BC106834F583B9ABE33E33" /> <ITEM File="C:\windows\system32\drivers\mfesmfk.sys" Name="mfesmfk" CheckResult="-1" Type="1" State="4" Size="37480" Attr="rsAh" CreateDate="12/7/2007 2:14:33 AM" ChageDate="6/25/2007 10:57:28 AM" MD5="465E114B2D2DD7C79951F4A8E9FD9CD2" /> <ITEM File="C:\windows\system32\Drivers\Mpfp.sys" Name="MPFP" CheckResult="-1" Type="1" State="4" Size="109608" Attr="rsAh" CreateDate="12/7/2007 2:14:21 AM" ChageDate="3/2/2007 2:16:52 PM" MD5="B53A1134237A49A10352D5DD54BB2A54" /> <ITEM File="C:\Program Files\SPYWAREfighter\spyfighter.sys" Name="SpyFighter" CheckResult="-1" Type="1" State="4" Size="8600" Attr="rsAh" CreateDate="6/8/2007 11:52:46 AM" ChageDate="6/8/2007 11:52:46 AM" MD5="07263F66EEF61331D9FBC0EEA316FF86" /> <ITEM File="Abiosdsk.sys" Name="Abiosdsk" CheckResult="-1" Type="1" State="1" /> <ITEM File="abp480n5.sys" Name="abp480n5" CheckResult="-1" Type="1" State="1" /> <ITEM File="adpu160m.sys" Name="adpu160m" CheckResult="-1" Type="1" State="1" /> <ITEM File="Aha154x.sys" Name="Aha154x" CheckResult="-1" Type="1" State="1" /> <ITEM File="aic78u2.sys" Name="aic78u2" CheckResult="-1" Type="1" State="1" /> <ITEM File="aic78xx.sys" Name="aic78xx" CheckResult="-1" Type="1" State="1" /> <ITEM File="AliIde.sys" Name="AliIde" CheckResult="-1" Type="1" State="1" /> <ITEM File="amsint.sys" Name="amsint" CheckResult="-1" Type="1" State="1" /> <ITEM File="asc.sys" Name="asc" CheckResult="-1" Type="1" State="1" /> <ITEM File="asc3350p.sys" Name="asc3350p" CheckResult="-1" Type="1" State="1" /> <ITEM File="asc3550.sys" Name="asc3550" CheckResult="-1" Type="1" State="1" /> <ITEM File="Atdisk.sys" Name="Atdisk" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys" Name="catchme" CheckResult="-1" Type="1" State="1" /> <ITEM File="cd20xrnt.sys" Name="cd20xrnt" CheckResult="-1" Type="1" State="1" /> <ITEM File="Changer.sys" Name="Changer" CheckResult="-1" Type="1" State="1" /> <ITEM File="CmdIde.sys" Name="CmdIde" CheckResult="-1" Type="1" State="1" /> <ITEM File="Cpqarray.sys" Name="Cpqarray" CheckResult="-1" Type="1" State="1" /> <ITEM File="dac960nt.sys" Name="dac960nt" CheckResult="-1" Type="1" State="1" /> <ITEM File="dpti2o.sys" Name="dpti2o" CheckResult="-1" Type="1" State="1" /> <ITEM File="D:\Fxdrv.sys" Name="FXDRV" CheckResult="-1" Type="1" State="1" /> <ITEM File="hpn.sys" Name="hpn" CheckResult="-1" Type="1" State="1" /> <ITEM File="i2omgmt.sys" Name="i2omgmt" CheckResult="-1" Type="1" State="1" /> <ITEM File="i2omp.sys" Name="i2omp" CheckResult="-1" Type="1" State="1" /> <ITEM File="ini910u.sys" Name="ini910u" CheckResult="-1" Type="1" State="1" /> <ITEM File="IntelIde.sys" Name="IntelIde" CheckResult="-1" Type="1" State="1" /> <ITEM File="lbrtfdc.sys" Name="lbrtfdc" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\windows\system32\drivers\mferkdk.sys" Name="mferkdk" CheckResult="-1" Type="1" State="1" Size="32008" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:57:24 AM" MD5="4472CC5A38FB106751CB81883AE714D3" /> <ITEM File="mraid35x.sys" Name="mraid35x" CheckResult="-1" Type="1" State="1" /> <ITEM File="PCIDump.sys" Name="PCIDump" CheckResult="-1" Type="1" State="1" /> <ITEM File="PDCOMP.sys" Name="PDCOMP" CheckResult="-1" Type="1" State="1" /> <ITEM File="PDFRAME.sys" Name="PDFRAME" CheckResult="-1" Type="1" State="1" /> <ITEM File="PDRELI.sys" Name="PDRELI" CheckResult="-1" Type="1" State="1" /> <ITEM File="PDRFRAME.sys" Name="PDRFRAME" CheckResult="-1" Type="1" State="1" /> <ITEM File="perc2.sys" Name="perc2" CheckResult="-1" Type="1" State="1" /> <ITEM File="perc2hib.sys" Name="perc2hib" CheckResult="-1" Type="1" State="1" /> <ITEM File="ql1080.sys" Name="ql1080" CheckResult="-1" Type="1" State="1" /> <ITEM File="Ql10wnt.sys" Name="Ql10wnt" CheckResult="-1" Type="1" State="1" /> <ITEM File="ql12160.sys" Name="ql12160" CheckResult="-1" Type="1" State="1" /> <ITEM File="ql1240.sys" Name="ql1240" CheckResult="-1" Type="1" State="1" /> <ITEM File="ql1280.sys" Name="ql1280" CheckResult="-1" Type="1" State="1" /> <ITEM File="Simbad.sys" Name="Simbad" CheckResult="-1" Type="1" State="1" /> <ITEM File="Sparrow.sys" Name="Sparrow" CheckResult="-1" Type="1" State="1" /> <ITEM File="sym_hi.sys" Name="sym_hi" CheckResult="-1" Type="1" State="1" /> <ITEM File="sym_u3.sys" Name="sym_u3" CheckResult="-1" Type="1" State="1" /> <ITEM File="symc810.sys" Name="symc810" CheckResult="-1" Type="1" State="1" /> <ITEM File="symc8xx.sys" Name="symc8xx" CheckResult="-1" Type="1" State="1" /> <ITEM File="TosIde.sys" Name="TosIde" CheckResult="-1" Type="1" State="1" /> <ITEM File="ultra.sys" Name="ultra" CheckResult="-1" Type="1" State="1" /> <ITEM File="ViaIde.sys" Name="ViaIde" CheckResult="-1" Type="1" State="1" /> <ITEM File="WDICA.sys" Name="WDICA" CheckResult="-1" Type="1" State="1" /> </Drivers> - <AUTORUN> <ITEM File="C:\Program Files\AOL 9.0b\AOL.EXE" CheckResult="-1" Enabled="1" Type="REG" Size="50736" Attr="rsAh" CreateDate="4/18/2007 1:49:00 AM" ChageDate="4/18/2007 1:49:00 AM" MD5="8FC6A73DCBC27F310AB4CD9998AB8F17" X1="HKEY_CURRENT_USER" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="AOL Fast Start" /> <ITEM File="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" CheckResult="-1" Enabled="1" Type="REG" Size="80896" Attr="rsAh" CreateDate="8/22/2007 4:31:16 PM" ChageDate="8/22/2007 4:31:16 PM" MD5="941A08CBDEEDF16B6C986B6BA7C9A5D0" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="hpqSRMon" /> <ITEM File="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" CheckResult="-1" Enabled="1" Type="REG" Size="131072" Attr="rsAh" CreateDate="6/15/2005 10:39:44 AM" ChageDate="10/7/2004 7:53:06 PM" MD5="9A41CD3BEF74884C2C9E1269B8A6A566" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="NVMixerTray" /> <ITEM File="C:\Program Files\SPYWAREfighter\spftray.exe" CheckResult="-1" Enabled="1" Type="REG" Size="115608" Attr="rsAh" CreateDate="6/8/2007 11:52:18 AM" ChageDate="6/8/2007 11:52:18 AM" MD5="B98D723FBDF2508C8959258BD42F46E9" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="spywarefighterguard" /> <ITEM File="appmgmts.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}" X3="DLLName" /> <ITEM File="autocheck autochk *lsdelete" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Session Manager" X3="BootExecute" /> </AUTORUN> - <BHO> <ITEM File="" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" Descr="" LegalCopyright="" /> <ITEM File="C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{6548BF73-58FF-71D5-F97D-17C71E323709}" Descr="IntelligentAdvisor" LegalCopyright="©" Size="1019904" Attr="rsAh" CreateDate="12/11/2007 4:27:08 PM" ChageDate="12/11/2007 4:27:08 PM" MD5="EB37DA8025116FC1A2DDD2F93B700C5A" /> <ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" Descr="VSCore Script Scanner" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." Size="67136" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:44 AM" MD5="AAB55DDA71DA25DDED70FEA55B61CC19" /> <ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll" CheckResult="-1" Enabled="1" BHOType="3" RegKey="Software\Microsoft\Internet Explorer\Extensions" CLSID="CmdMapping" Descr="VSCore Script Scanner" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." Size="67136" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:44 AM" MD5="AAB55DDA71DA25DDED70FEA55B61CC19" /> <ITEM File="C:\Program Files\Messenger\MSMSGS.EXE" CheckResult="-1" Enabled="1" BHOType="3" RegKey="Software\Microsoft\Internet Explorer\Extensions" CLSID="{FB5F1910-F110-11d2-BB9E-00C04F795683}" Descr="Messenger" LegalCopyright="Copyright © Microsoft Corporation 1997-2003" Size="1498032" Attr="rsAh" CreateDate="4/14/2003 8:05:20 PM" ChageDate="4/14/2003 8:05:20 PM" MD5="F5C2F0308D0AA91457059EC7227A06F7" /> </BHO> - <ExplorerExt> <ITEM File="" CheckResult="-1" Enabled="1" ExtName="Display Panning CPL Extension" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{42071714-76d4-11d1-8b24-00a0c9068ff3}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtName="Shell extensions for file compression" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{764BF0E1-F219-11ce-972D-00AA00A14F56}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtName="Encryption Context Menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtName="Taskbar and Start Menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{0DF44EAA-FF21-4412-828E-260A8728E7F1}" Descr="" LegalCopyright="" /> <ITEM File="rundll32.exe C:\windows\system32\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4}" CheckResult="-1" Enabled="1" ExtName="Autoplay for SlideShow" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtName="User Accounts" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7A9D77BD-5403-11d2-8785-2E0420524153}" Descr="" LegalCopyright="" /> <ITEM File="C:\WINDOWS\system32\mscoree.dll" CheckResult="-1" Enabled="1" ExtName="Fusion Cache" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{1D2680C9-0E2A-469d-B787-065558BC7D43}" Descr="Microsoft .NET Runtime Execution Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="271360" Attr="rsAh" CreateDate="3/13/2007 8:54:08 PM" ChageDate="3/13/2007 8:54:08 PM" MD5="CE3FB88207EE4D3C8BD55EB869585144" /> </ExplorerExt> - <PrintEXT> <ITEM File="C:\windows\system32\hpz3l4pi.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="LanguageMonitor" LegalCopyright="Copyright © 1999" Size="48128" Attr="rsAh" CreateDate="4/7/2007 6:55:22 PM" ChageDate="6/3/2006 8:29:16 PM" MD5="37EAAE02EBF3B89F4F7BD1D40761F80B" /> </PrintEXT> - <TaskScheduler> <ITEM File="c:\PROGRA~1\mcafee\mqc\QcConsol.exe" CheckResult="-1" Enabled="4235908" Descr="QuickClean Console Application" LegalCopyright="Copyright © 2006 McAfee, Inc." Size="136744" Attr="rsAh" CreateDate="12/7/2007 2:13:59 AM" ChageDate="1/17/2007 6:02:10 PM" MD5="9D3D28FF398533B5DCDA638F0794AE8A" /> <ITEM File="c:\PROGRA~1\mcafee\mqc\QcConsol.exe" CheckResult="-1" Enabled="4235908" Descr="QuickClean Console Application" LegalCopyright="Copyright © 2006 McAfee, Inc." Size="136744" Attr="rsAh" CreateDate="12/7/2007 2:13:59 AM" ChageDate="1/17/2007 6:02:10 PM" MD5="9D3D28FF398533B5DCDA638F0794AE8A" /> <ITEM File="C:\Program Files\RegCure\RegCure.exe" CheckResult="-1" Enabled="4235908" Descr="RegCure Application" LegalCopyright="Copyright © 2006" Size="11511104" Attr="rsAh" CreateDate="8/2/2007 11:20:34 AM" ChageDate="8/2/2007 11:20:34 AM" MD5="1E70230570407FA2899D27AE31A8E407" /> <ITEM File="C:\Program Files\RegCure\RegCure.exe" CheckResult="-1" Enabled="4235908" Descr="RegCure Application" LegalCopyright="Copyright © 2006" Size="11511104" Attr="rsAh" CreateDate="8/2/2007 11:20:34 AM" ChageDate="8/2/2007 11:20:34 AM" MD5="1E70230570407FA2899D27AE31A8E407" /> <ITEM File="C:\Program Files\SpywareBot\SpywareBot.exe" CheckResult="-1" Enabled="4235908" Descr="" LegalCopyright="" /> </TaskScheduler> - <DPF> <ITEM File="C:\WINDOWS\Downloaded Program Files\fscax.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="{0B79F48A-E8D6-11DB-9283-E25056D89593}" CodeBase="http://support.f-secure.com/ols/fscax.cab" Descr="fscax module" LegalCopyright="© 2005-2006 F-Secure Corporation. All rights reserved." Size="254360" Attr="rsAh" CreateDate="5/7/2007 4:39:24 PM" ChageDate="5/7/2007 4:39:24 PM" MD5="D5199825510E4C4F97DC93B7BC3B1A8A" /> </DPF> <CPL /> <ActiveSetup /> - <HOSTS> <ITEM Line="127.0.0.1 localhost" /> </HOSTS> - <SuspFiles> <ITEM File="C:\windows\system32\drivers\mfehidk.sys" VirType="4" Descr="Kernel-mode hook" /> <ITEM File="C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe" VirType="2" Descr="Suspicion for Backdoor.Win32.JustJoke.26.a ( 07EF7DDB 05203645 00241305 0018D5B8 466944)" /> </SuspFiles> - <RK_KM> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtCreateFile" FIndx="37" HookPtr="8056D3CA" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtCreateKey" FIndx="41" HookPtr="80618E86" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtCreateProcess" FIndx="47" HookPtr="805C5F8E" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtDeleteKey" FIndx="63" HookPtr="80619316" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtDeleteValueKey" FIndx="65" HookPtr="806194E6" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtMapViewOfSection" FIndx="108" HookPtr="805A6206" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtOpenKey" FIndx="119" HookPtr="8061A21C" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtProtectVirtualMemory" FIndx="137" HookPtr="805AC78E" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtRenameKey" FIndx="192" HookPtr="806188AC" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtSetValueKey" FIndx="247" HookPtr="80617546" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtTerminateProcess" FIndx="257" HookPtr="805C776C" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtUnmapViewOfSection" FIndx="267" HookPtr="805A701C" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtYieldExecution" FIndx="278" HookPtr="8050189C" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="" FIndx="739" HookPtr="805C0320" HookType="3" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="" FIndx="752" HookPtr="805C0320" HookType="3" /> </RK_KM> </AVZ> syscure <?xml version="1.0" encoding="windows-1251" ?> - <!-- AVZ XML Report --> - <AVZ> - <PROCESS> <ITEM PID="1560" File="c:\program files\lavasoft\ad-aware 2007\aawservice.exe" CheckResult="0" Descr="Ad-Aware 2007 Service" LegalCopyright="Copyright © 2007" Hidden="-1" CmdLine="@quot;C:\Program Files\Lavasoft\Ad-Aware 2007\[email protected];" Size="587096" Attr="rsAh" CreateDate="10/29/2007 1:27:04 PM" ChageDate="10/29/2007 1:27:04 PM" MD5="25F8546FD40E40EC5A2A23AECAE4FDCA" /> <ITEM PID="2932" File="c:\windows\system32\alg.exe" CheckResult="0" Descr="Application Layer Gateway Service" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\System32\alg.exe" Size="44544" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="F1958FBF86D5C004CF19A5951A9514B7" /> <ITEM PID="1812" File="c:\program files\common files\aol\acs\aolacsd.exe" CheckResult="-1" Descr="AOL Connectivity Service" LegalCopyright="Copyright © 2001-2006 AOL LLC" CmdLine="@quot;C:\Program Files\Common Files\AOL\ACS\[email protected];" Size="46640" Attr="RsAh" CreateDate="10/23/2006 7:50:35 AM" ChageDate="10/23/2006 7:50:35 AM" MD5="85180CF88C5EBAD73B452A43A004CA51" /> <ITEM PID="3140" File="c:\program files\common files\aol\1175982866\ee\aolsoftware.exe" CheckResult="-1" Descr="AOL" LegalCopyright="Copyright © 2007 AOL LLC" CmdLine="@quot;C:\Program Files\Common Files\AOL\1175982866\ee\[email protected]; /h servicehost.defaultGrp" Size="42032" Attr="rsAh" CreateDate="4/12/2007 4:23:31 PM" ChageDate="4/12/2007 4:23:31 PM" MD5="8C1081F3F99A78597A7CAAA85A3C1FFE" /> <ITEM PID="2616" File="c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe" CheckResult="0" Descr="Adobe Photoshop Album Starter Edition 3.0 component" LegalCopyright="© 2005 Adobe Systems Incorporated" Hidden="-1" CmdLine="@quot;C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\[email protected];" Size="57344" Attr="rsAh" CreateDate="6/6/2005 11:46:24 PM" ChageDate="6/6/2005 11:46:24 PM" MD5="617FA5BE646B5E8D6670FD4710ACD2D3" /> <ITEM PID="2628" File="c:\documents and settings\user\desktop\avz4\avz.exe" CheckResult="0" Descr="???????????? ??????? AVZ" LegalCopyright="???????????? ??????? AVZ" Hidden="-1" CmdLine="@quot;C:\Documents and Settings\user\Desktop\avz4\[email protected];" Size="732672" Attr="rsAh" CreateDate="12/13/2007 3:28:04 PM" ChageDate="12/13/2007 3:28:04 PM" MD5="07944EE215B527D2CE446621D8E8E3CE" /> <ITEM PID="768" File="c:\windows\system32\csrss.exe" CheckResult="0" Descr="Client Server Runtime Process" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16" Size="6144" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="F12B178B1678D778CFD3FF1FC38C71FB" /> <ITEM PID="2664" File="c:\windows\system32\ctfmon.exe" CheckResult="0" Descr="CTF Loader" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="@quot;C:\windows\system32\[email protected];" Size="15360" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="24232996A38C0B0CF151C2140AE29FC8" /> <ITEM PID="944" File="c:\windows\explorer.exe" CheckResult="-1" Descr="Windows Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." CmdLine="C:\windows\Explorer.EXE" Size="1033216" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="6/13/2007 5:23:07 AM" MD5="97BD6515465659FF8F3B7BE375B2EA87" /> <ITEM PID="2648" File="c:\program files\hp\digital imaging\bin\hpqsrmon.exe" CheckResult="-1" Descr="HpqSRmon" LegalCopyright="© Hewlett-Packard. All rights reserved." CmdLine="@quot;C:\Program Files\HP\Digital Imaging\bin\[email protected];" Size="80896" Attr="rsAh" CreateDate="8/22/2007 4:31:16 PM" ChageDate="8/22/2007 4:31:16 PM" MD5="941A08CBDEEDF16B6C986B6BA7C9A5D0" /> <ITEM PID="2640" File="c:\program files\hp\hp software update\hpwuschd2.exe" CheckResult="0" Descr="Hewlett-Packard Product Assistant" LegalCopyright="Copyright © Hewlett-Packard Development Company, L.P. 1995-2005" Hidden="-1" CmdLine="@quot;C:\Program Files\HP\HP Software Update\[email protected];" Size="49152" Attr="rsAh" CreateDate="2/19/2006 1:41:10 AM" ChageDate="2/19/2006 1:41:10 AM" MD5="926A397334FE426A6C7657096FE681DB" /> <ITEM PID="2848" File="c:\windows\system32\hpzipm12.exe" CheckResult="0" Descr="PML Driver" LegalCopyright="Copyright © 1998, 1999 Hewlett-Packard Company" Hidden="-1" CmdLine="C:\WINDOWS\system32\HPZipm12.exe" Size="69632" Attr="rsah" CreateDate="4/7/2007 6:54:07 PM" ChageDate="3/3/2006 8:03:10 PM" MD5="D31F88C5F19EEFA366A415D6BC5F2ABC" /> <ITEM PID="1952" File="c:\program files\common files\mcafee\hackerwatch\hwapi.exe" CheckResult="-1" Descr="McAfee HackerWatch Service" LegalCopyright="© McAfee, Inc. All rights reserved." CmdLine="@quot;C:\Program Files\Common Files\McAfee\HackerWatch\[email protected];" Size="540776" Attr="rsAh" CreateDate="12/7/2007 2:14:26 AM" ChageDate="2/13/2007 12:09:12 PM" MD5="38BCCF016B694A745E1CDBC0B080A59C" /> <ITEM PID="2656" File="c:\program files\java\jre1.6.0_03\bin\jusched.exe" CheckResult="0" Descr="Java Platform SE binary" LegalCopyright="Copyright © 2004" Hidden="-1" CmdLine="@quot;C:\Program Files\Java\jre1.6.0_03\bin\[email protected];" Size="132496" Attr="rsAh" CreateDate="12/22/2007 10:23:15 AM" ChageDate="9/25/2007 1:11:35 AM" MD5="D4F0F7437327DBAA264338BAAFB5E5AF" /> <ITEM PID="848" File="c:\windows\system32\lsass.exe" CheckResult="0" Descr="LSA Shell (Export Version)" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\system32\lsass.exe" Size="13312" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="84885F9B82F4D55C6146EBF6065D75D2" /> <ITEM PID="1476" File="c:\progra~1\mcafee.com\agent\mcagent.exe" CheckResult="-1" Descr="McAfee Integrated Security Platform" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding" Size="566872" Attr="rsAh" CreateDate="12/7/2007 2:13:56 AM" ChageDate="1/5/2007 4:21:16 PM" MD5="4C4F3DE9CF6E0F8B7A4AE639FF981BFF" /> <ITEM PID="2028" File="c:\progra~1\mcafee\msc\mcmscsvc.exe" CheckResult="-1" Descr="MISP User Manager" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe" Size="361560" Attr="rsAh" CreateDate="12/7/2007 2:13:51 AM" ChageDate="1/5/2007 4:22:12 PM" MD5="BB8A45E65BE310996A201F8A75646A8D" /> <ITEM PID="124" File="c:\progra~1\common~1\mcafee\mna\mcnasvc.exe" CheckResult="-1" Descr="McAfee Network Agent" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="@quot;c:\PROGRA~1\COMMON~1\mcafee\mna\[email protected];" Size="2213416" Attr="rsAh" CreateDate="12/7/2007 2:14:06 AM" ChageDate="3/9/2007 4:36:10 AM" MD5="39621D46D16AF1FCF6063BCED5CA60FC" /> <ITEM PID="188" File="c:\progra~1\mcafee\viruss~1\mcods.exe" CheckResult="-1" Descr="McAfee VirusScan - On Demand Scan" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe" Size="362064" Attr="rsAh" CreateDate="12/7/2007 2:15:09 AM" ChageDate="1/16/2007 6:03:36 PM" MD5="" /> <ITEM PID="204" File="c:\progra~1\mcafee\msc\mcpromgr.exe" CheckResult="-1" Descr="McAfee Integrated Security Platform" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="C:\PROGRA~1\McAfee\MSC\mcpromgr.exe" Size="493144" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:21:40 PM" MD5="14313FF5203DF7CB53E8D2F18F59D4D2" /> <ITEM PID="228" File="c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe" CheckResult="-1" Descr="McAfee Proxy Service Module" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe" Size="353368" Attr="rsAh" CreateDate="12/7/2007 2:15:51 AM" ChageDate="4/12/2007 9:33:42 AM" MD5="7BC413411A8A0E58ECB6868FFC2180D9" /> <ITEM PID="408" File="c:\progra~1\mcafee\viruss~1\mcshield.exe" CheckResult="-1" Descr="On-Access Scanner service" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." CmdLine="C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe" Size="144960" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:56:42 AM" MD5="6611420C3CC970126C86ADCDC376AE39" /> <ITEM PID="492" File="c:\progra~1\mcafee\viruss~1\mcsysmon.exe" CheckResult="-1" Descr="McAfee SystemGuards Service" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe" Size="643664" Attr="rsAh" CreateDate="12/7/2007 2:14:39 AM" ChageDate="1/25/2007 4:01:58 PM" MD5="9770A8706BBA3C4CBEA998D2A6BF2D08" /> <ITEM PID="620" File="c:\program files\mcafee\mpf\mpfsrv.exe" CheckResult="-1" Descr="McAfee Personal Firewall Service" LegalCopyright="Copyright © 2005 McAfee, Inc. All Rights Reserved." CmdLine="@quot;C:\Program Files\McAfee\MPF\[email protected];" Size="841256" Attr="rsAh" CreateDate="12/7/2007 2:15:27 AM" ChageDate="6/19/2007 8:55:24 AM" MD5="1CAD000C45ED402F9C61F90CF8D208C2" /> <ITEM PID="2312" File="c:\progra~1\mcafee\mps\mps.exe" CheckResult="-1" Descr="McAfee Privacy Service 9.0" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="C:\PROGRA~1\McAfee\MPS\mps.exe" Size="906792" Attr="rsAh" CreateDate="12/7/2007 2:15:56 AM" ChageDate="4/18/2007 2:08:06 PM" MD5="" /> <ITEM PID="3500" File="c:\program files\mcafee\mps\mpsevh.exe" CheckResult="-1" Descr="McAfee Privacy Service 9.0 Event Handler" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="@quot;C:\Program Files\McAfee\MPS\[email protected]; -Embedding" Size="304680" Attr="rsAh" CreateDate="12/7/2007 2:16:01 AM" ChageDate="4/18/2007 2:08:10 PM" MD5="6510D5303CC0D1CF1908B8BD21063420" /> <ITEM PID="2736" File="c:\windows\system32\nvsvc32.exe" CheckResult="0" Descr="NVIDIA Driver Helper Service, Version 77.72" LegalCopyright="© NVIDIA Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\system32\nvsvc32.exe" Size="127043" Attr="rsAh" CreateDate="10/11/2004 4:17:16 AM" ChageDate="6/15/2005 7:20:00 PM" MD5="F6FCA6047879DE7A2964757EB8B2101B" /> <ITEM PID="312" File="c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe" CheckResult="-1" Descr="McAfee Redirector Service Module" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe" Size="256096" Attr="rsAh" CreateDate="12/7/2007 2:14:23 AM" ChageDate="3/8/2007 3:42:42 PM" MD5="DAF486036F2F6EE9DBA390D3CF2E5C29" /> <ITEM PID="836" File="c:\windows\system32\services.exe" CheckResult="0" Descr="Services and Controller app" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\system32\services.exe" Size="108032" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="C6CE6EEC82F187615D1002BB3BB50ED4" /> <ITEM PID="3320" File="c:\program files\aol 9.0b\shellmon.exe" CheckResult="-1" Descr="waolmon" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" CmdLine="@quot;C:\Program Files\AOL 9.0b\[email protected];" Size="54832" Attr="rsAh" CreateDate="4/18/2007 1:49:05 AM" ChageDate="4/18/2007 1:49:05 AM" MD5="1E859A926D7896F51BB5E1E3055D4C8F" /> <ITEM PID="2936" File="c:\program files\spywarefighter\spfprc.exe" CheckResult="-1" Descr="SpywareFighter" LegalCopyright="SpamFighter APS. All rights reserved." CmdLine="@quot;C:\Program Files\SPYWAREfighter\[email protected];" Size="410520" Attr="rsAh" CreateDate="6/8/2007 11:52:14 AM" ChageDate="6/8/2007 11:52:14 AM" MD5="DD634A9825135DDD919683A7DC04360B" /> <ITEM PID="2632" File="c:\program files\spywarefighter\spftray.exe" CheckResult="-1" Descr="Spywarefighter Tray" LegalCopyright="" CmdLine="@quot;C:\Program Files\SPYWAREfighter\[email protected];" Size="115608" Attr="rsAh" CreateDate="6/8/2007 11:52:18 AM" ChageDate="6/8/2007 11:52:18 AM" MD5="B98D723FBDF2508C8959258BD42F46E9" /> <ITEM PID="1680" File="c:\windows\system32\spoolsv.exe" CheckResult="0" Descr="Spooler SubSystem App" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\system32\spoolsv.exe" Size="57856" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="6/10/2005 6:53:32 PM" MD5="DA81EC57ACD4CDC3D4C51CF3D409AF9F" /> <ITEM PID="3000" File="c:\windows\system32\svchost.exe" CheckResult="0" Descr="Generic Host Process for Win32 Services" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\system32\svchost.exe -k imgsvc" Size="14336" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="8F078AE4ED187AAABC0A305146DE6716" /> <ITEM PID="1076" File="c:\windows\system32\svchost.exe" CheckResult="0" Descr="Generic Host Process for Win32 Services" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\system32\svchost -k rpcss" Size="14336" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="8F078AE4ED187AAABC0A305146DE6716" /> <ITEM PID="1112" File="c:\windows\system32\svchost.exe" CheckResult="0" Descr="Generic Host Process for Win32 Services" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\System32\svchost.exe -k netsvcs" Size="14336" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="8F078AE4ED187AAABC0A305146DE6716" /> <ITEM PID="1912" File="c:\windows\system32\svchost.exe" CheckResult="0" Descr="Generic Host Process for Win32 Services" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\System32\svchost.exe -k HTTPFilter" Size="14336" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="8F078AE4ED187AAABC0A305146DE6716" /> <ITEM PID="1160" File="c:\windows\system32\svchost.exe" CheckResult="0" Descr="Generic Host Process for Win32 Services" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\system32\svchost.exe -k NetworkService" Size="14336" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="8F078AE4ED187AAABC0A305146DE6716" /> <ITEM PID="1304" File="c:\windows\system32\svchost.exe" CheckResult="0" Descr="Generic Host Process for Win32 Services" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\system32\svchost.exe -k LocalService" Size="14336" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="8F078AE4ED187AAABC0A305146DE6716" /> <ITEM PID="1000" File="c:\windows\system32\svchost.exe" CheckResult="0" Descr="Generic Host Process for Win32 Services" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\system32\svchost -k DcomLaunch" Size="14336" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="8F078AE4ED187AAABC0A305146DE6716" /> <ITEM PID="1436" File="c:\program files\aol 9.0b\waol.exe" CheckResult="-1" Descr="AOL Software" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" CmdLine="-Brestart" Size="39472" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="DCF06AFB01E890FE4D89FA09D64524ED" /> <ITEM PID="792" File="c:\windows\system32\winlogon.exe" CheckResult="0" Descr="Windows NT Logon Application" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="winlogon.exe" Size="502272" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="01C3346C241652F43AED8E2149881BFE" /> <ITEM PID="1036" File="c:\windows\system32\wbem\wmiprvse.exe" CheckResult="0" Descr="WMI" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\WINDOWS\system32\wbem\wmiprvse.exe-Embedding" Size="218112" Attr="rsAh" CreateDate="6/14/2005 7:31:40 PM" ChageDate="8/4/2004 7:00:00 AM" MD5="075EA6C849AB0FE416A3D6DD65C3CF41" /> <ITEM PID="3444" File="c:\program files\windows media player\wmpnetwk.exe" CheckResult="-1" Descr="Windows Media Player Network Sharing Service" LegalCopyright="© Microsoft Corporation. All rights reserved." CmdLine="@quot;C:\Program Files\Windows Media Player\[email protected];" Size="913408" Attr="rsah" CreateDate="10/18/2006 7:05:24 PM" ChageDate="10/18/2006 7:05:24 PM" MD5="F74E3D9A7FA9556C3BBB14D4E5E63D3B" /> <ITEM PID="2676" File="c:\program files\windows media player\wmpnscfg.exe" CheckResult="-1" Descr="Windows Media Player Network Sharing Service Configuration Application" LegalCopyright="© Microsoft Corporation. All rights reserved." CmdLine="@quot;C:\Program Files\Windows Media Player\[email protected];" Size="204288" Attr="rsah" CreateDate="10/18/2006 7:05:26 PM" ChageDate="10/18/2006 7:05:26 PM" MD5="7EAED08CCCA4DDDE61A388C82598CFA9" /> </PROCESS> - <DLL> <ITEM File="C:\windows\system32\kernel32.dll" CheckResult="-1" Descr="Windows NT BASE API Client DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1560,2932,1812,3140,2616,2628,768,2664,944,2648,2640,2848,1952,2656,848,1476,2028,124,188,204,228,408,492,620,2312,3500,2736,312,836,3320,2936,2632,1680,3000,1076,1112,1912,1160,1304,1000,1436,792,1036,3444,2676" Hidden="-1" Size="984576" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="4/16/2007 10:52:53 AM" MD5="A01F9CA902A88F7CED06884174D6419D" /> <ITEM File="C:\windows\system32\RPCRT4.dll" CheckResult="-1" Descr="Remote Procedure Call Runtime" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1560,2932,1812,3140,2616,2628,768,2664,944,2648,2640,2848,1952,2656,848,1476,2028,124,188,204,228,408,492,620,2312,3500,2736,312,836,3320,2936,2632,1680,3000,1076,1112,1912,1160,1304,1000,1436,792,1036,3444,2676" Hidden="-1" Size="582656" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="7/9/2007 8:16:16 AM" MD5="EC9D7FD24172C1879E7673F654E55CEC" /> <ITEM File="C:\windows\system32\SHELL32.dll" CheckResult="-1" Descr="Windows Shell Common Dll" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1560,2932,1812,3140,2616,2628,2664,944,2648,2640,1952,2656,848,1476,2028,124,204,408,492,620,2312,3500,2936,2632,1680,3000,1076,1112,1912,1160,1304,1000,1436,792,1036,3444" Hidden="-1" Size="8460288" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/25/2007 10:34:01 PM" MD5="3BE4C2E84D99889685FE2B68E5FA2A9D" /> <ITEM File="C:\windows\system32\GDI32.dll" CheckResult="-1" Descr="GDI Client DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1560,2932,1812,3140,2616,2628,768,2664,944,2648,2640,2848,1952,2656,848,1476,2028,124,188,204,228,408,492,620,2312,3500,2736,312,836,3320,2936,2632,1680,3000,1076,1112,1912,1160,1304,1000,1436,792,1036,3444,2676" Hidden="-1" Size="282112" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="6/19/2007 8:31:19 AM" MD5="3A0D35E8FB2AB3273558ADAF92FC2F90" /> <ITEM File="C:\windows\system32\USER32.dll" CheckResult="-1" Descr="Windows XP USER API Client DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1560,2932,1812,3140,2616,2628,768,2664,944,2648,2640,2848,1952,2656,848,1476,2028,124,188,204,228,408,492,620,2312,3500,2736,312,836,3320,2936,2632,1680,3000,1076,1112,1912,1160,1304,1000,1436,792,1036,3444,2676" Hidden="-1" Size="577536" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="3/8/2007 10:36:28 AM" MD5="B409909F6E2E8A7067076ED748ABF1E7" /> <ITEM File="C:\windows\system32\SHLWAPI.dll" CheckResult="-1" Descr="Shell Light-weight Utility Library" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1560,2932,1812,3140,2616,2628,2664,944,2648,2640,1952,2656,848,1476,2028,124,188,204,228,408,492,620,2312,3500,2736,312,3320,2936,2632,1680,3000,1076,1112,1912,1160,1304,1000,1436,792,1036,3444,2676" Hidden="-1" Size="474112" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="3A7CAF09DECFD090C0C75828B1A7B401" /> <ITEM File="C:\windows\system32\WININET.dll" CheckResult="-1" Descr="Internet Extensions for Win32" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1560,1812,2616,2628,944,2656,1476,124,204,620,1112,1304,1436" Hidden="-1" Size="824832" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="30C1E0F34AD2972C72A01DB5C74AB065" /> <ITEM File="C:\windows\system32\iertutil.dll" CheckResult="-1" Descr="Run time utility for Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1560,1812,2616,2628,944,2656,1476,124,204,620,1112,1304,1436" Hidden="-1" Size="267776" Attr="rsAh" CreateDate="10/17/2006 11:57:20 AM" ChageDate="10/10/2007 6:55:55 PM" MD5="AF67AAB4ECC886EAAB6912A53FA717DB" /> <ITEM File="C:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" CheckResult="-1" Descr="User Experience Controls Library" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1560,2932,1812,3140,2616,2628,2664,944,2648,2640,1952,2656,848,1476,2028,124,188,204,228,408,492,620,2312,3500,2736,312,3320,2936,2632,1680,3000,1076,1112,1912,1160,1304,1000,1436,792,1036,3444,2676" Hidden="-1" Size="1054208" Attr="rsAh" CreateDate="10/10/2006 6:12:36 PM" ChageDate="8/25/2006 10:45:55 AM" MD5="C4E80875C1CF1222FC5EFD0314AE5C01" /> <ITEM File="C:\windows\system32\comctl32.dll" CheckResult="-1" Descr="Common Controls Library" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1560,2932,1812,3140,2616,944,2648,2640,1952,2656,848,1476,2028,124,188,204,228,408,492,620,2312,3500,2736,312,3320,2936,2632,1680,3000,1076,1112,1912,1160,1304,1000,1436,792,1036,3444" Hidden="-1" Size="617472" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/25/2006 10:45:58 AM" MD5="B0124CB21D28B1C9F678B566B6B57D92" /> <ITEM File="C:\windows\system32\OLEAUT32.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © Microsoft Corp. 1993-2001." UsedBy="2932,1812,3140,2616,2628,2664,944,2648,1952,2656,848,1476,2028,124,188,204,228,408,492,620,2312,3500,312,2936,2632,1680,3000,1076,1112,1912,1160,1304,1000,1436,792,1036,3444,2676" Hidden="-1" Size="549376" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="5/17/2007 6:28:05 AM" MD5="CE66FAF0624B118DE9A714A3D5E0E9F6" /> <ITEM File="C:\Program Files\Common Files\AOL\ACS\AOLacsd.dll" CheckResult="-1" Descr="AOL Connectivity Service" LegalCopyright="Copyright © 2001-2006 AOL LLC" UsedBy="1812" Hidden="-1" Size="1263152" Attr="RsAh" CreateDate="4/13/2007 12:29:27 PM" ChageDate="4/13/2007 12:29:27 PM" MD5="B1081E9380ACEEF7B9C5F928261EC569" /> <ITEM File="C:\Program Files\Common Files\AOL\ACS\xpat.dll" CheckResult="-1" Descr="AOL Connectivity Service XML Parser" LegalCopyright="Copyright © 2001-2006 AOL LLC" UsedBy="1812" Hidden="-1" Size="124464" Attr="RsAh" CreateDate="4/13/2007 12:29:50 PM" ChageDate="4/13/2007 12:29:50 PM" MD5="C64B23D10FAFE5BFABD89C53EBDB270E" /> <ITEM File="C:\windows\system32\NETAPI32.dll" CheckResult="-1" Descr="Net Win32 API DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1812,3140,2628,944,2648,1952,848,1476,2028,124,188,204,228,408,492,620,2312,3500,2736,312,836,2936,1680,3000,1112,1304,1000,1436,792,1036,3444,2676" Hidden="-1" Size="332288" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/17/2006 7:28:27 AM" MD5="35A4C61B5A9AE04E73843FB21F9A1137" /> <ITEM File="C:\Program Files\Common Files\AOL\ACS\ACSMDiag.dll" CheckResult="-1" Descr="AOL Connectivity Service Diagnostics" LegalCopyright="Copyright © 2001-2006 AOL LLC" UsedBy="1812" Hidden="-1" Size="87600" Attr="RsAh" CreateDate="4/13/2007 12:29:25 PM" ChageDate="4/13/2007 12:29:25 PM" MD5="6181BD3B38F360B53D76C0802FE842C3" /> <ITEM File="C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll" CheckResult="-1" Descr="AOL Diagnostics" LegalCopyright="Copyright © 1998-2006 - SupportSoft Software, Inc. All Rights Reserved." UsedBy="1812,3140,1436" Hidden="-1" Size="106496" Attr="rsAh" CreateDate="8/11/2006 4:38:55 PM" ChageDate="3/8/2007 8:39:52 PM" MD5="15B9CC21717F3CD0F660AF315521E3C0" /> <ITEM File="C:\Program Files\Common Files\AOL\ACS\AcsCmn.dll" CheckResult="-1" Descr="AOL Connectivity Service Common Code" LegalCopyright="Copyright © 2001-2006 AOL LLC" UsedBy="1812,1436" Hidden="-1" Size="206384" Attr="RsAh" CreateDate="4/13/2007 12:29:36 PM" ChageDate="4/13/2007 12:29:36 PM" MD5="E3C1E0E02EBF63BAF138EC42CE39BA7C" /> <ITEM File="C:\Program Files\Common Files\AOL\ACS\ACSSwu.dll" CheckResult="-1" Descr="AOL Connectivity Service Software Update" LegalCopyright="Copyright © 2001-2006 AOL LLC" UsedBy="1812" Hidden="-1" Size="235056" Attr="RsAh" CreateDate="4/13/2007 12:29:16 PM" ChageDate="4/13/2007 12:29:16 PM" MD5="24B23C8E8C69A158B09B3C4690B5750B" /> <ITEM File="C:\windows\system32\iphlpapi.dll" CheckResult="-1" Descr="IP Helper API" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1812,3140,2616,2628,944,848,2028,124,188,620,2736,2936,2632,1076,1112,1160,1304,1000,1436,792,3444" Hidden="-1" Size="94720" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="5/19/2006 7:59:41 AM" MD5="011EACF9153EF90E6CBCE2987ACAE411" /> <ITEM File="C:\windows\system32\DNSAPI.dll" CheckResult="-1" Descr="DNS Client API DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1812,3140,2628,1952,848,124,204,492,2936,1680,1076,1112,1160,1036" Hidden="-1" Size="148480" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="6/26/2006 12:37:10 PM" MD5="16E68F1DB0E37C13A5FB5F9611A38EDC" /> <ITEM File="C:\Program Files\Common Files\AOL\1175982866\ee\AOLSvcMgr.dll" CheckResult="-1" Descr="AOLSvcMgr" LegalCopyright="Copyright © 2007 AOL LLC" UsedBy="3140,1436" Hidden="-1" Size="595456" Attr="rsAh" CreateDate="9/25/2006 7:51:46 PM" ChageDate="4/12/2007 4:22:49 PM" MD5="AC55822CD0156228032052BD9A945D61" /> <ITEM File="C:\Program Files\Common Files\AOL\1175982866\ee\xprt6.dll" CheckResult="-1" Descr="XPRT Runtime Library" LegalCopyright="Copyright 1998-2006 AOL LLC" UsedBy="3140,1436" Hidden="-1" Size="241664" Attr="rsAh" CreateDate="8/4/2006 12:03:52 PM" ChageDate="8/4/2006 12:03:52 PM" MD5="B6EB80232F24EC02CE75B23A66ED88C2" /> <ITEM File="C:\windows\system32\msi.dll" CheckResult="-1" Descr="Windows Installer" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3140,944,124,204,2312,3500,2936,2632,1112,1436,3444" Hidden="-1" Size="2854400" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="4/18/2007 11:12:23 AM" MD5="892F4BC54D486FEB4DF03E4E2ECB14E0" /> <ITEM File="c:\program files\common files\aol\1175982866\ee\services\os\ver5_2_1_1\OS.dll" CheckResult="-1" Descr="os EE Service" LegalCopyright="Copyright © 2006 AOL LLC" UsedBy="3140" Hidden="-1" Size="180736" Attr="rsAh" CreateDate="9/21/2006 10:19:02 AM" ChageDate="9/21/2006 10:19:02 AM" MD5="483302397A9A1334FB9D44DD16638898" /> <ITEM File="C:\Program Files\Common Files\AOL\1175982866\ee\xprt5.dll" CheckResult="-1" Descr="XPRT Runtime Library" LegalCopyright="Copyright 1998-2007 AOL LLC" UsedBy="3140" Hidden="-1" Size="249856" Attr="rsAh" CreateDate="3/12/2007 2:12:31 PM" ChageDate="3/12/2007 2:12:31 PM" MD5="01D280B0DFB2A0580F72AAD3BD2EF15D" /> <ITEM File="c:\program files\common files\aol\1175982866\ee\services\os\ver5_2_1_1\AOLIdleMon.dll" CheckResult="-1" Descr="AolIdleMon EE Service" LegalCopyright="Copyright © 2006 AOL LLC" UsedBy="3140" Hidden="-1" Size="5632" Attr="rsAh" CreateDate="9/21/2006 10:18:49 AM" ChageDate="9/21/2006 10:18:49 AM" MD5="1337EF044854F38B9DFD085E56EBC3A2" /> <ITEM File="c:\program files\common files\aol\1175982866\ee\services\notification\ver6_2_6_1\Notify.dll" CheckResult="-1" Descr="Notification Service" LegalCopyright="Copyright © 2006 America Online, Inc." UsedBy="3140" Hidden="-1" Size="145920" Attr="rsAh" CreateDate="8/1/2006 4:26:55 PM" ChageDate="8/1/2006 4:26:55 PM" MD5="DA8CFF2E849BB7C09BF4A6E170615E35" /> <ITEM File="c:\program files\common files\aol\1175982866\ee\services\localStorage\ver7_1_6_1\clsSvc.dll" CheckResult="-1" Descr="clssvc EE Service" LegalCopyright="Copyright © 2007 AOL LLC" UsedBy="3140" Hidden="-1" Size="334848" Attr="rsAh" CreateDate="4/24/2007 6:40:14 PM" ChageDate="4/24/2007 6:40:14 PM" MD5="8AA0F6018B3B52DBE74CE77A9A7E85AA" /> <ITEM File="c:\program files\common files\aol\1175982866\ee\services\metrics\ver3_6_16_1\cmls.dll" CheckResult="-1" Descr="Client Metrics Service" LegalCopyright="Copyright © 2006 AOL LLC" UsedBy="3140" Hidden="-1" Size="262144" Attr="rsAh" CreateDate="9/11/2006 10:38:51 AM" ChageDate="9/11/2006 10:38:51 AM" MD5="7204F76E069854A2785796A0911AFB27" /> <ITEM File="c:\program files\common files\aol\1175982866\ee\services\aolsystrayservice\ver3_0_16_1\AOLSysTrayService.dll" CheckResult="-1" Descr="aolsystrayservice EE Service" LegalCopyright="Copyright © 2006 AOL LLC. All rights reserved." UsedBy="3140" Hidden="-1" Size="180224" Attr="rsAh" CreateDate="10/13/2006 9:31:46 AM" ChageDate="10/13/2006 9:31:46 AM" MD5="2856C172401B665FB7451B4B4CC5D657" /> <ITEM File="c:\program files\common files\aol\1175982866\ee\services\suiteFramework\ver4_1_6_1\suiteFramework.dll" CheckResult="-1" Descr="SuiteFramework Service" LegalCopyright="Copyright © 2006 AOL LLC." UsedBy="3140" Hidden="-1" Size="292864" Attr="rsAh" CreateDate="10/18/2006 4:06:14 PM" ChageDate="10/18/2006 4:06:14 PM" MD5="4A9476E8EF7051BCF06D33A746339E9C" /> <ITEM File="C:\windows\system32\winsrv.dll" CheckResult="-1" Descr="Windows Server DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="768" Hidden="-1" Size="292864" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="3/17/2007 8:43:01 AM" MD5="3D21B3BE0C5768E76FD9780E9CF9E07C" /> <ITEM File="C:\windows\system32\sxs.dll" CheckResult="-1" Descr="Fusion 2.5" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="768,944,188,204,408,492,620,2312,3500,2936,2632,1112,1436,792,3444" Hidden="-1" Size="713216" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/19/2006 8:56:32 AM" MD5="0FF9FA27706FBE9048990C108C0D62F0" /> <ITEM File="C:\windows\system32\BROWSEUI.dll" CheckResult="-1" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="944" Hidden="-1" Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\SHDOCVW.dll" CheckResult="-1" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="944" Hidden="-1" Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" /> <ITEM File="C:\windows\system32\ieframe.dll" CheckResult="-1" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="944,1436" Hidden="-1" Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\windows\system32\urlmon.dll" CheckResult="-1" Descr="OLE32 Extensions for Win32" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="944,204,620,1436" Hidden="-1" Size="1159680" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="A0C7A44451208353A8B6B7F5FE5C0BB6" /> <ITEM File="C:\WINDOWS\system32\webcheck.dll" CheckResult="-1" Descr="Web Site Monitor" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="944" Hidden="-1" Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" /> <ITEM File="C:\WINDOWS\system32\WPDShServiceObj.dll" CheckResult="-1" Descr="Windows Portable Device Shell Service Object" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="944" Hidden="-1" Size="133632" Attr="rsah" CreateDate="10/18/2006 8:47:22 PM" ChageDate="10/18/2006 8:47:22 PM" MD5="045E228F71C31901084B64BE59093499" /> <ITEM File="C:\WINDOWS\system32\PortableDeviceTypes.dll" CheckResult="-1" Descr="Windows Portable Device (Parameter) Types Component" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="944" Hidden="-1" Size="166912" Attr="rsah" CreateDate="10/18/2006 8:47:18 PM" ChageDate="10/18/2006 8:47:18 PM" MD5="22358578CB321F3325496A3723029409" /> <ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll" CheckResult="-1" Descr="VSCore Script Scanner" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="944,1436" Hidden="-1" Size="67136" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:44 AM" MD5="AAB55DDA71DA25DDED70FEA55B61CC19" /> <ITEM File="C:\windows\system32\JScript.dll" CheckResult="-1" Descr="Microsoft ® JScript" LegalCopyright="Copyright © Microsoft Corp. 1996-2006, All Rights Reserved" UsedBy="944,1436" Hidden="-1" Size="491520" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/17/2006 12:00:00 PM" MD5="194D61A029411CC83011181D6E818600" /> <ITEM File="C:\windows\system32\VBScript.dll" CheckResult="-1" Descr="Microsoft ® VBScript" LegalCopyright="Copyright © Microsoft Corp. 1996-2006, All Rights Reserved" UsedBy="944,1436" Hidden="-1" Size="413696" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="11/7/2006 9:03:36 PM" MD5="767D22C6E47A4D73AE0253B83BC7BE64" /> <ITEM File="C:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\MSVCP80.dll" CheckResult="-1" Descr="Microsoft® C++ Runtime Library" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="2648" Hidden="-1" Size="548864" Attr="rsAh" CreateDate="8/22/2007 4:34:26 PM" ChageDate="8/22/2007 4:34:26 PM" MD5="392FADBA4883243C97A56075FA86882D" /> <ITEM File="C:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\MSVCR80.dll" CheckResult="-1" Descr="Microsoft® C Runtime Library" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="2648" Hidden="-1" Size="626688" Attr="rsAh" CreateDate="8/22/2007 4:34:26 PM" ChageDate="8/22/2007 4:34:26 PM" MD5="F39FAF4C1A7C832946DFF4313FFA4572" /> <ITEM File="c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll" CheckResult="-1" Descr="McAfee Core Proxy Stub" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1952,1476,2028,124,204,408,492,620,2312,3500,312" Hidden="-1" Size="84064" Attr="rsAh" CreateDate="12/7/2007 2:13:39 AM" ChageDate="1/5/2007 2:50:04 PM" MD5="" /> <ITEM File="c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll" CheckResult="-1" Descr="McAfee HackerWatch Proxy Stub" LegalCopyright="© McAfee, Inc. All rights reserved." UsedBy="1952,492,620,312" Hidden="-1" Size="54376" Attr="rsAh" CreateDate="12/7/2007 2:14:26 AM" ChageDate="2/13/2007 12:09:14 PM" MD5="314CBFBC64F78F8EB8CFB7B50C387A0B" /> <ITEM File="C:\windows\system32\LSASRV.dll" CheckResult="-1" Descr="LSA Server DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="848" Hidden="-1" Size="721920" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/17/2006 7:28:27 AM" MD5="9A9EC759DCE1368C5AE080261002D7D8" /> <ITEM File="C:\windows\system32\schannel.dll" CheckResult="-1" Descr="TLS / SSL Security Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="848,1112" Hidden="-1" Size="144896" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="4/25/2007 9:21:15 AM" MD5="532EA80E9F5452928F8426653215BE29" /> <ITEM File="C:\windows\system32\wdigest.dll" CheckResult="-1" Descr="Microsoft Digest Access" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="848" Hidden="-1" Size="49152" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="3/23/2006 11:37:50 PM" MD5="C43D8F6FF8AC074CCD9B34B781E23E86" /> <ITEM File="C:\PROGRA~1\McAfee\MSC\McRes.dll" CheckResult="-1" Descr="McAfee Non-Localized Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,2028,124,204,3500" Hidden="-1" Size="80984" Attr="rsAh" CreateDate="12/7/2007 2:13:45 AM" ChageDate="1/5/2007 4:21:48 PM" MD5="D970BE54162487D495B36EF5006ED3B9" /> <ITEM File="C:\PROGRA~1\McAfee\MSC\McLocRes.dll" CheckResult="-1" Descr="McAfee Localized Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,2028,124,204,3500" Hidden="-1" Size="58920" Attr="rsAh" CreateDate="12/7/2007 2:13:45 AM" ChageDate="4/16/2007 11:28:18 AM" MD5="BC986FD58A63384BC3897A71CB1E9ED9" /> <ITEM File="C:\Program Files\McAfee\MSC\oem\578\Mccobres.dll" CheckResult="-1" Descr="McAfee Co-Branded Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,2028,124,204,3500" Hidden="-1" Size="558400" Attr="rsah" CreateDate="12/7/2007 2:14:13 AM" ChageDate="8/17/2007 2:31:14 PM" MD5="57143713AD6E5C1C135739925B2088CC" /> <ITEM File="C:\PROGRA~1\McAfee\MSC\Mccobres.dll" CheckResult="-1" Descr="McAfee Co-Branded Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,2028,124,204,3500" Hidden="-1" Size="558632" Attr="rsAh" CreateDate="12/7/2007 2:13:44 AM" ChageDate="4/16/2007 11:29:18 AM" MD5="24CB52C210224430E3DAAB8ED1918AD0" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll" CheckResult="-1" Descr="McAfee Subscription manager module" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,124,204,408,492" Hidden="-1" Size="480856" Attr="rsAh" CreateDate="3/7/2007 4:01:10 PM" ChageDate="3/7/2007 4:01:10 PM" MD5="860424B66E83F6ECA9E6A0663F788095" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mcregobj\7_2_14~1\mcregobj.dll" CheckResult="-1" Descr="MISP Registration Component" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,124" Hidden="-1" Size="290392" Attr="rsAh" CreateDate="1/5/2007 4:21:46 PM" ChageDate="1/5/2007 4:21:46 PM" MD5="F4393AB71EFA25568A1E07C2AB3B7CF7" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mcmispps.dll" CheckResult="-1" Descr="McAfee MISP Proxy Stub DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,2028,124,204,408,492,620,3500" Hidden="-1" Size="66648" Attr="rsAh" CreateDate="12/7/2007 2:13:42 AM" ChageDate="1/5/2007 4:21:30 PM" MD5="A95DC5F7A4D0FC94E0DAA86A2C82AAC2" /> <ITEM File="C:\windows\system32\msxml3.dll" CheckResult="-1" Descr="MSXML 3.0 SP9" LegalCopyright="Copyright © Microsoft Corporation. 1981-2007" UsedBy="1476,492,3500,1436" Hidden="-1" Size="1104896" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="6/26/2007 1:08:16 AM" MD5="0B13288E7D79DAE8D99DAC8F08A77372" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mccfgpv.dll" CheckResult="-1" Descr="MISP Default Configuration Provider" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476" Hidden="-1" Size="397912" Attr="rsAh" CreateDate="12/7/2007 2:13:48 AM" ChageDate="1/5/2007 4:21:22 PM" MD5="1CA04CB62607C6C7ADC50E6ED7CBC1D2" /> <ITEM File="c:\PROGRA~1\mcafee.com\agent\mcagntps.dll" CheckResult="-1" Descr="McAfee Integrated Security Platform" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476" Hidden="-1" Size="67160" Attr="rsAh" CreateDate="12/7/2007 2:13:56 AM" ChageDate="1/5/2007 4:21:18 PM" MD5="B99DB2A48AEBFD9B8E49DDCB7991C2DA" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mcuicfg.dll" CheckResult="-1" Descr="McAfee Integrated Security Platform" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476" Hidden="-1" Size="116312" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:21:58 PM" MD5="DFB3C949D6C2A7E67AA18063D31A0CD9" /> <ITEM File="C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll" CheckResult="-1" Descr="Sqlite3 Database Module" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="2028" Hidden="-1" Size="374384" Attr="rsAh" CreateDate="12/7/2007 2:13:41 AM" ChageDate="1/8/2007 1:46:28 PM" MD5="F01A387CF3051431A5BA0FB25118BC92" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mcdbmgr.dll" CheckResult="-1" Descr="McAfee Log Database Manager" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="2028" Hidden="-1" Size="253528" Attr="rsAh" CreateDate="12/7/2007 2:13:51 AM" ChageDate="1/5/2007 4:21:24 PM" MD5="8446C6000BD0B981BC4B6BBF09A1DD6B" /> <ITEM File="C:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll" CheckResult="-1" Descr="McAfee Utility DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="110704" Attr="rsAh" CreateDate="12/7/2007 2:13:41 AM" ChageDate="1/8/2007 1:46:18 PM" MD5="63A184C25C12D6922B4A00D286CF3DE9" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mcnmcsrv.dll" CheckResult="-1" Descr="McAfee NMC Server" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124" Hidden="-1" Size="894504" Attr="rsAh" CreateDate="12/7/2007 2:14:09 AM" ChageDate="3/6/2007 6:26:52 PM" MD5="3FC22BA888356B0ACDB7E1D6FC0F002C" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mcshllps.dll" CheckResult="-1" Descr="McAfee McShell Proxy Stub DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="87640" Attr="rsAh" CreateDate="12/7/2007 2:13:43 AM" ChageDate="1/5/2007 4:21:52 PM" MD5="B811AAC93D5BD5DCA6CCB0251ED59586" /> <ITEM File="c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL" CheckResult="-1" Descr="McAfee Network Agent Proxy/Stub" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="83496" Attr="rsAh" CreateDate="12/7/2007 2:14:06 AM" ChageDate="3/9/2007 4:36:12 AM" MD5="975F9F1EAFB8566A51D696E61D7845EA" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mcnmcsps.dll" CheckResult="-1" Descr="McAfee NMC Server Proxy Stub" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="67112" Attr="rsAh" CreateDate="12/7/2007 2:14:09 AM" ChageDate="3/6/2007 6:26:50 PM" MD5="935873C869BE551ABE18C4C1C5A12520" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mcmismgr.dll" CheckResult="-1" Descr="McAfee Misc Manager" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124" Hidden="-1" Size="394840" Attr="rsAh" CreateDate="12/7/2007 2:13:46 AM" ChageDate="1/5/2007 4:21:34 PM" MD5="CC6A41FF46C4EFC8F2EBD433FA47F91F" /> <ITEM File="c:\PROGRA~1\COMMON~1\mcafee\mna\mcuj.dll" CheckResult="-1" Descr="McAfee Unified Join" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124" Hidden="-1" Size="333352" Attr="rsAh" CreateDate="12/7/2007 2:14:06 AM" ChageDate="3/9/2007 4:36:14 AM" MD5="4129F3D399370271074463D15AAB4565" /> <ITEM File="C:\PROGRA~1\McAfee\MSC\McNmcRes.dll" CheckResult="-1" Descr="McAfee NMC Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="333352" Attr="rsAh" CreateDate="12/7/2007 2:14:11 AM" ChageDate="3/6/2007 6:26:48 PM" MD5="1E55194336D7639EBEB95E75AEDDB218" /> <ITEM File="C:\PROGRA~1\McAfee\MSC\McNmcLoR.dll" CheckResult="-1" Descr="McAfee NMC Localized Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="14376" Attr="rsAh" CreateDate="12/7/2007 2:14:11 AM" ChageDate="3/6/2007 6:33:36 PM" MD5="2D297D63417EF342BE55E99F6F935CE2" /> <ITEM File="C:\PROGRA~1\McAfee\MSC\McNmcCoR.dll" CheckResult="-1" Descr="McAfee NMC Co-Branded Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="13352" Attr="rsAh" CreateDate="12/7/2007 2:14:12 AM" ChageDate="3/6/2007 6:33:56 PM" MD5="F9733A366B95C5387A6EFB6DE1354A61" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mcprotpv.dll" CheckResult="-1" Descr="MISP Default Protection Provider" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="204" Hidden="-1" Size="317016" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:21:42 PM" MD5="CE0150BC423490294E40697B0F47E3AD" /> <ITEM File="c:\PROGRA~1\mcafee\msc\mcnmcprv.dll" CheckResult="-1" Descr="McAfee NMC Provider" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="204" Hidden="-1" Size="349736" Attr="rsAh" CreateDate="12/7/2007 2:14:09 AM" ChageDate="3/6/2007 6:26:46 PM" MD5="DE16DB48B1B925C8B75B386576EDB606" /> <ITEM File="C:\PROGRA~1\McAfee\MSC\McProHlp.dll" CheckResult="-1" Descr="Mc Security Index" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="204" Hidden="-1" Size="231000" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:21:40 PM" MD5="FE763F9B4DF58577DA50409BF837F3E3" /> <ITEM File="c:\PROGRA~1\mcafee\mps\mpsppm.dll" CheckResult="-1" Descr="MPS Proxy Plugin Module" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="228" Hidden="-1" Size="207912" Attr="rsAh" CreateDate="12/7/2007 2:15:56 AM" ChageDate="4/18/2007 2:07:46 PM" MD5="12F30D8D6D2300F7F42B9B9B752FFBA2" /> <ITEM File="c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll" CheckResult="-1" Descr="McAfee Event Broker" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="228,408,492,620,2312,312" Hidden="-1" Size="267856" Attr="rsAh" CreateDate="12/7/2007 2:13:39 AM" ChageDate="1/5/2007 2:50:04 PM" MD5="5F2A40A32C06BD4AD4450121ADB95AD7" /> <ITEM File="c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirps.dll" CheckResult="-1" Descr="McAfee Redirector Service Proxy Stub" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="228,312" Hidden="-1" Size="76896" Attr="rsAh" CreateDate="12/7/2007 2:14:23 AM" ChageDate="3/8/2007 3:42:36 PM" MD5="F2C5BB8DC685D31C1895BD74BE2F5FA3" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\LockDown.dll" CheckResult="-1" Descr="Provides self-protection functionality" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="25152" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:56:40 AM" MD5="A5BFECDD6127A276A9B24A1007C34800" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mytilus.dll" CheckResult="-1" Descr="Common Shell - [email protected]; interface to the engine" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="132672" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:57:30 AM" MD5="E7E7C5E2253A741EF7269C5F21D73BB4" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mytilus2.dll" CheckResult="-1" Descr="Common Shell2 - [email protected]; interface to the 5000 series engine" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="226880" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:57:30 AM" MD5="13515CB8D6602D3433537104D6055A52" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\RES00\McShield.dll" CheckResult="-1" Descr="Resources for McShield" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="24664" Attr="rsAh" CreateDate="12/7/2007 2:14:36 AM" ChageDate="6/25/2007 10:55:10 AM" MD5="3A384EBBAEE0151233C02FCE02A7CEE1" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\FTL.Dll" CheckResult="-1" Descr="File Filter Library" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="41024" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:56:58 AM" MD5="181D9F8B63960DA647B4B9A9B3EEB985" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\naiann.dll" CheckResult="-1" Descr="McAfee VirusScan Announcer" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408" Hidden="-1" Size="321104" Attr="rsAh" CreateDate="12/7/2007 2:14:38 AM" ChageDate="1/16/2007 2:06:14 PM" MD5="5BE90201048153C3975C7C4339199514" /> <ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\mcvsps.dll" CheckResult="-1" Descr="McAfee VirusScan Proxy Stub dll" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408,492" Hidden="-1" Size="169552" Attr="rsAh" CreateDate="12/7/2007 2:14:37 AM" ChageDate="1/16/2007 2:06:10 PM" MD5="" /> <ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll" CheckResult="-1" Descr="McAfee VirusScan Announcer Proxy Stub dll" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408" Hidden="-1" Size="24656" Attr="rsAh" CreateDate="12/7/2007 2:14:37 AM" ChageDate="1/16/2007 2:06:16 PM" MD5="792480860CB2ABF6AB643CBE0CE4BBBD" /> <ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll" CheckResult="-1" Descr="McAfee Configuration Object Tool" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408,492" Hidden="-1" Size="296528" Attr="rsAh" CreateDate="12/7/2007 2:14:37 AM" ChageDate="4/18/2007 8:26:08 AM" MD5="F496CA7746E0CE9266900B1632B4E29E" /> <ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\mcvsqt.dll" CheckResult="-1" Descr="McAfee VirusScan Quarantine Interface" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408" Hidden="-1" Size="185936" Attr="rsAh" CreateDate="12/7/2007 2:14:37 AM" ChageDate="1/16/2007 2:05:42 PM" MD5="2217F3EBE3A041C423DC9DB840A0DB80" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\McQtLib.dll" CheckResult="-1" Descr="McAfee Quarantine Library" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408" Hidden="-1" Size="194128" Attr="rsAh" CreateDate="12/7/2007 2:14:37 AM" ChageDate="1/16/2007 2:06:08 PM" MD5="7B34ACE0CFCC7346E31E300CB4C00ED5" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll" CheckResult="-1" Descr="McAfee VirusScan Log Helper" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408,492" Hidden="-1" Size="276048" Attr="rsAh" CreateDate="12/7/2007 2:15:12 AM" ChageDate="1/16/2007 6:03:50 PM" MD5="C3E3DD3D79807127A52C5625CE10BC76" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\scriptsv.dll" CheckResult="-1" Descr="VSCore Script Scanner" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="17984" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:46 AM" MD5="2369DAE0A438B9BEC65871420D53CF86" /> <ITEM File="C:\Program Files\McAfee\VirusScan\mcscan32.dll" CheckResult="-1" Descr="AV Scanning Engine" LegalCopyright="Copyright © 2007 McAfee, Inc." UsedBy="408" Hidden="-1" Size="2724006" Attr="RsAh" CreateDate="12/7/2007 2:14:49 AM" ChageDate="7/9/2007 5:20:00 AM" MD5="7D89C620128AC1B1D2BEADAE59C5EDF2" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mfebopa.dll" CheckResult="-1" Descr="Buffer Overflow Protection Service" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="58944" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:10 AM" MD5="4711D113468155AC27983BE349408618" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll" CheckResult="-1" Descr="Host Intrusion Detection Link Driver Communication" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408,492" Hidden="-1" Size="19008" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:57:12 AM" MD5="1FC2D830CFA073C55AF2C08CCA8F25B7" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mfeavfa.dll" CheckResult="-1" Descr="Anti Virus File System Filter Driver API" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="58944" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:57:04 AM" MD5="EFBC8534AC8BE9F03AF580AE354B998C" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mfesmfa.dll" CheckResult="-1" Descr="System Monitor Filter Driver API" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="492" Hidden="-1" Size="17472" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:26 AM" MD5="2BF1F42442060609DD7E2A8FEFD68141" /> <ITEM File="c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll" CheckResult="-1" Descr="McAfee Personal Firewall Plus" LegalCopyright="Copyright © 2005 McAfee, Inc. All Rights Reserved." UsedBy="620" Hidden="-1" Size="972328" Attr="rsAh" CreateDate="12/7/2007 2:15:35 AM" ChageDate="3/9/2007 4:21:10 PM" MD5="30191EB8EE14AF39ABDC438F33916182" /> <ITEM File="C:\windows\system32\Dunzip32.dll" CheckResult="-1" Descr="DynaZIP-32 Multi-Threading UnZIP DLL" LegalCopyright="Copyright © 1995 - 2004 by Inner Media, Inc. All Rights Reserved." UsedBy="2312" Hidden="-1" Size="143360" Attr="rsAh" CreateDate="12/7/2007 2:15:57 AM" ChageDate="3/3/2006 11:07:02 AM" MD5="C293127E169B0F2F02BB2CBED1057471" /> <ITEM File="c:\PROGRA~1\mcafee\mps\mpsps.dll" CheckResult="-1" Descr="McAfee Privacy Service 9.0 Proxy Stub" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="2312,3500" Hidden="-1" Size="58408" Attr="rsAh" CreateDate="12/7/2007 2:15:56 AM" ChageDate="4/18/2007 2:08:12 PM" MD5="E43DA3F7CF8BB44A360F2A66026E542B" /> <ITEM File="C:\PROGRA~1\McAfee\MSC\McAltLib.dll" CheckResult="-1" Descr="MISP Alert Library" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="3500" Hidden="-1" Size="288344" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:22:06 PM" MD5="B8D3D1737DC48D9B08B408F53F2B5E8E" /> <ITEM File="c:\PROGRA~1\mcafee\mps\mpsmisp.dll" CheckResult="-1" Descr="McAfee Privacy Service 9.0" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="3500" Hidden="-1" Size="415784" Attr="rsAh" CreateDate="12/7/2007 2:16:01 AM" ChageDate="4/18/2007 2:07:42 PM" MD5="F165CF0FABCBE256F5885AE4BC1C6BB5" /> <ITEM File="C:\windows\AppPatch\AcAdProc.dll" CheckResult="-1" Descr="Windows Compatibility DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="836" Hidden="-1" Size="39424" Attr="rsah" CreateDate="4/8/2007 3:59:48 PM" ChageDate="10/4/2006 9:05:26 AM" MD5="744EA281298317E91C3BEA70BF3843D4" /> <ITEM File="C:\Program Files\SPYWAREfighter\engine.dll" CheckResult="-1" Descr="scan engine" LegalCopyright="Copyright © 2005 Anti-Malware Development a.s." UsedBy="2936" Hidden="-1" Size="471960" Attr="rsAh" CreateDate="6/8/2007 11:52:24 AM" ChageDate="6/8/2007 11:52:24 AM" MD5="8D14075841481A2D59F3227EE5E72417" /> <ITEM File="C:\Program Files\SPYWAREfighter\spfrm.dll" CheckResult="-1" Descr="SpyWareFighter RS" LegalCopyright="SpamFighter Aps. All rights reserved." UsedBy="2936,2632" Hidden="-1" Size="230296" Attr="rsAh" CreateDate="6/8/2007 11:52:40 AM" ChageDate="6/8/2007 11:52:40 AM" MD5="B534F5F1AADB2BE2E46FCC2E774A1E87" /> <ITEM File="C:\Program Files\SPYWAREfighter\SPYWAREfighterBO.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="2936,2632" Hidden="-1" Size="119704" Attr="rsAh" CreateDate="6/8/2007 11:52:42 AM" ChageDate="6/8/2007 11:52:42 AM" MD5="BE486297D5DEE1F3C7ADBAFEF9D28AE1" /> <ITEM File="C:\windows\system32\hpz3l463.dll" CheckResult="-1" Descr="LanguageMonitor" LegalCopyright="Copyright © 1999" UsedBy="1680" Hidden="-1" Size="38400" Attr="rsAh" CreateDate="4/7/2007 9:28:13 PM" ChageDate="3/22/2006 8:10:18 PM" MD5="D9CBE3BD7A91FB6731F343C003C3D52D" /> <ITEM File="C:\windows\system32\hpz3l4pi.dll" CheckResult="-1" Descr="LanguageMonitor" LegalCopyright="Copyright © 1999" UsedBy="1680" Hidden="-1" Size="48128" Attr="rsAh" CreateDate="4/7/2007 6:55:22 PM" ChageDate="6/3/2006 8:29:16 PM" MD5="37EAAE02EBF3B89F4F7BD1D40761F80B" /> <ITEM File="C:\windows\System32\spool\PRTPROCS\W32X86\hpzpp463.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © Hewlett-Packard Corp. 1997-2002" UsedBy="1680" Hidden="-1" Size="74240" Attr="rsAh" CreateDate="4/7/2007 9:28:16 PM" ChageDate="3/22/2006 8:08:20 PM" MD5="64EEC29F36B3046E6BF43C81FA598E03" /> <ITEM File="C:\windows\System32\spool\PRTPROCS\W32X86\hpzpp4pi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © Hewlett-Packard Corp. 1997-2002" UsedBy="1680" Hidden="-1" Size="76288" Attr="rsAh" CreateDate="4/7/2007 6:55:23 PM" ChageDate="6/3/2006 8:29:06 PM" MD5="9B8DDEEDB31EDD8042D3B337B47D0409" /> <ITEM File="c:\windows\system32\wiaservc.dll" CheckResult="-1" Descr="Still Image Devices Service" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3000" Hidden="-1" Size="333824" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="12/19/2006 1:16:47 PM" MD5="B6763F8534AC547CF1AF98AFDFF2EDC8" /> <ITEM File="c:\windows\system32\shsvcs.dll" CheckResult="-1" Descr="Windows Shell Services Dll" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1112,792" Hidden="-1" Size="134656" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="12/19/2006 4:52:18 PM" MD5="6815DEF9B810AEFAC107EEAF72DA6F82" /> <ITEM File="c:\windows\system32\dhcpcsvc.dll" CheckResult="-1" Descr="DHCP Client Service" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1112" Hidden="-1" Size="111616" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="5/19/2006 7:59:41 AM" MD5="EF545E1A4B043DA4C84E230DD471C55F" /> <ITEM File="c:\windows\system32\ESENT.dll" CheckResult="-1" Descr="Server Database Storage Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1112" Hidden="-1" Size="1082368" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/20/2005 5:20:03 PM" MD5="50DE118DA580208B914B40DD47C90D52" /> <ITEM File="c:\windows\system32\wkssvc.dll" CheckResult="-1" Descr="Workstation Service DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1112" Hidden="-1" Size="132096" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/17/2006 7:28:27 AM" MD5="3CD291A2C4909088B3D1E98DED73D4B2" /> <ITEM File="C:\windows\system32\wuaueng.dll" CheckResult="-1" Descr="Windows Update Agent" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1112" Hidden="-1" Size="1712984" Attr="rsAh" CreateDate="6/14/2005 7:33:20 PM" ChageDate="7/30/2007 6:19:42 PM" MD5="3EEC20E41F5F331B94002970CEAEC92F" /> <ITEM File="C:\WINDOWS\system32\MTXCLU.DLL" CheckResult="-1" Descr="MS DTC amd MTS clustering support DLL" LegalCopyright="Copyright © Microsoft Corp. 1995-1998" UsedBy="1112" Hidden="-1" Size="66560" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="3/1/2006 2:42:42 PM" MD5="16A389D6DED58BA583694F825A1821A2" /> <ITEM File="C:\windows\System32\rasmans.dll" CheckResult="-1" Descr="Remote Access Connection Manager" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1112" Hidden="-1" Size="181248" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="5/14/2006 3:44:08 AM" MD5="D4BD2EEAB07FEF323F0A0CEECC954F51" /> <ITEM File="C:\WINDOWS\system32\wups2.dll" CheckResult="-1" Descr="Windows Update client proxy stub 2" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1112" Hidden="-1" Size="43352" Attr="rsAh" CreateDate="5/26/2005 6:16:30 AM" ChageDate="7/30/2007 6:19:12 PM" MD5="CEB1BD87FBCB5984BDF7DC0991A060B5" /> <ITEM File="c:\windows\system32\webclnt.dll" CheckResult="-1" Descr="Web DAV Service DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1304" Hidden="-1" Size="68096" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="1/3/2006 10:35:05 PM" MD5="265F534EF76832435AFBF771EC97176D" /> <ITEM File="c:\windows\system32\upnphost.dll" CheckResult="-1" Descr="UPnP Device Host" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1304" Hidden="-1" Size="185344" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="2/5/2007 3:17:02 PM" MD5="ACA5D98663D879C6BAAFCEA7E2F1B710" /> <ITEM File="C:\Program Files\AOL 9.0b\waol.dll" CheckResult="-1" Descr="AOL Software" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="364544" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="7A039521B550697ECEC12F3A8688672A" /> <ITEM File="C:\Program Files\AOL 9.0b\supersub.dll" CheckResult="-1" Descr="SuperSub" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="454656" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="5DCE7F8D6AB93F4FC798EB9EB133F10D" /> <ITEM File="C:\Program Files\AOL 9.0b\xprt5.dll" CheckResult="-1" Descr="XPRT Runtime Library" LegalCopyright="Copyright 1998-2007 AOL LLC" UsedBy="1436" Hidden="-1" Size="249856" Attr="rsAh" CreateDate="4/18/2007 1:49:08 AM" ChageDate="4/18/2007 1:49:08 AM" MD5="BF9D64E0ECD591BC1B38BD335156B66F" /> <ITEM File="C:\Program Files\AOL 9.0b\coolcore46.dll" CheckResult="-1" Descr="COOL Core Component Library" LegalCopyright="Copyright 1998-2007 AOL LLC" UsedBy="1436" Hidden="-1" Size="749568" Attr="rsAh" CreateDate="4/18/2007 1:49:00 AM" ChageDate="4/18/2007 1:49:00 AM" MD5="2522A70E4818281C27C9BD1952C376A1" /> <ITEM File="C:\Program Files\AOL 9.0b\comm.dll" CheckResult="-1" Descr="Comm" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="245760" Attr="rsAh" CreateDate="4/18/2007 1:49:00 AM" ChageDate="4/18/2007 1:49:00 AM" MD5="AABE0FDB863D088AD3A3751C8D40E2C6" /> <ITEM File="C:\Program Files\AOL 9.0b\manager.dll" CheckResult="-1" Descr="Display Manager" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="901120" Attr="rsAh" CreateDate="4/18/2007 1:49:02 AM" ChageDate="9/14/2007 11:50:58 AM" MD5="A2BC762A42DC8A4BCE27CE3EA5ACF97B" /> <ITEM File="C:\Program Files\AOL 9.0b\SYNCCORE.dll" CheckResult="-1" Descr="SYNCCORE.DLL" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="22528" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="56501D3BE21525DB985700CD0FDE0414" /> <ITEM File="C:\Program Files\AOL 9.0b\ProxyMgr.dll" CheckResult="-1" Descr="ProxyMgr DLL" LegalCopyright="Copyright ¬ 1999 - 2003" UsedBy="1436" Hidden="-1" Size="114688" Attr="rsAh" CreateDate="4/18/2007 1:49:05 AM" ChageDate="4/18/2007 1:49:05 AM" MD5="465B58B8EE6BABDDEA6EB082B3E62ACC" /> <ITEM File="C:\Program Files\AOL 9.0b\APPDATA.dll" CheckResult="-1" Descr="AppData" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="11264" Attr="rsAh" CreateDate="4/18/2007 1:49:00 AM" ChageDate="4/18/2007 1:49:00 AM" MD5="FD7B588D956F07BF3EAF22D84C061296" /> <ITEM File="C:\Program Files\AOL 9.0b\acfBase.DLL" CheckResult="-1" Descr="acf Module" LegalCopyright="Copyright 2001" UsedBy="1436" Hidden="-1" Size="41472" Attr="rsAh" CreateDate="4/18/2007 1:48:59 AM" ChageDate="4/18/2007 1:48:59 AM" MD5="959141849AFD2F062DDA9BD64C3CBD54" /> <ITEM File="C:\Program Files\AOL 9.0b\resource.dll" CheckResult="-1" Descr="RESOURCE Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="2703360" Attr="rsAh" CreateDate="4/18/2007 1:49:05 AM" ChageDate="4/18/2007 1:49:05 AM" MD5="6F20433C6889F1909A930474D6CB9515" /> <ITEM File="C:\Program Files\AOL 9.0b\TOOL\imfdecode.rct" CheckResult="-1" Descr="Imfdecode Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="421888" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="5A67C2F49A59FFAE8FEA0F719C7B9F99" /> <ITEM File="C:\Program Files\AOL 9.0b\TOOL\coretool.rct" CheckResult="-1" Descr="Coretool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="401408" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="713A0F8C867BEEB435EFEF0FA9C7E49E" /> <ITEM File="C:\Program Files\AOL 9.0b\TOOL\mip.tol" CheckResult="-1" Descr="MIP Manager" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="315392" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="A9D4A63B1EA63D557DD6FAFD1BD0FFF9" /> <ITEM File="C:\Program Files\AOL 9.0b\ABOOK.dll" CheckResult="-1" Descr="ABook Library" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="380928" Attr="rsAh" CreateDate="4/18/2007 1:48:59 AM" ChageDate="4/18/2007 1:48:59 AM" MD5="FAD65A905B609722AC0704313C0849D7" /> <ITEM File="C:\Program Files\AOL 9.0b\TOOL\rich.rct" CheckResult="-1" Descr="Rich Text Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="434176" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="9E0C34DA3F3265F846ABA1DBCFA0EE98" /> <ITEM File="C:\Program Files\AOL 9.0b\TOOL\actvx.rct" CheckResult="-1" Descr="ActiveX" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="167936" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="" /> <ITEM File="C:\Program Files\AOL 9.0b\TOOL\sec.cct" CheckResult="-1" Descr="Security Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="163840" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="600FBBE776FDA52A57F550057E23163F" /> <ITEM File="C:\Program Files\AOL 9.0b\TOOL\chat.tol" CheckResult="-1" Descr="Chat Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="364544" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="3B35DEE5F1A44CAE9F0097005435EA0A" /> <ITEM File="C:\Program Files\AOL 9.0b\TOOL\htmlview.tol" CheckResult="-1" Descr="Managed By Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="352256" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="" /> <ITEM File="C:\Program Files\AOL 9.0b\TOOL\www.tol" CheckResult="-1" Descr="WWW" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="249856" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="D54B93C40FD04039D66230BE054A4D45" /> <ITEM File="C:\Program Files\AOL 9.0b\TOOL\lvi.tol" CheckResult="-1" Descr="LVI Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="77824" Attr="rsAh" CreateDate="10/2/2007 7:53:03 AM" ChageDate="4/18/2007 1:49:08 AM" MD5="81C9940357741049320B8EC79EC13AA3" /> <ITEM File="C:\Program Files\AOL 9.0b\COOLAPI.dll" CheckResult="-1" Descr="Cool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="196608" Attr="rsAh" CreateDate="4/18/2007 1:49:00 AM" ChageDate="4/18/2007 1:49:00 AM" MD5="E754F58B4D61202C823DF0D61B5691A0" /> <ITEM File="C:\Program Files\AOL 9.0b\idleproc.dll" CheckResult="-1" Descr="IDLEPROC DLL" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="6144" Attr="rsAh" CreateDate="4/18/2007 1:49:01 AM" ChageDate="4/18/2007 1:49:01 AM" MD5="180D0E0733DB9BB7EBC3C0675A055E32" /> <ITEM File="C:\Program Files\AOL 9.0b\TOOL\talk.tol" CheckResult="-1" Descr="Talk Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="27648" Attr="rsAh" CreateDate="10/2/2007 7:53:02 AM" ChageDate="4/18/2007 1:49:08 AM" MD5="F6ACE72ED4960BB0DE3E81DA2EC1C2A6" /> <ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll" CheckResult="-1" Descr="Viewpoint Media Player for Internet Explorer" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="254022" Attr="rsAh" CreateDate="2/15/2007 9:50:19 AM" ChageDate="2/15/2007 9:50:18 AM" MD5="" /> <ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305000D.dll" CheckResult="-1" Descr="Viewpoint Media Player Component Manager" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="213062" Attr="rsAh" CreateDate="2/15/2007 9:50:19 AM" ChageDate="2/15/2007 9:50:19 AM" MD5="CB92EBF6A404E9CFCE1C226BB0D86AFF" /> <ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll" CheckResult="-1" Descr="Viewpoint Media Player Scene Component" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="1282120" Attr="rsAh" CreateDate="7/7/2005 5:26:32 PM" ChageDate="6/15/2007 11:27:15 AM" MD5="18AE6C06D816E187DBF73C88A6358FF5" /> <ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll" CheckResult="-1" Descr="Viewpoint Media Player AOLUserShell" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="413746" Attr="rsAh" CreateDate="7/7/2005 5:26:33 PM" ChageDate="2/20/2004 2:57:31 PM" MD5="930D959F612AA545DEF48CA94616E5D8" /> <ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll" CheckResult="-1" Descr="Viewpoint Media Player Rasterizer Component" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="528430" Attr="rsAh" CreateDate="7/7/2005 5:26:32 PM" ChageDate="2/20/2004 3:02:25 PM" MD5="3BADDC0379DC2E57F654E900F403D5AE" /> <ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll" CheckResult="-1" Descr="Viewpoint Media Player SWFView Component" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="659501" Attr="rsAh" CreateDate="7/7/2005 5:26:32 PM" ChageDate="2/20/2004 3:08:01 PM" MD5="20085B5B8BC179425ED29DCE0C5DD6DD" /> <ITEM File="C:\windows\system32\jgpl400.dll" CheckResult="-1" Descr="JG ART Player DLL" LegalCopyright="©1996 AOL/Johnson-Grace Company" UsedBy="1436" Hidden="-1" Size="27648" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="BBB92EFC61A2D867EB21CE24FC1BB5CA" /> <ITEM File="C:\windows\system32\jgdw400.dll" CheckResult="-1" Descr="JG ART DLL" LegalCopyright="Copyright © 1997 America Online, Inc." UsedBy="1436" Hidden="-1" Size="163840" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="07F5D42EA81FC1A8A2F59D5104714546" /> <ITEM File="C:\WINDOWS\system32\mshtml.dll" CheckResult="-1" Descr="Microsoft ® HTML Viewer" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1436" Hidden="-1" Size="3590656" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/30/2007 6:42:28 PM" MD5="8AB7ECF59D6EBBE986277B65ED4A40A1" /> <ITEM File="C:\WINDOWS\system32\msls31.dll" CheckResult="-1" Descr="Microsoft Line Services library file" LegalCopyright="Copyright © Microsoft Corp. 1996-1999" UsedBy="1436" Hidden="-1" Size="156160" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="11/7/2006 9:03:36 PM" MD5="2D15E1C7CD0BC1A9B7F9660E39A0CE3E" /> <ITEM File="C:\WINDOWS\system32\mshtmled.dll" CheckResult="-1" Descr="Microsoft® HTML Editing Component" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1436" Hidden="-1" Size="478208" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:58 PM" MD5="67AEC681AE6131BA00119FB1C9C6C83C" /> <ITEM File="C:\WINDOWS\system32\Dxtrans.dll" CheckResult="-1" Descr="DirectX Media -- DirectX Transform Core" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1436" Hidden="-1" Size="214528" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:51 PM" MD5="" /> <ITEM File="C:\WINDOWS\system32\Dxtmsft.dll" CheckResult="-1" Descr="DirectX Media -- Image DirectX Transforms" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1436" Hidden="-1" Size="346624" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/17/2006 11:58:06 AM" MD5="" /> <ITEM File="C:\windows\system32\wmpmde.dll" CheckResult="-1" Descr="WMPMDE DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3444" Hidden="-1" Size="613376" Attr="rsah" CreateDate="10/18/2006 8:47:20 PM" ChageDate="10/18/2006 8:47:20 PM" MD5="3B8CFDA90EFAA65901ECC2EDCAD4D1EF" /> <ITEM File="C:\windows\system32\MFPlat.DLL" CheckResult="-1" Descr="Media Foundation Platform DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3444" Hidden="-1" Size="212992" Attr="rsah" CreateDate="10/18/2006 8:47:14 PM" ChageDate="10/18/2006 8:47:14 PM" MD5="55C30168142479C602BD456AC4E230B0" /> <ITEM File="C:\WINDOWS\system32\wmp.dll" CheckResult="-1" Descr="Windows Media Player" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3444" Hidden="-1" Size="10834944" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="6/11/2007 10:51:12 PM" MD5="22A252B03462457AF8D1A22EC64AADBF" /> <ITEM File="C:\WINDOWS\system32\wmploc.dll" CheckResult="-1" Descr="Windows Media Player Resources" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3444" Hidden="-1" Size="8231936" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/18/2006 8:47:20 PM" MD5="E8885A533A3D46209851433E3B9B3BC4" /> <ITEM File="C:\WINDOWS\system32\wmpps.dll" CheckResult="-1" Descr="Windows Media Player Proxy Stub Dll" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3444" Hidden="-1" Size="130048" Attr="rsah" CreateDate="10/18/2006 8:47:20 PM" ChageDate="10/18/2006 8:47:20 PM" MD5="5CCB54A9CF8FC5E3251374E0DC9C45BB" /> <ITEM File="C:\Program Files\Windows Media Player\wmpnssci.dll" CheckResult="-1" Descr="Windows Media Player Network Sharing Service Control Interface DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="2676" Hidden="-1" Size="198144" Attr="rsah" CreateDate="10/18/2006 8:47:20 PM" ChageDate="10/18/2006 8:47:20 PM" MD5="E9A73E376B26D5243F7A418A0C548929" /> </DLL> - <KERNELOBJ> <ITEM File="C:\windows\System32\Drivers\dump_atapi.sys" CheckResult="-1" Base="F45AB000" MemSize="018000" Descr="" LegalCopyright="" /> <ITEM File="C:\windows\System32\Drivers\dump_WMILIB.SYS" CheckResult="-1" Base="F7B2C000" MemSize="002000" Descr="" LegalCopyright="" /> <ITEM File="C:\windows\system32\Drivers\fltMgr.sys" CheckResult="-1" Base="F7445000" MemSize="020000" Descr="Microsoft Filesystem Filter Manager" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="128896" Attr="rsAh" CreateDate="6/14/2005 7:33:11 PM" ChageDate="8/21/2006 4:14:58 AM" MD5="3D234FB6D6EE875EB009864A299BEA29" /> <ITEM File="C:\windows\System32\Drivers\HTTP.sys" CheckResult="-1" Base="BA1D2000" MemSize="041000" Descr="HTTP Protocol Stack" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="262784" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="3/16/2006 7:33:10 PM" MD5="CB77BB47E67E84DEB17BA29632501730" /> <ITEM File="C:\windows\system32\drivers\kmixer.sys" CheckResult="-1" Base="B7B78000" MemSize="02B000" Descr="Kernel Mode Audio Mixer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="172416" Attr="rsAh" CreateDate="6/15/2005 10:39:54 AM" ChageDate="6/14/2006 3:47:45 AM" MD5="BA5DEDA4D934E6288C2F66CAF58D2562" /> <ITEM File="C:\windows\system32\drivers\mfeavfk.sys" CheckResult="-1" Base="BA308000" MemSize="010000" Descr="Anti-Virus File System Filter Driver" LegalCopyright="Copyright© 1995-2006 McAfee, Inc. All Rights Reserved." Size="71496" Attr="rsAh" CreateDate="12/7/2007 2:14:30 AM" ChageDate="6/25/2007 2:54:44 PM" MD5="452321943976F1EC781E738ECC4C20C6" /> <ITEM File="C:\windows\system32\drivers\mfebopk.sys" CheckResult="-1" Base="F78EC000" MemSize="007000" Descr="Buffer Overflow Protection Driver" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." Size="34184" Attr="rsAh" CreateDate="12/7/2007 2:14:33 AM" ChageDate="6/25/2007 10:57:10 AM" MD5="3E9886C65CC655044BABB6869B69E8A3" /> <ITEM File="C:\windows\system32\drivers\mfehidk.sys" CheckResult="-1" Base="B9D0C000" MemSize="029000" Descr="Host Intrusion Detection Link Driver" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." Size="171240" Attr="rsAh" CreateDate="12/7/2007 2:14:31 AM" ChageDate="6/25/2007 10:57:20 AM" MD5="8FF78B6959BC106834F583B9ABE33E33" /> <ITEM File="C:\windows\system32\drivers\mfesmfk.sys" CheckResult="-1" Base="F78DC000" MemSize="008000" Descr="System Monitor Filter Driver" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." Size="37480" Attr="rsAh" CreateDate="12/7/2007 2:14:33 AM" ChageDate="6/25/2007 10:57:28 AM" MD5="465E114B2D2DD7C79951F4A8E9FD9CD2" /> <ITEM File="C:\windows\System32\Drivers\Mpfp.sys" CheckResult="-1" Base="F47DB000" MemSize="023000" Descr="McAfee Personal Firewall Plus Driver" LegalCopyright="Copyright © 2005 McAfee, Inc. All rights reserved." Size="109608" Attr="rsAh" CreateDate="12/7/2007 2:14:21 AM" ChageDate="3/2/2007 2:16:52 PM" MD5="B53A1134237A49A10352D5DD54BB2A54" /> <ITEM File="C:\windows\system32\DRIVERS\mrxsmb.sys" CheckResult="-1" Base="F462F000" MemSize="06F000" Descr="Windows NT SMB Minirdr" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="453120" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="5/5/2006 4:41:45 AM" MD5="025AF03CE51645C62F3B6907A7E2BE5E" /> <ITEM File="C:\windows\system32\Drivers\Ntfs.sys" CheckResult="-1" Base="F738F000" MemSize="08D000" Descr="NT File System Driver" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="574464" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="2/9/2007 6:10:35 AM" MD5="19A811EF5F1ED5C926A028CE107FF1AF" /> <ITEM File="C:\windows\system32\ntkrnlpa.exe" CheckResult="-1" Base="804D7000" MemSize="1F6580" Descr="NT Kernel @amp; System" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="2057600" Attr="rsAh" CreateDate="8/3/2004 5:59:00 PM" ChageDate="2/28/2007 3:38:55 AM" MD5="515D30E2C90A3665A2739309334C9283" /> <ITEM File="C:\windows\system32\drivers\nvapu.sys" CheckResult="-1" Base="F6B81000" MemSize="066000" Descr="NVIDIA® nForce Audio Driver" LegalCopyright="Copyright© 2000-2005 NVIDIA Corporation" Size="415360" Attr="rsAh" CreateDate="6/15/2005 10:39:24 AM" ChageDate="7/26/2005 7:01:56 AM" MD5="6D6FD2B7035D415621ACAF1E555C8B90" /> <ITEM File="C:\windows\system32\drivers\nvarm.sys" CheckResult="-1" Base="F6A6A000" MemSize="011000" Descr="NVIDIA® nForce APU Resource Manager" LegalCopyright="Copyright© 2000-2005 NVIDIA Corporation" Size="66688" Attr="rsAh" CreateDate="6/15/2005 10:39:23 AM" ChageDate="7/26/2005 7:02:36 AM" MD5="6A4EF48A64C67230B9B1C8ECBF52948C" /> <ITEM File="C:\windows\system32\drivers\nvax.sys" CheckResult="-1" Base="F783C000" MemSize="00E000" Descr="NVIDIA® nForce MCP Audio Enumerator" LegalCopyright="Copyright© 2000-2005 NVIDIA Corporation" Size="53376" Attr="rsAh" CreateDate="6/15/2005 10:39:23 AM" ChageDate="7/26/2005 6:58:30 AM" MD5="F3D3015E52F2732042197D4EDCAAC2CB" /> <ITEM File="C:\windows\system32\DRIVERS\NVENETFD.sys" CheckResult="-1" Base="F777C000" MemSize="009000" Descr="NVIDIA Networking Function Driver." LegalCopyright="Copyright © 2001-2003 NVIDIA Corporation" Size="33408" Attr="RsAh" CreateDate="6/15/2005 10:39:04 AM" ChageDate="11/24/2004 4:42:46 AM" MD5="812F45DA883BDB87C5960B25295A7E9C" /> <ITEM File="C:\windows\system32\drivers\nvmcp.sys" CheckResult="-1" Base="F6A7B000" MemSize="0E2000" Descr="NVIDIA® nForce MCP APU Audio Library" LegalCopyright="Copyright© 2000-2005 NVIDIA Corporation" Size="923520" Attr="rsAh" CreateDate="6/15/2005 10:39:23 AM" ChageDate="7/26/2005 7:02:38 AM" MD5="AEE0876E55D888D84507C521F452260B" /> <ITEM File="C:\windows\system32\DRIVERS\nvnetbus.sys" CheckResult="-1" Base="F7AB8000" MemSize="004000" Descr="NVIDIA Networking Bus Driver." LegalCopyright="Copyright © 2001-2003 NVIDIA Corporation" Size="12928" Attr="RsAh" CreateDate="6/15/2005 10:39:02 AM" ChageDate="11/24/2004 4:42:48 AM" MD5="507B332B431392ED37C23B7CFB66DCF7" /> <ITEM File="C:\windows\system32\DRIVERS\NVNRM.SYS" CheckResult="-1" Base="F71A7000" MemSize="044000" Descr="NVIDIA Network Resource Manager." LegalCopyright="Copyright © 2001-2003 NVIDIA Corporation" Size="275584" Attr="RsAh" CreateDate="6/15/2005 10:39:02 AM" ChageDate="11/24/2004 4:42:22 AM" MD5="1DB63A3126303185256F7350EB8A50C9" /> <ITEM File="C:\windows\system32\DRIVERS\NVSNPU.SYS" CheckResult="-1" Base="F7174000" MemSize="033000" Descr="NVIDIA Networking Soft-NPU Driver." LegalCopyright="Copyright © 2001-2003 NVIDIA Corporation" Size="208256" Attr="RsAh" CreateDate="6/15/2005 10:39:03 AM" ChageDate="11/24/2004 4:42:06 AM" MD5="2A2428E9AC19D75670E8964CD070C900" /> <ITEM File="C:\windows\system32\DRIVERS\rdbss.sys" CheckResult="-1" Base="F46C6000" MemSize="02B000" Descr="Redirected Drive Buffering SubSystem Driver" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="174592" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="5/5/2006 4:47:57 AM" MD5="03B965B1CA47F6EF60EB5E51CB50E0AF" /> <ITEM File="C:\Program Files\SPYWAREfighter\spyfighter.sys" CheckResult="-1" Base="F78C4000" MemSize="005000" Descr="" LegalCopyright="" Size="8600" Attr="rsAh" CreateDate="6/8/2007 11:52:46 AM" ChageDate="6/8/2007 11:52:46 AM" MD5="07263F66EEF61331D9FBC0EEA316FF86" /> <ITEM File="C:\windows\system32\DRIVERS\srv.sys" CheckResult="-1" Base="BA0B8000" MemSize="052000" Descr="Server driver" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="332928" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/14/2006 5:34:41 AM" MD5="EA554A3FFC3F536FE8320EB38F5E4843" /> <ITEM File="C:\windows\system32\DRIVERS\wanatw4.sys" CheckResult="-1" Base="F7934000" MemSize="006000" Descr="Wan Miniport (ATW)" LegalCopyright="Copyright © 2001-2002 America Online, Inc." Size="33588" Attr="RsAh" CreateDate="1/10/2003 4:13:04 PM" ChageDate="1/10/2003 4:13:04 PM" MD5="0A716C08CB13C3A8F4F51E882DBF7416" /> <ITEM File="C:\windows\system32\drivers\wdmaud.sys" CheckResult="-1" Base="B9D83000" MemSize="015000" Descr="MMSYSTEM Wave/Midi API mapper" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="82944" Attr="rsAh" CreateDate="6/15/2005 10:40:03 AM" ChageDate="6/14/2006 4:00:45 AM" MD5="EFD235CA22B57C81118C1AEB4798F1C1" /> <ITEM File="C:\windows\System32\win32k.sys" CheckResult="-1" Base="BF800000" MemSize="1C3000" Descr="Multi-User Win32 Driver" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1843584" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="3/8/2007 8:47:48 AM" MD5="5B5AD4F40BE00F56F51F286BE72C0376" /> <ITEM File="C:\windows\system32\DRIVERS\WniHdd51.sys" CheckResult="-1" Base="F71EB000" MemSize="0CE000" Descr="Airgo Networks True MIMO Wireless Adapter" LegalCopyright="Copyright © Airgo Networks, Inc.,2004" Size="840192" Attr="rsAh" CreateDate="1/29/2006 4:11:15 PM" ChageDate="4/18/2005 4:47:00 PM" MD5="67B2F1BDE076EC780394C8F0EC6888B8" /> </KERNELOBJ> - <Service> <ITEM File="C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" Name="AOL ACS" CheckResult="-1" Type="272" State="4" Size="46640" Attr="RsAh" CreateDate="10/23/2006 7:50:35 AM" ChageDate="10/23/2006 7:50:35 AM" MD5="85180CF88C5EBAD73B452A43A004CA51" /> <ITEM File="C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe" Name="McAfee HackerWatch Service" CheckResult="-1" Type="16" State="4" Size="540776" Attr="rsAh" CreateDate="12/7/2007 2:14:26 AM" ChageDate="2/13/2007 12:09:12 PM" MD5="38BCCF016B694A745E1CDBC0B080A59C" /> <ITEM File="C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe" Name="mcmscsvc" CheckResult="-1" Type="16" State="4" Size="361560" Attr="rsAh" CreateDate="12/7/2007 2:13:51 AM" ChageDate="1/5/2007 4:22:12 PM" MD5="BB8A45E65BE310996A201F8A75646A8D" /> <ITEM File="c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe" Name="McNASvc" CheckResult="-1" Type="16" State="4" Size="2213416" Attr="rsAh" CreateDate="12/7/2007 2:14:06 AM" ChageDate="3/9/2007 4:36:10 AM" MD5="39621D46D16AF1FCF6063BCED5CA60FC" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe" Name="McODS" CheckResult="-1" Type="16" State="4" Size="362064" Attr="rsAh" CreateDate="12/7/2007 2:15:09 AM" ChageDate="1/16/2007 6:03:36 PM" MD5="" /> <ITEM File="C:\PROGRA~1\McAfee\MSC\mcpromgr.exe" Name="mcpromgr" CheckResult="-1" Type="16" State="4" Size="493144" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:21:40 PM" MD5="14313FF5203DF7CB53E8D2F18F59D4D2" /> <ITEM File="c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe" Name="McProxy" CheckResult="-1" Type="16" State="4" Size="353368" Attr="rsAh" CreateDate="12/7/2007 2:15:51 AM" ChageDate="4/12/2007 9:33:42 AM" MD5="7BC413411A8A0E58ECB6868FFC2180D9" /> <ITEM File="c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe" Name="McRedirector" CheckResult="-1" Type="16" State="4" Size="256096" Attr="rsAh" CreateDate="12/7/2007 2:14:23 AM" ChageDate="3/8/2007 3:42:42 PM" MD5="DAF486036F2F6EE9DBA390D3CF2E5C29" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe" Name="McShield" CheckResult="-1" Type="16" State="4" Size="144960" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:56:42 AM" MD5="6611420C3CC970126C86ADCDC376AE39" /> <ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe" Name="McSysmon" CheckResult="-1" Type="16" State="4" Size="643664" Attr="rsAh" CreateDate="12/7/2007 2:14:39 AM" ChageDate="1/25/2007 4:01:58 PM" MD5="9770A8706BBA3C4CBEA998D2A6BF2D08" /> <ITEM File="C:\Program Files\McAfee\MPF\MPFSrv.exe" Name="MpfService" CheckResult="-1" Type="16" State="4" Size="841256" Attr="rsAh" CreateDate="12/7/2007 2:15:27 AM" ChageDate="6/19/2007 8:55:24 AM" MD5="1CAD000C45ED402F9C61F90CF8D208C2" /> <ITEM File="C:\PROGRA~1\McAfee\MPS\mps.exe" Name="MPS9" CheckResult="-1" Type="16" State="4" Size="906792" Attr="rsAh" CreateDate="12/7/2007 2:15:56 AM" ChageDate="4/18/2007 2:08:06 PM" MD5="" /> <ITEM File="C:\Program Files\SPYWAREfighter\spfprc.exe" Name="SPYWAREfighterRP" CheckResult="-1" Type="272" State="4" Size="410520" Attr="rsAh" CreateDate="6/8/2007 11:52:14 AM" ChageDate="6/8/2007 11:52:14 AM" MD5="DD634A9825135DDD919683A7DC04360B" /> <ITEM File="C:\Program Files\Windows Media Player\WMPNetwk.exe" Name="WMPNetworkSvc" CheckResult="-1" Type="16" State="4" Size="913408" Attr="rsah" CreateDate="10/18/2006 7:05:24 PM" ChageDate="10/18/2006 7:05:24 PM" MD5="F74E3D9A7FA9556C3BBB14D4E5E63D3B" /> <ITEM File="C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" Name="Adobe LM Service" CheckResult="-1" Type="16" State="1" Size="72704" Attr="rsAh" CreateDate="8/17/2005 8:18:22 PM" ChageDate="8/17/2005 8:18:22 PM" MD5="8B46D5A1D3EF08232C04D0EAFB871FB2" /> <ITEM File="C:\WINDOWS\system32\ati2sgag.exe" Name="ATI Smart" CheckResult="-1" Type="272" State="1" Size="516096" Attr="rsah" CreateDate="6/15/2005 10:44:41 AM" ChageDate="3/22/2005 11:05:00 PM" MD5="E08F67A80BF2FA7DF80F99F1E771EF3E" /> <ITEM File="C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe" Name="Emproxy" CheckResult="-1" Type="16" State="1" Size="341328" Attr="rsAh" CreateDate="12/7/2007 2:14:28 AM" ChageDate="10/5/2007 5:33:26 PM" MD5="A75FF052CC5682A197DD5CD4E89C218A" /> <ITEM File="iPod Service.sys" Name="iPod Service" CheckResult="-1" Type="16" State="1" /> <ITEM File="C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe" Name="mcmispupdmgr" CheckResult="-1" Type="272" State="1" Size="689752" Attr="rsAh" CreateDate="12/7/2007 2:13:48 AM" ChageDate="1/5/2007 4:22:18 PM" MD5="993582EC1CF765206CF9D4D5CA22589F" /> </Service> - <Drivers> <ITEM File="C:\windows\system32\DRIVERS\WniHdd51.sys" Name="Airgo" CheckResult="-1" Type="1" State="4" Size="840192" Attr="rsAh" CreateDate="1/29/2006 4:11:15 PM" ChageDate="4/18/2005 4:47:00 PM" MD5="67B2F1BDE076EC780394C8F0EC6888B8" /> <ITEM File="C:\windows\system32\DRIVERS\fltMgr.sys" Name="FltMgr" CheckResult="-1" Type="2" State="4" Size="128896" Attr="rsAh" CreateDate="6/14/2005 7:33:11 PM" ChageDate="8/21/2006 4:14:58 AM" MD5="3D234FB6D6EE875EB009864A299BEA29" /> <ITEM File="C:\windows\system32\Drivers\HTTP.sys" Name="HTTP" CheckResult="-1" Type="1" State="4" Size="262784" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="3/16/2006 7:33:10 PM" MD5="CB77BB47E67E84DEB17BA29632501730" /> <ITEM File="C:\windows\system32\drivers\kmixer.sys" Name="kmixer" CheckResult="-1" Type="1" State="4" Size="172416" Attr="rsAh" CreateDate="6/15/2005 10:39:54 AM" ChageDate="6/14/2006 3:47:45 AM" MD5="BA5DEDA4D934E6288C2F66CAF58D2562" /> <ITEM File="C:\windows\system32\drivers\mfeavfk.sys" Name="mfeavfk" CheckResult="-1" Type="1" State="4" Size="71496" Attr="rsAh" CreateDate="12/7/2007 2:14:30 AM" ChageDate="6/25/2007 2:54:44 PM" MD5="452321943976F1EC781E738ECC4C20C6" /> <ITEM File="C:\windows\system32\drivers\mfebopk.sys" Name="mfebopk" CheckResult="-1" Type="1" State="4" Size="34184" Attr="rsAh" CreateDate="12/7/2007 2:14:33 AM" ChageDate="6/25/2007 10:57:10 AM" MD5="3E9886C65CC655044BABB6869B69E8A3" /> <ITEM File="C:\windows\system32\drivers\mfehidk.sys" Name="mfehidk" CheckResult="-1" Type="1" State="4" Size="171240" Attr="rsAh" CreateDate="12/7/2007 2:14:31 AM" ChageDate="6/25/2007 10:57:20 AM" MD5="8FF78B6959BC106834F583B9ABE33E33" /> <ITEM File="C:\windows\system32\drivers\mfesmfk.sys" Name="mfesmfk" CheckResult="-1" Type="1" State="4" Size="37480" Attr="rsAh" CreateDate="12/7/2007 2:14:33 AM" ChageDate="6/25/2007 10:57:28 AM" MD5="465E114B2D2DD7C79951F4A8E9FD9CD2" /> <ITEM File="C:\windows\system32\Drivers\Mpfp.sys" Name="MPFP" CheckResult="-1" Type="1" State="4" Size="109608" Attr="rsAh" CreateDate="12/7/2007 2:14:21 AM" ChageDate="3/2/2007 2:16:52 PM" MD5="B53A1134237A49A10352D5DD54BB2A54" /> <ITEM File="C:\windows\system32\DRIVERS\mrxsmb.sys" Name="MRxSmb" CheckResult="-1" Type="2" State="4" Size="453120" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="5/5/2006 4:41:45 AM" MD5="025AF03CE51645C62F3B6907A7E2BE5E" /> <ITEM File="C:\windows\system32\Drivers\Ntfs.sys" Name="Ntfs" CheckResult="-1" Type="2" State="4" Size="574464" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="2/9/2007 6:10:35 AM" MD5="19A811EF5F1ED5C926A028CE107FF1AF" /> <ITEM File="C:\windows\system32\drivers\nvax.sys" Name="nvax" CheckResult="-1" Type="1" State="4" Size="53376" Attr="rsAh" CreateDate="6/15/2005 10:39:23 AM" ChageDate="7/26/2005 6:58:30 AM" MD5="F3D3015E52F2732042197D4EDCAAC2CB" /> <ITEM File="C:\windows\system32\DRIVERS\NVENETFD.sys" Name="NVENETFD" CheckResult="-1" Type="1" State="4" Size="33408" Attr="RsAh" CreateDate="6/15/2005 10:39:04 AM" ChageDate="11/24/2004 4:42:46 AM" MD5="812F45DA883BDB87C5960B25295A7E9C" /> <ITEM File="C:\windows\system32\DRIVERS\nvnetbus.sys" Name="nvnetbus" CheckResult="-1" Type="1" State="4" Size="12928" Attr="RsAh" CreateDate="6/15/2005 10:39:02 AM" ChageDate="11/24/2004 4:42:48 AM" MD5="507B332B431392ED37C23B7CFB66DCF7" /> <ITEM File="C:\windows\system32\drivers\nvapu.sys" Name="nvnforce" CheckResult="-1" Type="1" State="4" Size="415360" Attr="rsAh" CreateDate="6/15/2005 10:39:24 AM" ChageDate="7/26/2005 7:01:56 AM" MD5="6D6FD2B7035D415621ACAF1E555C8B90" /> <ITEM File="C:\windows\system32\DRIVERS\rdbss.sys" Name="Rdbss" CheckResult="-1" Type="2" State="4" Size="174592" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="5/5/2006 4:47:57 AM" MD5="03B965B1CA47F6EF60EB5E51CB50E0AF" /> <ITEM File="C:\Program Files\SPYWAREfighter\spyfighter.sys" Name="SpyFighter" CheckResult="-1" Type="1" State="4" Size="8600" Attr="rsAh" CreateDate="6/8/2007 11:52:46 AM" ChageDate="6/8/2007 11:52:46 AM" MD5="07263F66EEF61331D9FBC0EEA316FF86" /> <ITEM File="C:\windows\system32\DRIVERS\srv.sys" Name="Srv" CheckResult="-1" Type="2" State="4" Size="332928" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/14/2006 5:34:41 AM" MD5="EA554A3FFC3F536FE8320EB38F5E4843" /> <ITEM File="C:\windows\system32\DRIVERS\wanatw4.sys" Name="wanatw" CheckResult="-1" Type="1" State="4" Size="33588" Attr="RsAh" CreateDate="1/10/2003 4:13:04 PM" ChageDate="1/10/2003 4:13:04 PM" MD5="0A716C08CB13C3A8F4F51E882DBF7416" /> <ITEM File="C:\windows\system32\drivers\wdmaud.sys" Name="wdmaud" CheckResult="-1" Type="1" State="4" Size="82944" Attr="rsAh" CreateDate="6/15/2005 10:40:03 AM" ChageDate="6/14/2006 4:00:45 AM" MD5="EFD235CA22B57C81118C1AEB4798F1C1" /> <ITEM File="Abiosdsk.sys" Name="Abiosdsk" CheckResult="-1" Type="1" State="1" /> <ITEM File="abp480n5.sys" Name="abp480n5" CheckResult="-1" Type="1" State="1" /> <ITEM File="adpu160m.sys" Name="adpu160m" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\windows\system32\drivers\aec.sys" Name="aec" CheckResult="-1" Type="1" State="1" Size="142464" Attr="rsAh" CreateDate="6/15/2005 10:39:55 AM" ChageDate="2/14/2006 7:22:26 PM" MD5="1EE7B434BA961EF845DE136224C30FEC" /> <ITEM File="Aha154x.sys" Name="Aha154x" CheckResult="-1" Type="1" State="1" /> <ITEM File="aic78u2.sys" Name="aic78u2" CheckResult="-1" Type="1" State="1" /> <ITEM File="aic78xx.sys" Name="aic78xx" CheckResult="-1" Type="1" State="1" /> <ITEM File="AliIde.sys" Name="AliIde" CheckResult="-1" Type="1" State="1" /> <ITEM File="amsint.sys" Name="amsint" CheckResult="-1" Type="1" State="1" /> <ITEM File="asc.sys" Name="asc" CheckResult="-1" Type="1" State="1" /> <ITEM File="asc3350p.sys" Name="asc3350p" CheckResult="-1" Type="1" State="1" /> <ITEM File="asc3550.sys" Name="asc3550" CheckResult="-1" Type="1" State="1" /> <ITEM File="Atdisk.sys" Name="Atdisk" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys" Name="catchme" CheckResult="-1" Type="1" State="1" /> <ITEM File="cd20xrnt.sys" Name="cd20xrnt" CheckResult="-1" Type="1" State="1" /> <ITEM File="Changer.sys" Name="Changer" CheckResult="-1" Type="1" State="1" /> <ITEM File="CmdIde.sys" Name="CmdIde" CheckResult="-1" Type="1" State="1" /> <ITEM File="Cpqarray.sys" Name="Cpqarray" CheckResult="-1" Type="1" State="1" /> <ITEM File="dac960nt.sys" Name="dac960nt" CheckResult="-1" Type="1" State="1" /> <ITEM File="dpti2o.sys" Name="dpti2o" CheckResult="-1" Type="1" State="1" /> <ITEM File="D:\Fxdrv.sys" Name="FXDRV" CheckResult="-1" Type="1" State="1" /> <ITEM File="hpn.sys" Name="hpn" CheckResult="-1" Type="1" State="1" /> <ITEM File="i2omgmt.sys" Name="i2omgmt" CheckResult="-1" Type="1" State="1" /> <ITEM File="i2omp.sys" Name="i2omp" CheckResult="-1" Type="1" State="1" /> <ITEM File="ini910u.sys" Name="ini910u" CheckResult="-1" Type="1" State="1" /> <ITEM File="IntelIde.sys" Name="IntelIde" CheckResult="-1" Type="1" State="1" /> <ITEM File="lbrtfdc.sys" Name="lbrtfdc" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\windows\system32\drivers\mferkdk.sys" Name="mferkdk" CheckResult="-1" Type="1" State="1" Size="32008" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:57:24 AM" MD5="4472CC5A38FB106751CB81883AE714D3" /> <ITEM File="mraid35x.sys" Name="mraid35x" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\windows\system32\DRIVERS\OmniUsb.sys" Name="OmniUsb" CheckResult="-1" Type="1" State="1" Size="28800" Attr="RsAh" CreateDate="1/5/2007 4:21:23 PM" ChageDate="9/22/2005 1:22:18 AM" MD5="E6622491F114B8C9CB179011D300C009" /> <ITEM File="C:\windows\system32\DRIVERS\OmniUsbl.sys" Name="OmniUsbl" CheckResult="-1" Type="1" State="1" Size="9696" Attr="RsAh" CreateDate="1/5/2007 4:21:23 PM" ChageDate="9/22/2005 1:22:18 AM" MD5="A20310E06FB9A26753979220FD50382C" /> <ITEM File="PCIDump.sys" Name="PCIDump" CheckResult="-1" Type="1" State="1" /> <ITEM File="PDCOMP.sys" Name="PDCOMP" CheckResult="-1" Type="1" State="1" /> <ITEM File="PDFRAME.sys" Name="PDFRAME" CheckResult="-1" Type="1" State="1" /> <ITEM File="PDRELI.sys" Name="PDRELI" CheckResult="-1" Type="1" State="1" /> <ITEM File="PDRFRAME.sys" Name="PDRFRAME" CheckResult="-1" Type="1" State="1" /> <ITEM File="perc2.sys" Name="perc2" CheckResult="-1" Type="1" State="1" /> <ITEM File="perc2hib.sys" Name="perc2hib" CheckResult="-1" Type="1" State="1" /> <ITEM File="ql1080.sys" Name="ql1080" CheckResult="-1" Type="1" State="1" /> <ITEM File="Ql10wnt.sys" Name="Ql10wnt" CheckResult="-1" Type="1" State="1" /> <ITEM File="ql12160.sys" Name="ql12160" CheckResult="-1" Type="1" State="1" /> <ITEM File="ql1240.sys" Name="ql1240" CheckResult="-1" Type="1" State="1" /> <ITEM File="ql1280.sys" Name="ql1280" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\windows\system32\Drivers\RDPWD.sys" Name="RDPWD" CheckResult="-1" Type="1" State="1" Size="139528" Attr="rsAh" CreateDate="6/14/2005 7:31:45 PM" ChageDate="6/9/2005 11:09:46 PM" MD5="B54CD38A9EBFBF2B3561426E3FE26F62" /> <ITEM File="C:\windows\system32\DRIVERS\secdrv.sys" Name="Secdrv" CheckResult="-1" Type="1" State="1" Size="20480" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="11/13/2007 5:25:53 AM" MD5="90A3935D05B494A5A39D37E71F09A677" /> <ITEM File="Simbad.sys" Name="Simbad" CheckResult="-1" Type="1" State="1" /> <ITEM File="Sparrow.sys" Name="Sparrow" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\windows\system32\drivers\splitter.sys" Name="splitter" CheckResult="-1" Type="1" State="1" Size="6400" Attr="rsAh" CreateDate="6/15/2005 10:40:04 AM" ChageDate="6/14/2006 3:47:46 AM" MD5="0CE218578FFF5F4F7E4201539C45C78F" /> <ITEM File="sym_hi.sys" Name="sym_hi" CheckResult="-1" Type="1" State="1" /> <ITEM File="sym_u3.sys" Name="sym_u3" CheckResult="-1" Type="1" State="1" /> <ITEM File="symc810.sys" Name="symc810" CheckResult="-1" Type="1" State="1" /> <ITEM File="symc8xx.sys" Name="symc8xx" CheckResult="-1" Type="1" State="1" /> <ITEM File="TosIde.sys" Name="TosIde" CheckResult="-1" Type="1" State="1" /> <ITEM File="ultra.sys" Name="ultra" CheckResult="-1" Type="1" State="1" /> <ITEM File="ViaIde.sys" Name="ViaIde" CheckResult="-1" Type="1" State="1" /> <ITEM File="WDICA.sys" Name="WDICA" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\windows\system32\DRIVERS\WudfPf.sys" Name="WudfPf" CheckResult="-1" Type="1" State="1" Size="77568" Attr="rsah" CreateDate="9/28/2006 5:55:50 PM" ChageDate="9/28/2006 5:55:50 PM" MD5="F15FEAFFFBB3644CCC80C5DA584E6311" /> </Drivers> - <AUTORUN> <ITEM File="C:\Program Files\AOL 9.0b\AOL.EXE" CheckResult="-1" Enabled="1" Type="REG" Size="50736" Attr="rsAh" CreateDate="4/18/2007 1:49:00 AM" ChageDate="4/18/2007 1:49:00 AM" MD5="8FC6A73DCBC27F310AB4CD9998AB8F17" X1="HKEY_CURRENT_USER" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="AOL Fast Start" /> <ITEM File="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" CheckResult="-1" Enabled="1" Type="REG" Size="80896" Attr="rsAh" CreateDate="8/22/2007 4:31:16 PM" ChageDate="8/22/2007 4:31:16 PM" MD5="941A08CBDEEDF16B6C986B6BA7C9A5D0" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="hpqSRMon" /> <ITEM File="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" CheckResult="-1" Enabled="1" Type="REG" Size="131072" Attr="rsAh" CreateDate="6/15/2005 10:39:44 AM" ChageDate="10/7/2004 7:53:06 PM" MD5="9A41CD3BEF74884C2C9E1269B8A6A566" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="NVMixerTray" /> <ITEM File="C:\Program Files\SPYWAREfighter\spftray.exe" CheckResult="-1" Enabled="1" Type="REG" Size="115608" Attr="rsAh" CreateDate="6/8/2007 11:52:18 AM" ChageDate="6/8/2007 11:52:18 AM" MD5="B98D723FBDF2508C8959258BD42F46E9" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="spywarefighterguard" /> <ITEM File="C:\Program Files\Windows Media Player\WMPNSCFG.exe" CheckResult="-1" Enabled="1" Type="REG" Size="204288" Attr="rsah" CreateDate="10/18/2006 7:05:26 PM" ChageDate="10/18/2006 7:05:26 PM" MD5="7EAED08CCCA4DDDE61A388C82598CFA9" X1="HKEY_CURRENT_USER" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="WMPNSCFG" /> <ITEM File="C:\WINDOWS\system32\WPDShServiceObj.dll" CheckResult="-1" Enabled="1" Type="REG" Size="133632" Attr="rsah" CreateDate="10/18/2006 8:47:22 PM" ChageDate="10/18/2006 8:47:22 PM" MD5="045E228F71C31901084B64BE59093499" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" X3="WPDShServiceObj" /> <ITEM File="C:\WINDOWS\system32\webcheck.dll" CheckResult="-1" Enabled="1" Type="REG" Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" X3="WebCheck" /> <ITEM File="C:\windows\system32\SHELL32.dll" CheckResult="-1" Enabled="1" Type="REG" Size="8460288" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/25/2007 10:34:01 PM" MD5="3BE4C2E84D99889685FE2B68E5FA2A9D" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" X3="PostBootReminder" /> <ITEM File="C:\windows\system32\SHELL32.dll" CheckResult="-1" Enabled="1" Type="REG" Size="8460288" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/25/2007 10:34:01 PM" MD5="3BE4C2E84D99889685FE2B68E5FA2A9D" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" X3="CDBurn" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" Type="REG" Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" X1="HKEY_LOCAL_MACHINE" X2="SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" X3="{438755C2-A8BA-11D1-B96B-00A0C90312E1}" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" Type="REG" Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" X1="HKEY_LOCAL_MACHINE" X2="SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" X3="{8C7461EF-2B13-11d2-BE35-3078302C2030}" /> <ITEM File="C:\windows\system32\dfrg.msc %c:" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath" X3="" /> <ITEM File="C:\windows\system32\iedkcs32.dll" CheckResult="-1" Enabled="1" Type="REG" Size="384512" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:52 PM" MD5="67E95C3DCF58CE1F94AE34C9FB498E22" X1="HKEY_LOCAL_MACHINE" X2="SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}" X3="DLLName" /> <ITEM File="C:\windows\system32\iedkcs32.dll" CheckResult="-1" Enabled="1" Type="REG" Size="384512" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:52 PM" MD5="67E95C3DCF58CE1F94AE34C9FB498E22" X1="HKEY_LOCAL_MACHINE" X2="SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}" X3="DLLName" /> <ITEM File="C:\windows\system32\schannel.dll" CheckResult="-1" Enabled="-1" Type="REG" Size="144896" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="4/25/2007 9:21:15 AM" MD5="532EA80E9F5452928F8426653215BE29" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Control\SecurityProviders" X3="SecurityProviders" /> <ITEM File="C:\windows\system32\shell32.dll" CheckResult="-1" Enabled="1" Type="REG" Size="8460288" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/25/2007 10:34:01 PM" MD5="3BE4C2E84D99889685FE2B68E5FA2A9D" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" X3="{AEB6717E-7E19-11d0-97EE-00C04FD91972}" /> <ITEM File="appmgmts.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}" X3="DLLName" /> <ITEM File="autocheck autochk *lsdelete" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Session Manager" X3="BootExecute" /> </AUTORUN> - <BHO> <ITEM File="" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" Descr="" LegalCopyright="" /> <ITEM File="C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{6548BF73-58FF-71D5-F97D-17C71E323709}" Descr="IntelligentAdvisor" LegalCopyright="©" Size="1019904" Attr="rsAh" CreateDate="12/11/2007 4:27:08 PM" ChageDate="12/11/2007 4:27:08 PM" MD5="EB37DA8025116FC1A2DDD2F93B700C5A" /> <ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" Descr="VSCore Script Scanner" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." Size="67136" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:44 AM" MD5="AAB55DDA71DA25DDED70FEA55B61CC19" /> <ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll" CheckResult="-1" Enabled="1" BHOType="3" RegKey="Software\Microsoft\Internet Explorer\Extensions" CLSID="CmdMapping" Descr="VSCore Script Scanner" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." Size="67136" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:44 AM" MD5="AAB55DDA71DA25DDED70FEA55B61CC19" /> <ITEM File="C:\windows\Network Diagnostic\xpnetdiag.exe" CheckResult="-1" Enabled="1" BHOType="3" RegKey="Software\Microsoft\Internet Explorer\Extensions" CLSID="{e2e2dd38-d088-4134-82b7-f2ba38496583}" Descr="Network Diagnostic for Windows XP" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="557568" Attr="rsah" CreateDate="12/9/2006 7:39:17 AM" ChageDate="10/10/2006 7:44:50 AM" MD5="CEBED017C4965FC4407CCD986AE0A528" /> <ITEM File="C:\Program Files\Messenger\MSMSGS.EXE" CheckResult="-1" Enabled="1" BHOType="3" RegKey="Software\Microsoft\Internet Explorer\Extensions" CLSID="{FB5F1910-F110-11d2-BB9E-00C04F795683}" Descr="Messenger" LegalCopyright="Copyright © Microsoft Corporation 1997-2003" Size="1498032" Attr="rsAh" CreateDate="4/14/2003 8:05:20 PM" ChageDate="4/14/2003 8:05:20 PM" MD5="F5C2F0308D0AA91457059EC7227A06F7" /> </BHO> - <ExplorerExt> <ITEM File="" CheckResult="-1" Enabled="1" ExtName="Display Panning CPL Extension" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{42071714-76d4-11d1-8b24-00a0c9068ff3}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtName="Shell extensions for file compression" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{764BF0E1-F219-11ce-972D-00AA00A14F56}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtName="Encryption Context Menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" Descr="" LegalCopyright="" /> <ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Set Program Access and Defaults" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" /> <ITEM File="C:\WINDOWS\system32\wuaucpl.cpl" CheckResult="-1" Enabled="1" ExtName="Auto Update Property Sheet Extension" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" Descr="Automatic Updates Control Panel" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="216408" Attr="rsAh" CreateDate="6/14/2005 7:33:20 PM" ChageDate="7/30/2007 6:19:28 PM" MD5="D7FA9A9750403CC68DC209CDE7C50D7A" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtName="Taskbar and Start Menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{0DF44EAA-FF21-4412-828E-260A8728E7F1}" Descr="" LegalCopyright="" /> <ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Search" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" /> <ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Help and Support" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" /> <ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Help and Support" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" /> <ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Run..." RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" /> <ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Internet" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" /> <ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="E-mail" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" /> <ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Fonts" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{D20EA4E1-3957-11d2-A40B-0C5020524152}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" /> <ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Administrative Tools" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{D20EA4E1-3957-11d2-A40B-0C5020524153}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Microsoft Internet Toolbar" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{5E6AB780-7743-11CF-A12B-00AA004AE837}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Download Status" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{22BF0C20-6DA7-11D0-B373-00A0C9034938}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Augmented Shell Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{91EA3F8B-C99B-11d0-9815-00C04FD91972}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Augmented Shell Folder 2" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{6413BA2C-B461-11d1-A18A-080036B11A03}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="BandProxy" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{F61FFEC1-754F-11d0-80CA-00AA005B4383}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Microsoft BrowserBand" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7BA4C742-9E81-11CF-99D3-00AA004AE837}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Search Band" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{30D02401-6A81-11d0-8274-00C04FD5AE38}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="In-pane search" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Web Search" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{07798131-AF23-11d1-9111-00A0C98BA67D}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Registry Tree Options Utility" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{AF4F6510-F982-11d0-8595-00AA004CD6D8}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="@amp;Address" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{01E04581-4EEE-11d0-BFE9-00AA005B4383}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Address EditBox" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{A08C11D2-A228-11d0-825B-00AA005B4383}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Microsoft AutoComplete" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00BB2763-6A77-11D0-A535-00C04FD7D062}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="TridentImageExtractor" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7376D660-C583-11d0-A3A5-00C04FD706EC}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="MRU AutoComplete List" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{6756A641-DE71-11d0-831B-00AA005B4383}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Custom MRU AutoCompleted List" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Accessible" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7e653215-fa25-46bd-a339-34a2790f3cb7}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Track Popup Bar" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{acf35015-526e-4230-9596-becbe19f0ac9}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Microsoft History AutoComplete List" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00BB2764-6A77-11D0-A535-00C04FD7D062}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Microsoft Shell Folder AutoComplete List" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{03C036F1-A186-11D0-824A-00AA005B4383}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Microsoft Multiple AutoComplete List Container" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00BB2765-6A77-11D0-A535-00C04FD7D062}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Shell Band Site Menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Shell DeskBarApp" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Shell DeskBar" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Shell Rebar BandSite" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="User Assist" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Global Folder Settings" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Favorites Band" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{EFA24E61-B078-11d0-89E4-00C04FC9E26E}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" /> <ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Shell Automation Inproc Service" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{0A89A860-D7B1-11CE-8350-444553540000}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="Shell DocObject Viewer" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Microsoft Browser Architecture" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="InternetShortcut" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="Microsoft Url History Service" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{3C374A40-BAE4-11CF-BF7D-00AA006946EE}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="History" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{FF393560-C2A7-11CF-BFF4-444553540000}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="Temporary Internet Files" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7BD29E00-76C1-11CF-9DD0-00A0C9034933}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="Temporary Internet Files" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7BD29E01-76C1-11CF-9DD0-00A0C9034933}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="Microsoft Url Search Hook" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="IE4 Suite Splash Screen" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" /> <ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="CDF Extension Copy Hook" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{67EA19A0-CCEF-11d0-8024-00C04FD75D13}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" /> <ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="ISFBand OC" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{131A6951-7F78-11D0-A979-00C04FD705A2}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" /> <ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Search Assistant OC" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{9461b922-3c5a-11d2-bf8b-00c04fb93661}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="The Internet" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="Internet Name Space" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{871C5380-42A0-1069-A2EA-08002B30309D}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Explorer Band" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{EFA24E64-B078-11d0-89E4-00C04FC9E26E}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" /> <ITEM File="C:\WINDOWS\system32\occache.dll" CheckResult="-1" Enabled="1" ExtName="ActiveX Cache Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{88C6C381-2E85-11D0-94DE-444553540000}" Descr="Object Control Viewer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="102400" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:59 PM" MD5="BFB113A5029E07C7307817A98835806D" /> <ITEM File="C:\WINDOWS\system32\webcheck.dll" CheckResult="-1" Enabled="1" ExtName="WebCheck" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" Descr="Web Site Monitor" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" /> <ITEM File="C:\WINDOWS\system32\webcheck.dll" CheckResult="-1" Enabled="1" ExtName="Subscription Mgr" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}" Descr="Web Site Monitor" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" /> <ITEM File="C:\WINDOWS\system32\webcheck.dll" CheckResult="-1" Enabled="1" ExtName="Subscription Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{F5175861-2688-11d0-9C5E-00AA00A45957}" Descr="Web Site Monitor" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" /> <ITEM File="C:\WINDOWS\system32\webcheck.dll" CheckResult="-1" Enabled="1" ExtName="WebCheckWebCrawler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{08165EA0-E946-11CF-9C87-00AA005127ED}" Descr="Web Site Monitor" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" /> <ITEM File="C:\windows\system32\webcheck.dll" CheckResult="-1" Enabled="1" ExtName="WebCheckChannelAgent" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}" Descr="Web Site Monitor" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" /> <ITEM File="C:\windows\system32\webcheck.dll" CheckResult="-1" Enabled="1" ExtName="TrayAgent" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}" Descr="Web Site Monitor" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" /> <ITEM File="C:\WINDOWS\system32\webcheck.dll" CheckResult="-1" Enabled="1" ExtName="Code Download Agent" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7D559C10-9FE9-11d0-93F7-00AA0059CE02}" Descr="Web Site Monitor" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" /> <ITEM File="C:\windows\system32\webcheck.dll" CheckResult="-1" Enabled="1" ExtName="ConnectionAgent" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}" Descr="Web Site Monitor" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" /> <ITEM File="C:\windows\system32\webcheck.dll" CheckResult="-1" Enabled="1" ExtName="PostAgent" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{D8BD2030-6FC9-11D0-864F-00AA006809D9}" Descr="Web Site Monitor" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" /> <ITEM File="C:\WINDOWS\system32\webcheck.dll" CheckResult="-1" Enabled="1" ExtName="WebCheck SyncMgr Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}" Descr="Web Site Monitor" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" /> <ITEM File="rundll32.exe C:\windows\system32\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4}" CheckResult="-1" Enabled="1" ExtName="Autoplay for SlideShow" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtName="User Accounts" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7A9D77BD-5403-11d2-8785-2E0420524153}" Descr="" LegalCopyright="" /> <ITEM File="C:\WINDOWS\system32\extmgr.dll" CheckResult="-1" Enabled="1" ExtName="Extensions Manager Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{692F0339-CBAA-47e6-B5B5-3B84DB604E87}" Descr="Extensions Manager" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="132608" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:51 PM" MD5="DB300F1EDD5DB9EA6A8552867C36EC77" /> <ITEM File="C:\WINDOWS\system32\wmpshell.dll" CheckResult="-1" Enabled="1" ExtName="Windows Media Player Burn Audio CD Context Menu Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{8DD448E6-C188-4aed-AF92-44956194EB1F}" Descr="Windows Media Player Launcher" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="99840" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/18/2006 8:47:20 PM" MD5="EC4857574F466CB8E8D7AF92D7830A56" /> <ITEM File="C:\WINDOWS\system32\wmpshell.dll" CheckResult="-1" Enabled="1" ExtName="Windows Media Player Play as Playlist Context Menu Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}" Descr="Windows Media Player Launcher" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="99840" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/18/2006 8:47:20 PM" MD5="EC4857574F466CB8E8D7AF92D7830A56" /> <ITEM File="C:\WINDOWS\system32\wmpshell.dll" CheckResult="-1" Enabled="1" ExtName="Windows Media Player Add to Playlist Context Menu Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}" Descr="Windows Media Player Launcher" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="99840" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/18/2006 8:47:20 PM" MD5="EC4857574F466CB8E8D7AF92D7830A56" /> <ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Shell Search Band" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{21569614-B795-46b1-85F4-E737A8DC09AD}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Microsoft BrowserBand" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{07C45BB1-4A8C-4642-A1F5-237E7215FF66}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Fade Task" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{1C1EDB47-CE22-4bbb-B608-77B48F83C823}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Menu Desk Bar" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{205D7A97-F16D-4691-86EF-F3075DCCA57D}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE AutoComplete" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{3028902F-6374-48b2-8DC6-9725E775B926}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Navigation Bar" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{43886CD5-6529-41c4-A707-7B3C92C05E68}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Menu Site" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{44C76ECD-F7FA-411c-9929-1B77BA77F524}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Menu Band" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{4B78D326-D922-44f9-AF2A-07805C2A3560}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Microsoft History AutoComplete List" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{6038EF75-ABFC-4e59-AB6F-12D397F6568D}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Tracking Shell Menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE IShellFolderBand" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{6CF48EF8-44CD-45d2-8832-A16EA016311B}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE BandProxy" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{73CFD649-CD48-4fd8-A272-2070EA56526B}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE MRU AutoComplete List" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE RSS Feeder Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Microsoft Shell Folder AutoComplete List" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Microsoft Multiple AutoComplete List Container" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{B31C5FAE-961F-415b-BAF0-E697A5178B94}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="Microsoft Browser Architecture" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Shell Rebar BandSite" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Shell Band Site Menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E6EE9AAC-F76B-4947-8260-A9F136138E11}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="@amp;Links" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{F2CF5485-4E02-4f68-819C-B92DE9277049}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Registry Tree Options Utility" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE User Assist" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Custom MRU AutoCompleted List" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" /> <ITEM File="C:\windows\system32\wpdshext.dll" CheckResult="-1" Enabled="1" ExtName="Portable Devices" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{35786D3C-B075-49b9-88DD-029876E11C01}" Descr="Portable Devices Shell Extension" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="2603008" Attr="rsah" CreateDate="10/18/2006 8:47:22 PM" ChageDate="10/18/2006 8:47:22 PM" MD5="81D2A27C916C7830743E4AFA454099F7" /> <ITEM File="C:\windows\system32\wpdshext.dll" CheckResult="-1" Enabled="1" ExtName="Portable Devices Menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}" Descr="Portable Devices Shell Extension" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="2603008" Attr="rsah" CreateDate="10/18/2006 8:47:22 PM" ChageDate="10/18/2006 8:47:22 PM" MD5="81D2A27C916C7830743E4AFA454099F7" /> <ITEM File="C:\windows\system32\Audiodev.dll" CheckResult="-1" Enabled="1" ExtName="Portable Media Devices" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{640167b4-59b0-47a6-b335-a6b3c0695aea}" Descr="Portable Media Devices Shell Extension" LegalCopyright="Copyright © Microsoft Corporation. All rights reserved." Size="276992" Attr="rsah" CreateDate="9/22/2004 5:45:36 PM" ChageDate="10/18/2006 8:47:08 PM" MD5="4C48F1B30A82583CAEE0DA02DD7259EE" /> <ITEM File="C:\WINDOWS\system32\mscoree.dll" CheckResult="-1" Enabled="1" ExtName="Fusion Cache" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{1D2680C9-0E2A-469d-B787-065558BC7D43}" Descr="Microsoft .NET Runtime Execution Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="271360" Attr="rsAh" CreateDate="3/13/2007 8:54:08 PM" ChageDate="3/13/2007 8:54:08 PM" MD5="CE3FB88207EE4D3C8BD55EB869585144" /> </ExplorerExt> - <PrintEXT> <ITEM File="C:\windows\system32\hpz3l463.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="LanguageMonitor" LegalCopyright="Copyright © 1999" Size="38400" Attr="rsAh" CreateDate="4/7/2007 9:28:13 PM" ChageDate="3/22/2006 8:10:18 PM" MD5="D9CBE3BD7A91FB6731F343C003C3D52D" /> <ITEM File="C:\windows\system32\hpz3l4pi.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="LanguageMonitor" LegalCopyright="Copyright © 1999" Size="48128" Attr="rsAh" CreateDate="4/7/2007 6:55:22 PM" ChageDate="6/3/2006 8:29:16 PM" MD5="37EAAE02EBF3B89F4F7BD1D40761F80B" /> </PrintEXT> - <TaskScheduler> <ITEM File="c:\PROGRA~1\mcafee\mqc\QcConsol.exe" CheckResult="-1" Enabled="4235908" Descr="QuickClean Console Application" LegalCopyright="Copyright © 2006 McAfee, Inc." Size="136744" Attr="rsAh" CreateDate="12/7/2007 2:13:59 AM" ChageDate="1/17/2007 6:02:10 PM" MD5="9D3D28FF398533B5DCDA638F0794AE8A" /> <ITEM File="c:\PROGRA~1\mcafee\mqc\QcConsol.exe" CheckResult="-1" Enabled="4235908" Descr="QuickClean Console Application" LegalCopyright="Copyright © 2006 McAfee, Inc." Size="136744" Attr="rsAh" CreateDate="12/7/2007 2:13:59 AM" ChageDate="1/17/2007 6:02:10 PM" MD5="9D3D28FF398533B5DCDA638F0794AE8A" /> <ITEM File="C:\Program Files\RegCure\RegCure.exe" CheckResult="-1" Enabled="4235908" Descr="RegCure Application" LegalCopyright="Copyright © 2006" Size="11511104" Attr="rsAh" CreateDate="8/2/2007 11:20:34 AM" ChageDate="8/2/2007 11:20:34 AM" MD5="1E70230570407FA2899D27AE31A8E407" /> <ITEM File="C:\Program Files\RegCure\RegCure.exe" CheckResult="-1" Enabled="4235908" Descr="RegCure Application" LegalCopyright="Copyright © 2006" Size="11511104" Attr="rsAh" CreateDate="8/2/2007 11:20:34 AM" ChageDate="8/2/2007 11:20:34 AM" MD5="1E70230570407FA2899D27AE31A8E407" /> <ITEM File="C:\Program Files\SpywareBot\SpywareBot.exe" CheckResult="-1" Enabled="4235908" Descr="" LegalCopyright="" /> </TaskScheduler> - <DPF> <ITEM File="C:\WINDOWS\Downloaded Program Files\fscax.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="{0B79F48A-E8D6-11DB-9283-E25056D89593}" CodeBase="http://support.f-secure.com/ols/fscax.cab" Descr="fscax module" LegalCopyright="© 2005-2006 F-Secure Corporation. All rights reserved." Size="254360" Attr="rsAh" CreateDate="5/7/2007 4:39:24 PM" ChageDate="5/7/2007 4:39:24 PM" MD5="D5199825510E4C4F97DC93B7BC3B1A8A" /> </DPF> - <CPL> <ITEM File="C:\windows\system32\inetcpl.cpl" CheckResult="-1" Enabled="1" Descr="Internet Control Panel" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1831424" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:55 PM" MD5="CB43139D9583655AC66C0D02B882FB81" /> <ITEM File="C:\windows\system32\wuaucpl.cpl" CheckResult="-1" Enabled="1" Descr="Automatic Updates Control Panel" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="216408" Attr="rsAh" CreateDate="6/14/2005 7:33:20 PM" ChageDate="7/30/2007 6:19:28 PM" MD5="D7FA9A9750403CC68DC209CDE7C50D7A" /> </CPL> - <ActiveSetup> <ITEM File="C:\WINDOWS\system32\ieudinit.exe" CheckResult="-1" Enabled="1" RegKey="Software\Microsoft\Active Setup\Installed Components" CLSID="@lt;{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}" Descr="IE Per User Active Setup Uninstall Utility" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="13824" Attr="rsAh" CreateDate="11/7/2006 3:26:32 AM" ChageDate="10/10/2007 5:59:40 AM" MD5="324ECD19DB11EBDBA37E1F69D887B565" /> <ITEM File="C:\WINDOWS\inf\unregmp2.exe" CheckResult="-1" Enabled="1" RegKey="Software\Microsoft\Active Setup\Installed Components" CLSID="@gt;{22d6f312-b0f6-11d0-94ab-0080c74c7e95}" Descr="Microsoft Windows Media Player Setup Utility" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="317440" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="6/26/2007 9:10:26 PM" MD5="D0CB8DEAF008D7CDC794EF6A37EC8134" /> <ITEM File="C:\WINDOWS\system32\ie4uinit.exe" CheckResult="-1" Enabled="1" RegKey="Software\Microsoft\Active Setup\Installed Components" CLSID="@gt;{26923b43-4d38-484f-9b9e-de460746276c}" Descr="IE Per-User Initialization Utility" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="70656" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 5:59:40 AM" MD5="5082EB7CEBC228028E5326D1CB05B925" /> <ITEM File="C:\windows\system32\IEDKCS32.DLL" CheckResult="-1" Enabled="1" RegKey="Software\Microsoft\Active Setup\Installed Components" CLSID="@gt;{60B49E34-C7CC-11D0-8953-00A0C90347FF}" Descr="IEAK branding" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="384512" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:52 PM" MD5="67E95C3DCF58CE1F94AE34C9FB498E22" /> <ITEM File="C:\windows\system32\IEDKCS32.DLL" CheckResult="-1" Enabled="1" RegKey="Software\Microsoft\Active Setup\Installed Components" CLSID="@gt;{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS" Descr="IEAK branding" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="384512" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:52 PM" MD5="67E95C3DCF58CE1F94AE34C9FB498E22" /> <ITEM File="C:\windows\system32\advpack.dll" CheckResult="-1" Enabled="1" RegKey="Software\Microsoft\Active Setup\Installed Components" CLSID="{44BBA842-CC51-11CF-AAFA-00AA00B6015B}" Descr="ADVPACK" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="124928" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:51 PM" MD5="30210D3B6AA569B78FA0EA1E1E8A5A70" /> <ITEM File="C:\windows\system32\advpack.dll" CheckResult="-1" Enabled="1" RegKey="Software\Microsoft\Active Setup\Installed Components" CLSID="{5945c046-1e7d-11d1-bc44-00c04fd912be}" Descr="ADVPACK" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="124928" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:51 PM" MD5="30210D3B6AA569B78FA0EA1E1E8A5A70" /> <ITEM File="C:\windows\system32\advpack.dll" CheckResult="-1" Enabled="1" RegKey="Software\Microsoft\Active Setup\Installed Components" CLSID="{6BF52A52-394A-11d3-B153-00C04F79FAA6}" Descr="ADVPACK" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="124928" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:51 PM" MD5="30210D3B6AA569B78FA0EA1E1E8A5A70" /> <ITEM File="C:\WINDOWS\system32\ie4uinit.exe" CheckResult="-1" Enabled="1" RegKey="Software\Microsoft\Active Setup\Installed Components" CLSID="{89820200-ECBD-11cf-8B85-00AA005B4383}" Descr="IE Per-User Initialization Utility" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="70656" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 5:59:40 AM" MD5="5082EB7CEBC228028E5326D1CB05B925" /> </ActiveSetup> - <HOSTS> <ITEM Line="127.0.0.1 localhost" /> </HOSTS> - <SuspFiles> <ITEM File="C:\windows\system32\drivers\mfehidk.sys" VirType="4" Descr="Kernel-mode hook" /> <ITEM File="C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe" VirType="2" Descr="Suspicion for Backdoor.Win32.JustJoke.26.a ( 07EF7DDB 05203645 00241305 0018D5B8 466944)" /> <ITEM File="C:\windows\system32\iertutil.dll" VirType="5" Descr="Suspicion for a Keylogger or Trojan DLL" /> </SuspFiles> - <RK_KM> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtCreateFile" FIndx="37" HookPtr="8056D3CA" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtCreateKey" FIndx="41" HookPtr="80618E86" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtCreateProcess" FIndx="47" HookPtr="805C5F8E" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtDeleteKey" FIndx="63" HookPtr="80619316" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtDeleteValueKey" FIndx="65" HookPtr="806194E6" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtMapViewOfSection" FIndx="108" HookPtr="805A6206" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtOpenKey" FIndx="119" HookPtr="8061A21C" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtProtectVirtualMemory" FIndx="137" HookPtr="805AC78E" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtRenameKey" FIndx="192" HookPtr="806188AC" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtSetValueKey" FIndx="247" HookPtr="80617546" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtTerminateProcess" FIndx="257" HookPtr="805C776C" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtUnmapViewOfSection" FIndx="267" HookPtr="805A701C" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtYieldExecution" FIndx="278" HookPtr="8050189C" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="" FIndx="739" HookPtr="805C0320" HookType="3" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="" FIndx="752" HookPtr="805C0320" HookType="3" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtCreateFile" FIndx="37" HookPtr="8056D3CA" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtCreateKey" FIndx="41" HookPtr="80618E86" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtCreateProcess" FIndx="47" HookPtr="805C5F8E" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtDeleteKey" FIndx="63" HookPtr="80619316" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtDeleteValueKey" FIndx="65" HookPtr="806194E6" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtMapViewOfSection" FIndx="108" HookPtr="805A6206" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtOpenKey" FIndx="119" HookPtr="8061A21C" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtProtectVirtualMemory" FIndx="137" HookPtr="805AC78E" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtRenameKey" FIndx="192" HookPtr="806188AC" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtSetValueKey" FIndx="247" HookPtr="80617546" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtTerminateProcess" FIndx="257" HookPtr="805C776C" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtUnmapViewOfSection" FIndx="267" HookPtr="805A701C" HookType="2" /> <ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtYieldExecution" FIndx="278" HookPtr="8050189C" HookType="2" /> </RK_KM> - <KEYLOGGER> <ITEM File="C:\windows\system32\iertutil.dll" Verdict="" CheckResult="-1" Size="267776" Attr="rsAh" CreateDate="10/17/2006 11:57:20 AM" ChageDate="10/10/2007 6:55:55 PM" MD5="AF67AAB4ECC886EAAB6912A53FA717DB" /> </KEYLOGGER> </AVZ>
  4. I hope you had a great Christmas....and really hope you have fixed your problems. Here are the two files from AVZ4 Thanks, Joy
  5. Hello, Here are the other two...not sure I did this right Joy avz_log.txt avz_log2.txt
  6. Here is the first one working on the other one Joy "Silent Runners.vbs", revision 55, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\windows\system32\ctfmon.exe" [MS] "WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS] "AOL Fast Start" = ""C:\Program Files\AOL 9.0b\AOL.EXE" -b" ["AOL, LLC."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "NVMixerTray" = ""C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"" ["NVIDIA Corporation"] "ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"] "spywarefighterguard" = "C:\Program Files\SPYWAREfighter\spftray.exe" ["SPAMfighter"] "HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Development Company, L.P."] "hpqSRMon" = "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" ["Hewlett-Packard"] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\ >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express" \StubPath = "C:\windows\system32\shmgrate.exe OCInstallUserConfigOE" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {6548BF73-58FF-71D5-F97D-17C71E323709}\(Default) = (no title provided) -> {HKLM...CLSID} = "IntelligentAdvisor" \InProcServer32\(Default) = "C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll" [empty string] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] {7DB2D5A0-7241-4E79-B68D-6309F01C5231}\(Default) = "scriptproxy" -> {HKLM...CLSID} = "scriptproxy" \InProcServer32\(Default) = "c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll" ["McAfee, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing LP"] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing LP"] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing LP"] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing LP"] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\ <<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ MCVSRIGHTCLICKSCANNER\(Default) = "{162EFDC5-2957-465D-887B-590AF4A7E84D}" -> {HKLM...CLSID} = "McVSRightclickScanner Class" \InProcServer32\(Default) = "c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll" ["McAfee, Inc."] SPYWAREfighter\(Default) = "{44CB577A-837C-4C36-9C8D-80A1639B9333}" -> {HKLM...CLSID} = "SpywarefighterExt Class" \InProcServer32\(Default) = "C:\Program Files\SPYWAREfighter\spfext.dll" ["Spamfighter"] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing LP"] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing LP"] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ MCVSRIGHTCLICKSCANNER\(Default) = "{162EFDC5-2957-465D-887B-590AF4A7E84D}" -> {HKLM...CLSID} = "McVSRightclickScanner Class" \InProcServer32\(Default) = "c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll" ["McAfee, Inc."] SPYWAREfighter\(Default) = "{44CB577A-837C-4C36-9C8D-80A1639B9333}" -> {HKLM...CLSID} = "SpywarefighterExt Class" \InProcServer32\(Default) = "C:\Program Files\SPYWAREfighter\spfext.dll" ["Spamfighter"] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing LP"] Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Startup items in "user" & "All Users" startup folders: ------------------------------------------------------ C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] Enabled Scheduled Tasks: ------------------------ "McDefragTask" -> launches: "c:\PROGRA~1\mcafee\mqc\QcConsol.exe "C:\WINDOWS\system32\defrag.exe" C: -f" ["McAfee, Inc."] "McQcTask" -> launches: "c:\PROGRA~1\mcafee\mqc\QcConsol.exe 14 0" ["McAfee, Inc."] "RegCure Program Check" -> launches: "C:\Program Files\RegCure\RegCure.exe ShowReminders" [null data] "RegCure" -> launches: "C:\Program Files\RegCure\RegCure.exe -t" [null data] "SpywareBot Scheduled Scan" -> launches: "C:\Program Files\SpywareBot\SpywareBot.exe scheduled" [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided) -> {HKLM...CLSID} = "Real.com" \InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."] {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ "ButtonText" = "Real.com" {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft AB"] AOL Connectivity Service, AOL ACS, ""C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"" ["AOL LLC"] McAfee HackerWatch Service, McAfee HackerWatch Service, ""C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"" ["McAfee, Inc."] McAfee Network Agent, McNASvc, ""c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe"" ["McAfee, Inc."] McAfee Personal Firewall Service, MpfService, ""C:\Program Files\McAfee\MPF\MPFSrv.exe"" ["McAfee, Inc."] McAfee Privacy Service, MPS9, "C:\PROGRA~1\McAfee\MPS\mps.exe" ["McAfee, Inc."] McAfee Protection Manager, mcpromgr, "C:\PROGRA~1\McAfee\MSC\mcpromgr.exe" ["McAfee, Inc."] McAfee Proxy Service, McProxy, "c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe" ["McAfee, Inc."] McAfee Real-time Scanner, McShield, "C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe" ["McAfee, Inc."] McAfee Redirector Service, McRedirector, "c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe" ["McAfee, Inc."] McAfee Scanner, McODS, "C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe" ["McAfee, Inc."] McAfee Services, mcmscsvc, "C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe" ["McAfee, Inc."] McAfee SystemGuards, McSysmon, "C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe" ["McAfee, Inc."] NVIDIA Display Driver Service, NVSvc, "C:\windows\system32\nvsvc32.exe" ["NVIDIA Corporation"] Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"] SPYWAREfighterRP, SPYWAREfighterRP, ""C:\Program Files\SPYWAREfighter\spfprc.exe"" ["SpamFighter APS"] Windows Media Player Network Sharing Service, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\WMPNetwk.exe"" [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ PCL hpz3l463\Driver = "hpz3l463.dll" ["Hewlett-Packard Company"] PCL hpz3l4pi\Driver = "hpz3l4pi.dll" ["Hewlett-Packard Company"] ---------- (launch time: 2007-12-24 11:35:21) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 53 seconds. ---------- (total run time: 110 seconds)
  7. Hello, Yes still have setthetrend.com and same problems at boot up Thanks, Joy
  8. not sure if this is right. it is very big Scan Results Ad-Aware 2007 Free Edition Log File Created on:2007-12-2214:19:52 Using Definitions File:C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef Computer name:GLENDA Name of user performing scan:SYSTEM Name of user ordering scan:user Scan completed successfully System Information File Version Information Ad-Aware 2007 Settings Extended Ad-Aware 2007 Settings Database Information Scan Statistics Scan Detailed Statistics Infections Found Listing of running processes System Information Number of processors:1 Processor type:AMD Athlon 64 Processor 3000+ Memory Available:60% Total Physical Memory:1073201152 Bytes Available Physical Memory:642367488 Bytes Total Page File Size:3115118592 Bytes Available On Page File:2641514496 Bytes Total Virtual Memory:2147352576 Bytes Available Virtual Memory:1977987072 Bytes OS:Microsoft Windows XP 5.1 (Build 2600) [to top] File Verion Information File Version CEAPI.dll 7, 0, 2, 3 aawservice.exe 7, 0, 2, 5 Ad-Aware2007.exe 7.0.2.5 [to top] Ad-Aware 2007 Settings Skipping files larger than:1048576 Bytes Ignoring infections with lower TAI than:3 Safe Mode:False [to top] Extended Ad-Aware 2007 Settings Unload malicious processes and modules Unload Modules Let Windows remove files at Start-Up Deactivate Ad-Watch Re-analyze Scan Result Delete Restored Items Write Protect System Files Create Log file Include basic settings Include advanced settings Include user and computer name Environment information Running processes Running processes and modules Include info about ignored objects in log file Consider definitions File Outdated after x days Proxy URL Proxy Port [to top] Database Info Version number:40 Build Number:0 Build Date and Time:2007/12/1702:47:35 [to top] Scan Statistics Method:Smart Items Scanned:136161 Infections Detected:113 Infections Removed:0 Infections Quarantined:0 Infections Ignored:0 [to top] Scan Detailed Statistics Type Critical Total Process Scan 0 0 Registry Scan 0 0 Registry PE Scan 0 0 Hosts Scan 0 0 File Scan 0 0 Folder Scan 0 0 LSP Scan 0 0 ADS Scan 0 0 Cookie Scan 111 111 File Hash Scan 0 0 [to top] Infections Found Family Id Name Category TAI 725 Tracking Cookie DataMiner 3 [600000126] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ehg-bestbuy.hitbox.com WSS_MIGRATION / [600000126] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ehg-bestbuy.hitbox.com DM540724E8RDV6 / [600000179] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat atdmt.com AA002 / [600000190] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat www.googleadservices.com Conversion /pagead/conversion/1071654568/ [600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat tacoda.net TID / [600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat tacoda.net ANRTT / [600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat tacoda.net TData / [600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat tacoda.net Anxd / [600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat tacoda.net Tcc / [600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat tacoda.net Tsid / [600000050] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat tribalfusion.com ANON_ID / [600000144] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat doubleclick.net id / [600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat anad.tacoda.net /PC / [600000263] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat mediaplex.com svid / [600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 3.adbrite.com ihc_34742 / [600000555] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat insightexpressai.com IXAIBanners895 / [600000555] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat insightexpressai.com lastInviteTime / [600000555] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat insightexpressai.com IXAIinvited895 / [600000555] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat insightexpressai.com IXAIBannerCounter25863 / [600000555] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat insightexpressai.com IXAIControlCounter895 / [600000555] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat insightexpressai.com IXAIBanners875 / [600000555] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat insightexpressai.com IXAIBannerCounter24908 / [600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat revsci.net NETID01 / [600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat revsci.net NETSEGS_J05532 / [600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net pjw / [600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net m2 / [600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net adv_ic / [600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net pluto / [600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net m1 / [600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net m3 / [600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net vt / [600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net m6 / [600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net m8 / [600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net zru / [600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat fastclick.net rt / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adopt.specificclick.net DMEXP / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adopt.specificclick.net CTCI / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adopt.specificclick.net HS / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adopt.specificclick.net DGI / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adopt.specificclick.net UI / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adopt.specificclick.net LO / [600000175] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat bilbo.counted.com C_Bilbo60696 / [600000175] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat bilbo.counted.com C_Bilbo_pe_60696 / [600000052] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat trafficmp.com dly2 / [600000052] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat trafficmp.com dmg2 / [600000052] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat trafficmp.com hst2 / [600000052] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat trafficmp.com rth / [600000052] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat trafficmp.com uid2 / [600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adbrite.com Apache / [600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adbrite.com b / [600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.revsci.net rsi_us_1000000 /adserver [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMID / [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMPS / [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMPP / [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMPH / [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMFP / [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMX2 / [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMCLICK2 / [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMX1 / [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMS / [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMIMP / [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMX3 / [600000434] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat casalemedia.com CMCLICK3 / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat specificclick.net dmc / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat specificclick.net dmk / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat specificclick.net smc / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat specificclick.net smk / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat specificclick.net dmp / [600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat specificclick.net smx / [600000126] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat hitbox.com CTG / [600000126] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat hitbox.com WSS_GW / [600000101] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat overture.com ConvData / [600000101] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat overture.com UserData / [600000457] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adopt.euroclick.com NSC_mc-bepqu.fvspdmjdl.dpn-iuuq / [600000093] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.pointroll.com PRID / [600000093] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.pointroll.com PRimp / [600000093] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.pointroll.com PRca / [600000093] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.pointroll.com PRcp / [600000093] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.pointroll.com PRpl / [600000093] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.pointroll.com PRcr / [600000093] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ads.pointroll.com PRpc / [600000085] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat questionmarket.com ES / [600000085] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat questionmarket.com CS1 / [600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_nx60cfalcfjax7Bbnfc / [600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_kefx7Dofiego / [600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_gijupe / [600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_oabhjamfx7Dzx7Cgx7Ex7D / [600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_zx7Cgnefkhe / [600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_x7Fybhizix60cx7Cix7E / [600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_usheik / [600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat 2o7.net s_vi_hex7Foczix7Eomx7Eh / [600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat zedo.com ZEDOIDX / [600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat zedo.com ZEDOIDA / [600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat zedo.com geo / [600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat zedo.com FFChanCap / [600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat zedo.com PI / [600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat zedo.com FFbh / [600000083] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat network.realmedia.com NSC_f4pbto1efm_qppm_iuuqt / [600000083] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat realmedia.com RMID / [600000083] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat realmedia.com RMFL / [600000083] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat realmedia.com NXCLICK2 / [600000201] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat media.adrevolver.com BIGipServerar-slave / [600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ad.yieldmanager.com uid / [600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ad.yieldmanager.com bh / [600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat ad.yieldmanager.com fl_inst / [600000201] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat adrevolver.com adrev_adpath / [600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat advertising.com ACID / [600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat advertising.com C2 / [600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat advertising.com BASE / [600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat advertising.com ROLL / [600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\user\Cookies\index.dat advertising.com F1 / 9999 MRU Object MRU Object 0 [1] MRU Path: C:\Documents and Settings\user\Recent Count: 5 [3] MRU Registry Key: S-1-5-21-583907252-1500820517-725345543-1004\Software\Microsoft\Internet Explorer\TypedURLs Count: 3 Quarantined Objects Family Id Name Category TAI Removed Objects Family Id Name Category TAI [to top] Listing of Running Processes C:\WINDOWS\SYSTEM32\SMSS.EXE c:\windows\system32\smss.exe c:\windows\system32\ntdll.dll C:\WINDOWS\SYSTEM32\CSRSS.EXE c:\windows\system32\csrss.exe c:\windows\system32\ntdll.dll c:\windows\system32\csrsrv.dll c:\windows\system32\basesrv.dll c:\windows\system32\winsrv.dll c:\windows\system32\gdi32.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\sxs.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll C:\WINDOWS\SYSTEM32\WINLOGON.EXE c:\windows\system32\winlogon.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\authz.dll c:\windows\system32\msvcrt.dll c:\windows\system32\crypt32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\nddeapi.dll c:\windows\system32\profmap.dll c:\windows\system32\netapi32.dll c:\windows\system32\userenv.dll c:\windows\system32\psapi.dll c:\windows\system32\regapi.dll c:\windows\system32\secur32.dll c:\windows\system32\setupapi.dll c:\windows\system32\version.dll c:\windows\system32\winsta.dll c:\windows\system32\wintrust.dll c:\windows\system32\imagehlp.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\imm32.dll c:\windows\system32\msgina.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\comctl32.dll c:\windows\system32\odbc32.dll c:\windows\system32\comdlg32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\odbcint.dll c:\windows\system32\shsvcs.dll c:\windows\system32\sfc.dll c:\windows\system32\sfc_os.dll c:\windows\system32\ole32.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\winscard.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\sxs.dll c:\windows\system32\uxtheme.dll c:\windows\system32\winmm.dll c:\windows\system32\ati2evxx.dll c:\windows\system32\rsaenh.dll c:\windows\system32\cscdll.dll c:\windows\system32\wlnotify.dll c:\windows\system32\winspool.drv c:\windows\system32\mpr.dll c:\windows\system32\wgalogon.dll c:\windows\system32\oleaut32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\cscui.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\wdmaud.drv c:\windows\system32\msacm32.drv c:\windows\system32\msacm32.dll c:\windows\system32\midimap.dll C:\WINDOWS\SYSTEM32\SERVICES.EXE c:\windows\system32\services.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\userenv.dll c:\windows\system32\scesrv.dll c:\windows\system32\authz.dll c:\windows\system32\umpnpmgr.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\ncobjapi.dll c:\windows\system32\msvcp60.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acadproc.dll c:\windows\system32\imm32.dll c:\windows\system32\secur32.dll c:\windows\system32\apphelp.dll c:\windows\system32\version.dll c:\windows\system32\eventlog.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\psapi.dll c:\windows\system32\wtsapi32.dll C:\WINDOWS\SYSTEM32\LSASS.EXE c:\windows\system32\lsass.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\lsasrv.dll c:\windows\system32\mpr.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\msvcrt.dll c:\windows\system32\netapi32.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\dnsapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\wldap32.dll c:\windows\system32\secur32.dll c:\windows\system32\samlib.dll c:\windows\system32\samsrv.dll c:\windows\system32\cryptdll.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\msprivs.dll c:\windows\system32\kerberos.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\netlogon.dll c:\windows\system32\w32time.dll c:\windows\system32\msvcp60.dll c:\windows\system32\schannel.dll c:\windows\system32\crypt32.dll c:\windows\system32\wdigest.dll c:\windows\system32\rsaenh.dll c:\windows\system32\scecli.dll c:\windows\system32\setupapi.dll c:\windows\system32\ipsecsvc.dll c:\windows\system32\authz.dll c:\windows\system32\oakley.dll c:\windows\system32\winipsec.dll c:\windows\system32\pstorsvc.dll c:\windows\system32\psbase.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\dssenh.dll C:\WINDOWS\SYSTEM32\SVCHOST.EXE c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\rpcss.dll c:\windows\system32\secur32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\apphelp.dll c:\windows\system32\termsrv.dll c:\windows\system32\icaapi.dll c:\windows\system32\setupapi.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\authz.dll c:\windows\system32\mstlsapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\atl.dll c:\windows\system32\regapi.dll c:\windows\system32\rsaenh.dll c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\rpcss.dll c:\windows\system32\secur32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\rsaenh.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\dnsapi.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\winrnr.dll c:\windows\system32\wldap32.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\shsvcs.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\dhcpcsvc.dll c:\windows\system32\dnsapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\secur32.dll c:\windows\system32\rsaenh.dll c:\windows\system32\wzcsvc.dll c:\windows\system32\rtutils.dll c:\windows\system32\wmi.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\esent.dll c:\windows\system32\atl.dll c:\windows\system32\rastls.dll c:\windows\system32\cryptui.dll c:\windows\system32\wintrust.dll c:\windows\system32\imagehlp.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\setupapi.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\tapi32.dll c:\windows\system32\schannel.dll c:\windows\system32\winscard.dll c:\windows\system32\raschap.dll c:\windows\system32\msv1_0.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\msvcp60.dll c:\windows\system32\wzcsapi.dll c:\windows\system32\schedsvc.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\msidle.dll c:\windows\system32\audiosrv.dll c:\windows\system32\wkssvc.dll c:\windows\system32\qmgr.dll c:\windows\system32\mpr.dll c:\windows\system32\shfolder.dll c:\windows\system32\winhttp.dll c:\windows\system32\cryptsvc.dll c:\windows\system32\certcli.dll c:\windows\system32\ersvc.dll c:\windows\system32\es.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\pchealth\helpctr\binaries\pchsvc.dll c:\windows\system32\hidserv.dll c:\windows\system32\hid.dll c:\windows\system32\srvsvc.dll c:\windows\system32\netman.dll c:\windows\system32\netshell.dll c:\windows\system32\credui.dll c:\windows\system32\seclogon.dll c:\windows\system32\sens.dll c:\windows\system32\srsvc.dll c:\windows\system32\powrprof.dll c:\windows\system32\trkwks.dll c:\windows\system32\w32time.dll c:\windows\system32\wbem\wmisvc.dll c:\windows\system32\vssapi.dll c:\windows\system32\wuauserv.dll c:\windows\system32\browser.dll c:\windows\system32\wuaueng.dll c:\windows\system32\winspool.drv c:\windows\system32\cabinet.dll c:\windows\system32\mspatcha.dll c:\windows\system32\ipnathlp.dll c:\windows\system32\authz.dll c:\windows\system32\wscsvc.dll c:\windows\system32\msi.dll c:\windows\system32\wbem\wbemcomn.dll c:\windows\system32\wbem\wbemcore.dll c:\windows\system32\wbem\esscli.dll c:\windows\system32\wbem\fastprox.dll c:\windows\system32\wbem\wmiutils.dll c:\windows\system32\sfc.dll c:\windows\system32\sfc_os.dll c:\windows\system32\sxs.dll c:\windows\system32\winrnr.dll c:\windows\system32\wbem\repdrvfs.dll c:\windows\system32\wbem\wmiprvsd.dll c:\windows\system32\ncobjapi.dll c:\windows\system32\wbem\wbemess.dll c:\windows\system32\comsvcs.dll c:\windows\system32\colbact.dll c:\windows\system32\mtxclu.dll c:\windows\system32\wsock32.dll c:\windows\system32\clusapi.dll c:\windows\system32\resutils.dll c:\windows\system32\wbem\ncprov.dll c:\windows\system32\netcfgx.dll c:\windows\system32\rasmans.dll c:\windows\system32\winipsec.dll c:\windows\system32\tapisrv.dll c:\windows\system32\psapi.dll c:\windows\system32\rastapi.dll c:\windows\system32\unimdm.tsp c:\windows\system32\uniplat.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\apphelp.dll c:\windows\system32\kmddsp.tsp c:\windows\system32\ndptsp.tsp c:\windows\system32\ipconf.tsp c:\windows\system32\h323.tsp c:\windows\system32\hidphone.tsp c:\windows\system32\rasppp.dll c:\windows\system32\ntlsapi.dll c:\windows\system32\kerberos.dll c:\windows\system32\cryptdll.dll c:\windows\system32\rasdlg.dll c:\windows\system32\wbem\wbemsvc.dll c:\windows\system32\mlang.dll c:\windows\system32\xmlprovi.dll c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\dnsrslvr.dll c:\windows\system32\dnsapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\lmhsvc.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\webclnt.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\secur32.dll c:\windows\system32\ssdpsrv.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\mswsock.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\upnphost.dll c:\windows\system32\winhttp.dll c:\windows\system32\ssdpapi.dll c:\windows\system32\netapi32.dll C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE c:\program files\lavasoft\ad-aware 2007\aawservice.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\program files\lavasoft\ad-aware 2007\ceapi.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\program files\lavasoft\ad-aware 2007\pkarchive84cb.dll c:\windows\system32\shell32.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\wldap32.dll c:\windows\system32\psapi.dll c:\windows\system32\version.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\program files\lavasoft\ad-aware 2007\update.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\userenv.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\rsaenh.dll c:\windows\system32\mswsock.dll c:\windows\system32\dnsapi.dll c:\windows\system32\winrnr.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\secur32.dll C:\WINDOWS\SYSTEM32\SPOOLSV.EXE c:\windows\system32\spoolsv.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\spoolss.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\dnsapi.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\localspl.dll c:\windows\system32\secur32.dll c:\windows\system32\sfc_os.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\winspool.drv c:\windows\system32\netapi32.dll c:\windows\system32\cnbjmon.dll c:\windows\system32\hpz3l463.dll c:\windows\system32\hpz3l4pi.dll c:\windows\system32\pjlmon.dll c:\windows\system32\tcpmon.dll c:\windows\system32\usbmon.dll c:\windows\system32\spool\prtprocs\w32x86\hpzpp463.dll c:\windows\system32\spool\prtprocs\w32x86\hpzpp4pi.dll c:\windows\system32\mswsock.dll c:\windows\system32\winrnr.dll c:\windows\system32\wldap32.dll c:\windows\system32\win32spl.dll c:\windows\system32\netrap.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\inetpp.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\xpsp2res.dll C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE c:\program files\common files\aol\acs\aolacsd.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\program files\common files\aol\acs\aolacsd.dll c:\windows\system32\winmm.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\tapi32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\system32\rtutils.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\setupapi.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\program files\common files\aol\acs\xpat.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\psapi.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\userenv.dll c:\program files\common files\aol\acs\acsmdiag.dll c:\program files\common files\aol\aoldiag\tbdiag.dll c:\program files\common files\aol\acs\acscmn.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\mswsock.dll c:\program files\common files\aol\acs\acsswu.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\secur32.dll c:\windows\system32\msv1_0.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\wldap32.dll c:\windows\system32\atl.dll c:\windows\system32\samlib.dll c:\windows\system32\sensapi.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\dnsapi.dll C:\WINDOWS\SYSTEM32\SVCHOST.EXE c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\w3ssl.dll c:\windows\system32\strmfilt.dll c:\windows\system32\secur32.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\httpapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll C:\PROGRAM FILES\COMMON FILES\MCAFEE\HACKERWATCH\HWAPI.EXE c:\program files\common files\mcafee\hackerwatch\hwapi.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\shell32.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\version.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\uxtheme.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\progra~1\common~1\mcafee\core\mccoreps.dll c:\windows\system32\psapi.dll c:\windows\system32\rsaenh.dll c:\windows\system32\userenv.dll c:\windows\system32\secur32.dll c:\windows\system32\netapi32.dll c:\progra~1\common~1\mcafee\hacker~1\hwapips.dll c:\windows\system32\winhttp.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\dnsapi.dll c:\windows\system32\rasadhlp.dll C:\PROGRA~1\MCAFEE\MSC\MCMSCSVC.EXE c:\progra~1\mcafee\msc\mcmscsvc.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\wintrust.dll c:\windows\system32\msvcrt.dll c:\windows\system32\crypt32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\psapi.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\uxtheme.dll c:\windows\system32\xpsp2res.dll c:\progra~1\mcafee\msc\mcres.dll c:\progra~1\mcafee\msc\mclocres.dll c:\program files\mcafee\msc\oem\578\mccobres.dll c:\progra~1\mcafee\msc\mccobres.dll c:\progra~1\common~1\mcafee\msc\sqlite3.dll c:\windows\system32\setupapi.dll c:\progra~1\common~1\mcafee\core\mccoreps.dll c:\windows\system32\rsaenh.dll c:\windows\system32\userenv.dll c:\windows\system32\secur32.dll c:\progra~1\mcafee\msc\mcmispps.dll c:\windows\system32\msv1_0.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\progra~1\mcafee\msc\mcshllps.dll c:\progra~1\mcafee\msc\mcdbmgr.dll C:\PROGRA~1\COMMON~1\MCAFEE\MNA\MCNASVC.EXE c:\progra~1\common~1\mcafee\mna\mcnasvc.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\wintrust.dll c:\windows\system32\msvcrt.dll c:\windows\system32\crypt32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\psapi.dll c:\windows\system32\rsaenh.dll c:\windows\system32\uxtheme.dll c:\windows\system32\userenv.dll c:\windows\system32\secur32.dll c:\windows\system32\netapi32.dll c:\progra~1\common~1\mcafee\msc\mcutil.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\setupapi.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\progra~1\mcafee\msc\mcnmcsrv.dll c:\windows\system32\mpr.dll c:\progra~1\common~1\mcafee\core\mccoreps.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\wldap32.dll c:\windows\system32\atl.dll c:\windows\system32\rtutils.dll c:\windows\system32\samlib.dll c:\windows\system32\netshell.dll c:\windows\system32\credui.dll c:\progra~1\mcafee\msc\mcshllps.dll c:\progra~1\common~1\mcafee\mna\mcnasv~1.dll c:\progra~1\mcafee\msc\mcnmcsps.dll c:\windows\system32\msxml4.dll c:\progra~1\mcafee\msc\mcregobj\7_2_14~1\mcregobj.dll c:\progra~1\mcafee\msc\mcmismgr.dll c:\progra~1\mcafee\msc\mcres.dll c:\progra~1\mcafee\msc\mclocres.dll c:\program files\mcafee\msc\oem\578\mccobres.dll c:\progra~1\mcafee\msc\mccobres.dll c:\progra~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll c:\windows\system32\msi.dll c:\windows\system32\ntmarta.dll c:\progra~1\common~1\mcafee\mna\mcuj.dll c:\progra~1\mcafee\msc\mcnmcres.dll c:\progra~1\mcafee\msc\mcnmclor.dll c:\progra~1\mcafee\msc\mcnmccor.dll c:\windows\system32\wbem\wbemprox.dll c:\windows\system32\wbem\wbemcomn.dll c:\windows\system32\wbem\wbemsvc.dll c:\windows\system32\wbem\fastprox.dll c:\windows\system32\msvcp60.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\dnsapi.dll c:\progra~1\mcafee\msc\mcmispps.dll C:\PROGRA~1\MCAFEE\VIRUSS~1\MCODS.EXE c:\progra~1\mcafee\viruss~1\mcods.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\wintrust.dll c:\windows\system32\msvcrt.dll c:\windows\system32\crypt32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\psapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\imm32.dll c:\windows\system32\shlwapi.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\sxs.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\uxtheme.dll c:\windows\system32\rsaenh.dll c:\windows\system32\userenv.dll c:\windows\system32\secur32.dll c:\windows\system32\msv1_0.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll C:\PROGRA~1\MCAFEE\MSC\MCPROMGR.EXE c:\progra~1\mcafee\msc\mcpromgr.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\psapi.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\winsta.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\advapi32.dll c:\windows\system32\netapi32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\urlmon.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\iertutil.dll c:\windows\system32\shell32.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\progra~1\mcafee\msc\mcres.dll c:\progra~1\mcafee\msc\mclocres.dll c:\program files\mcafee\msc\oem\578\mccobres.dll c:\progra~1\mcafee\msc\mccobres.dll c:\progra~1\common~1\mcafee\msc\mcutil.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\xpsp2res.dll c:\progra~1\common~1\mcafee\core\mccoreps.dll c:\windows\system32\rsaenh.dll c:\windows\system32\userenv.dll c:\windows\system32\secur32.dll c:\progra~1\mcafee\msc\mcshllps.dll c:\progra~1\mcafee\msc\mcmispps.dll c:\progra~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll c:\windows\system32\setupapi.dll c:\windows\system32\msi.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\msxml4.dll c:\progra~1\mcafee\msc\mcprotpv.dll c:\progra~1\mcafee\msc\mcnmcres.dll c:\progra~1\mcafee\msc\mcnmclor.dll c:\progra~1\mcafee\msc\mcnmccor.dll c:\windows\system32\sxs.dll c:\progra~1\mcafee\msc\mcprohlp.dll C:\PROGRA~1\COMMON~1\MCAFEE\MCPROXY\MCPROXY.EXE c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\psapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\ole32.dll c:\windows\system32\imm32.dll c:\windows\system32\shlwapi.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\secur32.dll c:\windows\system32\xpsp2res.dll c:\progra~1\mcafee\mps\mpsppm.dll c:\windows\system32\oleaut32.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\progra~1\common~1\mcafee\core\mcevtbrk.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\rsaenh.dll c:\windows\system32\uxtheme.dll c:\windows\system32\userenv.dll c:\windows\system32\netapi32.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\progra~1\common~1\mcafee\redirsvc\redirps.dll C:\PROGRA~1\COMMON~1\MCAFEE\REDIRSVC\REDIRSVC.EXE c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\wintrust.dll c:\windows\system32\msvcrt.dll c:\windows\system32\crypt32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\psapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\version.dll c:\windows\system32\imm32.dll c:\windows\system32\shlwapi.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\secur32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\progra~1\common~1\mcafee\core\mcevtbrk.dll c:\windows\system32\rsaenh.dll c:\windows\system32\uxtheme.dll c:\windows\system32\userenv.dll c:\windows\system32\netapi32.dll c:\progra~1\common~1\mcafee\core\mccoreps.dll c:\progra~1\common~1\mcafee\hacker~1\hwapips.dll c:\progra~1\common~1\mcafee\redirsvc\redirps.dll C:\PROGRA~1\MCAFEE\VIRUSS~1\MCSYSMON.EXE c:\progra~1\mcafee\viruss~1\mcsysmon.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\wintrust.dll c:\windows\system32\msvcrt.dll c:\windows\system32\crypt32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\psapi.dll c:\windows\system32\version.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\userenv.dll c:\windows\system32\imm32.dll c:\windows\system32\shlwapi.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\rsaenh.dll c:\windows\system32\uxtheme.dll c:\windows\system32\secur32.dll c:\progra~1\mcafee\viruss~1\mvslog.dll c:\windows\system32\msxml3.dll c:\progra~1\mcafee\viruss~1\mfesmfa.dll c:\progra~1\mcafee\viruss~1\mfehida.dll c:\progra~1\common~1\mcafee\core\mccoreps.dll c:\progra~1\common~1\mcafee\hacker~1\hwapips.dll c:\progra~1\mcafee\viruss~1\mvscfg.dll c:\windows\system32\sxs.dll c:\progra~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll c:\windows\system32\shell32.dll c:\windows\system32\setupapi.dll c:\progra~1\mcafee\msc\mcmispps.dll c:\progra~1\common~1\mcafee\core\mcevtbrk.dll c:\progra~1\mcafee\viruss~1\mcvsps.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\mstask.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\dnsapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\comdlg32.dll c:\windows\system32\mpr.dll C:\PROGRAM FILES\MCAFEE\MPF\MPFSRV.EXE c:\program files\mcafee\mpf\mpfsrv.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\setupapi.dll c:\windows\system32\imm32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\uxtheme.dll c:\windows\system32\secur32.dll c:\windows\system32\rsaenh.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\xpsp2res.dll c:\progra~1\common~1\mcafee\core\mccoreps.dll c:\windows\system32\psapi.dll c:\windows\system32\userenv.dll c:\windows\system32\netapi32.dll c:\progra~1\common~1\mcafee\hacker~1\hwapips.dll c:\progra~1\common~1\mcafee\core\mcevtbrk.dll c:\progra~1\mcafee\mpf\mc\mpfmisp.dll c:\windows\system32\comdlg32.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\msimg32.dll c:\windows\system32\urlmon.dll c:\windows\system32\winmm.dll c:\progra~1\mcafee\msc\mcmispps.dll c:\windows\system32\netshell.dll c:\windows\system32\rtutils.dll c:\windows\system32\credui.dll c:\windows\system32\atl.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\sxs.dll c:\progra~1\mcafee\mpf\mc\mpfaltps.dll c:\windows\system32\msi.dll c:\windows\system32\msxml4.dll C:\PROGRA~1\MCAFEE\MPS\MPS.EXE c:\progra~1\mcafee\mps\mps.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\psapi.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\shell32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\secur32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\dunzip32.dll c:\windows\system32\comdlg32.dll c:\windows\system32\rsaenh.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\mlang.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\progra~1\common~1\mcafee\core\mcevtbrk.dll c:\windows\system32\userenv.dll c:\progra~1\mcafee\mps\mpsps.dll c:\progra~1\common~1\mcafee\core\mccoreps.dll c:\windows\system32\sxs.dll c:\windows\system32\msi.dll C:\WINDOWS\SYSTEM32\NVSVC32.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\userenv.dll c:\windows\system32\msvcrt.dll c:\windows\system32\powrprof.dll c:\windows\system32\imm32.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\comctl32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\msctfime.ime c:\windows\system32\ole32.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\secur32.dll c:\windows\system32\msv1_0.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\apphelp.dll c:\windows\system32\version.dll C:\WINDOWS\SYSTEM32\HPZIPM12.EXE c:\windows\system32\hpzipm12.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\imm32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\ole32.dll c:\windows\system32\samlib.dll c:\windows\system32\uxtheme.dll C:\WINDOWS\SYSTEM32\SVCHOST.EXE c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\wiaservc.dll c:\windows\system32\cfgmgr32.dll c:\windows\system32\setupapi.dll c:\windows\system32\mscms.dll c:\windows\system32\winspool.drv c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\actxprxy.dll c:\windows\system32\sti.dll C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE c:\program files\windows media player\wmpnetwk.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\msvcrt.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\ole32.dll c:\windows\system32\winhttp.dll c:\windows\system32\shlwapi.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\shell32.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\httpapi.dll c:\windows\system32\wmpmde.dll c:\windows\system32\mfplat.dll c:\windows\system32\userenv.dll c:\windows\system32\faultrep.dll c:\windows\system32\version.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\setupapi.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\secur32.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\upnp.dll c:\windows\system32\ssdpapi.dll c:\windows\system32\msi.dll c:\windows\system32\sxs.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\mswsock.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\wmp.dll c:\windows\system32\msvfw32.dll c:\windows\system32\winmm.dll c:\windows\system32\dbghelp.dll c:\windows\system32\wmploc.dll c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll c:\windows\system32\actxprxy.dll c:\windows\system32\wmpps.dll C:\WINDOWS\EXPLORER.EXE c:\windows\explorer.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\browseui.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ole32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\oleaut32.dll c:\windows\system32\shdocvw.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\cryptui.dll c:\windows\system32\wintrust.dll c:\windows\system32\imagehlp.dll c:\windows\system32\netapi32.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\wldap32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\uxtheme.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\msacm32.dll c:\windows\system32\userenv.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\msctfime.ime c:\windows\system32\apphelp.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\cscui.dll c:\windows\system32\cscdll.dll c:\windows\system32\themeui.dll c:\windows\system32\secur32.dll c:\windows\system32\msimg32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\actxprxy.dll c:\windows\system32\urlmon.dll c:\windows\system32\ieframe.dll c:\windows\system32\psapi.dll c:\windows\system32\setupapi.dll c:\windows\system32\msi.dll c:\windows\system32\ntshrui.dll c:\windows\system32\atl.dll c:\windows\system32\linkinfo.dll c:\windows\system32\netshell.dll c:\windows\system32\rtutils.dll c:\windows\system32\credui.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\rsaenh.dll c:\windows\system32\msctf.dll c:\windows\system32\winsta.dll c:\windows\system32\webcheck.dll c:\windows\system32\stobject.dll c:\windows\system32\batmeter.dll c:\windows\system32\powrprof.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\winhttp.dll c:\windows\system32\mlang.dll c:\windows\system32\mydocs.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll c:\windows\system32\wzcsapi.dll c:\windows\system32\mpr.dll c:\windows\system32\drprov.dll c:\windows\system32\ntlanman.dll c:\windows\system32\netui0.dll c:\windows\system32\netui1.dll c:\windows\system32\netrap.dll c:\windows\system32\samlib.dll c:\windows\system32\davclnt.dll c:\windows\system32\sxs.dll c:\windows\system32\msisip.dll c:\windows\system32\wshext.dll c:\windows\system32\mfc42.dll c:\windows\system32\comdlg32.dll C:\PROGRAM FILES\MCAFEE\MPS\MPSEVH.EXE c:\program files\mcafee\mps\mpsevh.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\wintrust.dll c:\windows\system32\msvcrt.dll c:\windows\system32\crypt32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\psapi.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\rsaenh.dll c:\windows\system32\userenv.dll c:\windows\system32\version.dll c:\windows\system32\secur32.dll c:\windows\system32\netapi32.dll c:\progra~1\mcafee\msc\mcaltlib.dll c:\windows\system32\riched20.dll c:\progra~1\mcafee\msc\mcres.dll c:\progra~1\mcafee\msc\mclocres.dll c:\program files\mcafee\msc\oem\578\mccobres.dll c:\progra~1\mcafee\msc\mccobres.dll c:\windows\system32\winmm.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\msxml3.dll c:\progra~1\mcafee\mps\mpsps.dll c:\progra~1\mcafee\mps\mpsmisp.dll c:\progra~1\common~1\mcafee\core\mccoreps.dll c:\progra~1\mcafee\msc\mcmispps.dll c:\windows\system32\msi.dll c:\windows\system32\sxs.dll c:\windows\system32\msctf.dll c:\windows\system32\setupapi.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll C:\WINDOWS\SYSTEM32\ALG.EXE c:\windows\system32\alg.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\atl.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\mswsock.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\xpsp2res.dll C:\PROGRAM FILES\ADOBE\PHOTOSHOP ALBUM STARTER EDITION\3.0\APPS\APDPROXY.EXE c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\program files\adobe\photoshop album starter edition\3.0\apps\apdboot.dll c:\windows\system32\shlwapi.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\psapi.dll c:\windows\system32\imagehlp.dll c:\windows\system32\shell32.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\program files\adobe\photoshop album starter edition\3.0\apps\msvcp71.dll c:\program files\adobe\photoshop album starter edition\3.0\apps\msvcr71.dll c:\windows\system32\comctl32.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\winspool.drv c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\dsound.dll c:\windows\system32\winmm.dll c:\windows\system32\version.dll c:\windows\system32\msctf.dll c:\windows\system32\sti.dll c:\windows\system32\cfgmgr32.dll c:\windows\system32\setupapi.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\msctfime.ime c:\windows\system32\xpsp2res.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll C:\PROGRAM FILES\SPYWAREFIGHTER\SPFTRAY.EXE c:\program files\spywarefighter\spftray.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\shell32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\msi.dll c:\windows\system32\sxs.dll c:\windows\system32\xpsp2res.dll c:\program files\spywarefighter\spywarefighterbo.dll c:\windows\system32\msvbvm60.dll c:\windows\system32\msctfime.ime c:\program files\spywarefighter\spfrm.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\msctf.dll C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE c:\program files\hp\hp software update\hpwuschd2.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shell32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\msctfime.ime c:\windows\system32\ole32.dll c:\windows\system32\msctf.dll C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSRMON.EXE c:\program files\hp\digital imaging\bin\hpqsrmon.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\winsta.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\advapi32.dll c:\windows\system32\netapi32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcp80.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcr80.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\msctfime.ime c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\sti.dll c:\windows\system32\cfgmgr32.dll c:\windows\system32\setupapi.dll c:\windows\system32\msctf.dll C:\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\JUSCHED.EXE c:\program files\java\jre1.6.0_03\bin\jusched.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\wininet.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\ole32.dll c:\windows\system32\shell32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\msctf.dll c:\windows\system32\apphelp.dll c:\windows\system32\secur32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\netapi32.dll c:\windows\system32\tapi32.dll c:\windows\system32\rtutils.dll c:\windows\system32\winmm.dll c:\windows\system32\userenv.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\sensapi.dll c:\windows\system32\mswsock.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\dnsapi.dll c:\windows\system32\winrnr.dll c:\windows\system32\wldap32.dll c:\windows\system32\urlmon.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll C:\WINDOWS\SYSTEM32\CTFMON.EXE c:\windows\system32\ctfmon.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msctf.dll c:\windows\system32\msutb.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\msctfime.ime C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNSCFG.EXE c:\program files\windows media player\wmpnscfg.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ole32.dll c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll c:\windows\system32\shlwapi.dll c:\windows\system32\secur32.dll c:\windows\system32\netapi32.dll c:\windows\system32\imm32.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\oleaut32.dll c:\windows\system32\version.dll c:\windows\system32\msctf.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\msctfime.ime c:\program files\windows media player\wmpnssci.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll C:\PROGRAM FILES\SPYWAREFIGHTER\SPFPRC.EXE c:\program files\spywarefighter\spfprc.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\advapi32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\program files\spywarefighter\engine.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\winmm.dll c:\windows\system32\shell32.dll c:\windows\system32\psapi.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\msi.dll c:\windows\system32\sxs.dll c:\program files\spywarefighter\spfrm.dll c:\windows\system32\iphlpapi.dll c:\program files\spywarefighter\spywarefighterbo.dll c:\windows\system32\msvbvm60.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime C:\PROGRA~1\MCAFEE.COM\AGENT\MCAGENT.EXE c:\progra~1\mcafee.com\agent\mcagent.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\version.dll c:\windows\system32\wintrust.dll c:\windows\system32\msvcrt.dll c:\windows\system32\crypt32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\progra~1\mcafee\msc\mcres.dll c:\progra~1\mcafee\msc\mclocres.dll c:\program files\mcafee\msc\oem\578\mccobres.dll c:\progra~1\mcafee\msc\mccobres.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\msctf.dll c:\windows\system32\msctfime.ime c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\progra~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll c:\windows\system32\setupapi.dll c:\progra~1\mcafee\msc\mcregobj\7_2_14~1\mcregobj.dll c:\windows\system32\psapi.dll c:\windows\system32\rsaenh.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\userenv.dll c:\windows\system32\secur32.dll c:\windows\system32\netapi32.dll c:\windows\system32\msxml4.dll c:\progra~1\common~1\mcafee\core\mccoreps.dll c:\progra~1\mcafee\msc\mcmispps.dll c:\windows\system32\msxml3.dll c:\progra~1\mcafee.com\agent\mcagntps.dll c:\progra~1\mcafee\msc\mccfgpv.dll c:\progra~1\mcafee\msc\mcuicfg.dll C:\PROGRAM FILES\COMMON FILES\AOL\1175982866\EE\AOLSOFTWARE.EXE c:\program files\common files\aol\1175982866\ee\aolsoftware.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\msvcrt.dll c:\program files\common files\aol\1175982866\ee\aolsvcmgr.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\program files\common files\aol\1175982866\ee\xprt6.dll c:\windows\system32\imm32.dll c:\windows\system32\msctf.dll c:\program files\common files\aol\aoldiag\tbdiag.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\msctfime.ime c:\windows\system32\msi.dll c:\program files\common files\aol\1175982866\ee\services\os\ver5_2_1_1\os.dll c:\program files\common files\aol\1175982866\ee\xprt5.dll c:\program files\common files\aol\1175982866\ee\services\os\ver5_2_1_1\aolidlemon.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\netapi32.dll c:\windows\system32\tapi32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\rtutils.dll c:\windows\system32\winmm.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\program files\common files\aol\1175982866\ee\services\notification\ver6_2_6_1\notify.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\wldap32.dll c:\windows\system32\atl.dll c:\windows\system32\samlib.dll c:\windows\system32\setupapi.dll c:\windows\system32\secur32.dll c:\windows\system32\msv1_0.dll c:\program files\common files\aol\1175982866\ee\services\localstorage\ver7_1_6_1\clssvc.dll c:\windows\system32\comctl32.dll c:\program files\common files\aol\1175982866\ee\services\metrics\ver3_6_16_1\cmls.dll c:\windows\system32\shell32.dll c:\windows\system32\wbem\wbemprox.dll c:\windows\system32\wbem\wbemcomn.dll c:\windows\system32\wbem\wbemsvc.dll c:\windows\system32\wbem\fastprox.dll c:\windows\system32\msvcp60.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\dnsapi.dll c:\windows\system32\hnetcfg.dll c:\program files\common files\aol\1175982866\ee\services\aolsystrayservice\ver3_0_16_1\aolsystrayservice.dll c:\program files\common files\aol\1175982866\ee\services\suiteframework\ver4_1_6_1\suiteframework.dll c:\windows\system32\mswsock.dll c:\windows\system32\wshtcpip.dll C:\PROGRAM FILES\AOL 9.0B\WAOL.EXE c:\program files\aol 9.0b\waol.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcr71.dll c:\program files\aol 9.0b\waol.dll c:\program files\aol 9.0b\supersub.dll c:\windows\system32\msvcp71.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\program files\aol 9.0b\xprt5.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\program files\aol 9.0b\coolcore46.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\program files\aol 9.0b\zlib.dll c:\windows\system32\comdlg32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\comctl32.dll c:\windows\system32\shell32.dll c:\windows\system32\imm32.dll c:\windows\system32\winmm.dll c:\windows\system32\msimg32.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\program files\aol 9.0b\xmlparse.dll c:\program files\aol 9.0b\xmltok.dll c:\program files\aol 9.0b\comm.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\netapi32.dll c:\windows\system32\tapi32.dll c:\windows\system32\rtutils.dll c:\program files\aol 9.0b\manager.dll c:\windows\system32\urlmon.dll c:\windows\system32\winspool.drv c:\program files\aol 9.0b\synccore.dll c:\program files\aol 9.0b\proxymgr.dll c:\program files\aol 9.0b\appdata.dll c:\windows\system32\version.dll c:\program files\aol 9.0b\acfbase.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\msctf.dll c:\program files\common files\aol\1175982866\ee\aolsvcmgr.dll c:\program files\common files\aol\1175982866\ee\xprt6.dll c:\windows\system32\msctfime.ime c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\program files\aol 9.0b\resource.dll c:\program files\common files\aol\aoldiag\tbdiag.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\msxml3.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\uxtheme.dll c:\program files\common files\aol\acs\acscmn.dll c:\windows\system32\sxs.dll c:\program files\aol 9.0b\tool\imfdecode.rct c:\program files\aol 9.0b\tool\coretool.rct c:\program files\aol 9.0b\dunzip32.dll c:\program files\aol 9.0b\tool\mip.tol c:\program files\aol 9.0b\abook.dll c:\program files\aol 9.0b\tool\rich.rct c:\program files\aol 9.0b\tool\actvx.rct c:\program files\aol 9.0b\tool\sec.cct c:\program files\aol 9.0b\tool\chat.tol c:\windows\system32\setupapi.dll c:\program files\aol 9.0b\tool\htmlview.tol c:\program files\aol 9.0b\tool\www.tol c:\program files\aol 9.0b\tool\lvi.tol c:\program files\aol 9.0b\coolapi.dll c:\program files\aol 9.0b\idleproc.dll c:\program files\aol 9.0b\tool\talk.tol c:\windows\system32\vbscript.dll c:\program files\viewpoint\viewpoint experience technology\axmetastream_0305000d.dll c:\program files\viewpoint\viewpoint experience technology\componentmgr_0305000d.dll c:\program files\viewpoint\viewpoint experience technology\components\scenecomponent.dll c:\windows\system32\msvfw32.dll c:\windows\system32\dciman32.dll c:\program files\viewpoint\viewpoint experience technology\components\aolusershell.dll c:\windows\system32\msi.dll c:\program files\viewpoint\viewpoint experience technology\components\sreedmmx.dll c:\windows\system32\secur32.dll c:\program files\viewpoint\viewpoint experience technology\components\swfview.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\wdmaud.drv c:\windows\system32\msacm32.drv c:\windows\system32\msacm32.dll c:\windows\system32\midimap.dll c:\windows\system32\jgpl400.dll c:\windows\system32\jgdw400.dll c:\windows\system32\msvcrt20.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\psapi.dll c:\windows\system32\ieframe.dll c:\windows\system32\msv1_0.dll c:\windows\system32\userenv.dll c:\windows\system32\sensapi.dll c:\windows\system32\msimtf.dll c:\windows\system32\mlang.dll c:\windows\system32\mshtmled.dll c:\progra~1\mcafee\viruss~1\scriptcl.dll c:\windows\system32\jscript.dll c:\windows\system32\dxtrans.dll c:\windows\system32\atl.dll c:\windows\system32\ddrawex.dll c:\windows\system32\ddraw.dll c:\windows\system32\dxtmsft.dll C:\PROGRAM FILES\AOL 9.0B\SHELLMON.EXE c:\program files\aol 9.0b\shellmon.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\msimg32.dll c:\windows\system32\version.dll c:\windows\system32\msvcr71.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\msctf.dll c:\windows\system32\msctfime.ime c:\windows\system32\ole32.dll C:\PROGRA~1\MCAFEE\VIRUSS~1\MCSHIELD.EXE c:\progra~1\mcafee\viruss~1\mcshield.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\lz32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\progra~1\mcafee\viruss~1\lockdown.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\progra~1\mcafee\viruss~1\mytilus.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\progra~1\mcafee\viruss~1\mytilus2.dll c:\windows\system32\shfolder.dll c:\windows\system32\shlwapi.dll c:\windows\system32\imm32.dll c:\progra~1\mcafee\viruss~1\res00\mcshield.dll c:\progra~1\mcafee\viruss~1\ftl.dll c:\windows\system32\psapi.dll c:\progra~1\mcafee\viruss~1\naiann.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\progra~1\common~1\mcafee\core\mccoreps.dll c:\progra~1\mcafee\viruss~1\mcvsps.dll c:\progra~1\mcafee\viruss~1\naiannps.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\progra~1\mcafee\viruss~1\mvscfg.dll c:\windows\system32\rsaenh.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\userenv.dll c:\windows\system32\secur32.dll c:\windows\system32\netapi32.dll c:\windows\system32\sxs.dll c:\progra~1\mcafee\viruss~1\mcvsqt.dll c:\progra~1\mcafee\viruss~1\mcqtlib.dll c:\windows\system32\shell32.dll c:\progra~1\common~1\mcafee\core\mcevtbrk.dll c:\progra~1\mcafee\viruss~1\mvslog.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\sfc_os.dll c:\progra~1\mcafee\viruss~1\scriptsv.dll c:\program files\mcafee\virusscan\mcscan32.dll c:\progra~1\mcafee\viruss~1\mfebopa.dll c:\progra~1\mcafee\viruss~1\mfehida.dll c:\progra~1\mcafee\viruss~1\mfeavfa.dll c:\progra~1\mcafee\msc\mcmispps.dll c:\progra~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll c:\windows\system32\setupapi.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\imm32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\comctl32.dll c:\windows\system32\comdlg32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shell32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\ole32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\inetmib1.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\snmpapi.dll c:\windows\system32\wsock32.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\netapi32.dll c:\windows\system32\wldap32.dll c:\windows\system32\atl.dll c:\windows\system32\rtutils.dll c:\windows\system32\samlib.dll c:\windows\system32\setupapi.dll c:\windows\system32\version.dll c:\windows\system32\mpr.dll c:\windows\system32\winmm.dll c:\windows\system32\oleacc.dll c:\windows\system32\msvcp60.dll c:\windows\system32\msctf.dll c:\windows\system32\msctfime.ime c:\windows\system32\uxtheme.dll c:\windows\system32\apphelp.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\userenv.dll c:\windows\system32\olepro32.dll c:\windows\system32\secur32.dll [to top] SDFix: Version 1.119 Run by user on Sat 12/22/2007 at 10:37 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:30:22 PM, on 12/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\windows\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\windows\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\windows\system32\svchost.exe C:\windows\Explorer.EXE C:\Program Files\McAfee\MPS\mpsevh.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\SPYWAREfighter\spftray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\windows\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\SPYWAREfighter\spfprc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe C:\Program Files\AOL 9.0b\waol.exe C:\Program Files\AOL 9.0b\shellmon.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0b\AOL.EXE" -b O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe -- End of file - 7516 bytes
  9. I fully understand...I'm just thankfull for the time and help that you have give me....I know you will get to the bottom of this....And good luck and godspeed with yours! ComboFix 07-12-19.2 - user 2007-12-22 0:09:08.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.697 [GMT -5:00] Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\user\Desktop\cfscript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\PlayMP3z C:\Program Files\PlayMP3z\uninstall.exe C:\WINDOWS\SxsCaPendDel . ((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))) . 2007-12-20 23:41 . 2007-12-20 23:49 318 --a------ C:\delete.bat 2007-12-20 21:16 . 2007-12-20 21:16 <DIR> d-------- C:\Program Files\CCleaner 2007-12-18 16:26 . 2007-12-18 16:26 <DIR> d-------- C:\Program Files\Common Files\Application 2007-12-18 16:25 . 2007-12-18 16:29 <DIR> d-------- C:\Program Files\SPYWAREfighter 2007-12-18 16:23 . 2007-12-18 16:23 <DIR> d-------- C:\Program Files\SpyDestroy Pro 2007-12-18 14:04 . 2007-12-18 14:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Viewpoint 2007-12-18 14:04 . 2007-12-22 00:07 50,014 --a------ C:\VETlog.dmp 2007-12-18 14:03 . 2007-12-18 14:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL 2007-12-18 13:51 . 2007-12-18 13:51 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-18 12:53 . 2007-12-18 13:06 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-12-18 12:23 . 2007-12-18 13:06 <DIR> d-------- C:\Program Files\XoftSpySE 2007-12-18 10:33 . 2007-12-18 10:50 <DIR> d-------- C:\Program Files\PCPitstop 2007-12-18 10:33 . 2007-12-18 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop 2007-12-17 17:08 . 2006-11-13 01:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll 2007-12-17 17:08 . 2006-11-13 01:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll 2007-12-17 17:08 . 2006-11-13 01:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll 2007-12-17 15:43 . 2007-12-17 16:07 <DIR> d-------- C:\Program Files\RegCure 2007-12-17 15:15 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-12-17 15:09 . 2007-12-17 15:11 <DIR> d-------- C:\Program Files\BitDownload 2007-12-17 14:29 . 2007-12-21 15:21 <DIR> d-------- C:\Program Files\IntelligentAdvisor 2007-12-17 13:49 . 2007-12-17 14:23 <DIR> d-------- C:\Program Files\Registry Easy 2007-12-17 13:24 . 2007-12-17 13:24 <DIR> d-------- C:\Documents and Settings\user\Application Data\Uniblue 2007-12-12 23:39 . 2007-12-12 23:39 <DIR> d-------- C:\Program Files\Lucky Clover 2007-12-12 22:32 . 2007-12-12 22:43 <DIR> d-------- C:\Program Files\The Magicians Handbook - Cursed Valley 2007-12-12 22:19 . 2007-12-12 22:19 <DIR> d-------- C:\Documents and Settings\user\Application Data\Legends of pirates 2007-12-10 23:52 . 2007-12-10 23:53 <DIR> d-------- C:\Program Files\Holly - A Christmas Tale 2007-12-09 01:48 . 2007-12-18 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\does dog two city 2007-12-09 01:44 . 2007-12-09 01:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZipEC 2007-12-09 01:43 . 2007-12-17 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip 2007-12-09 00:16 . 2005-06-03 17:01 4,624 --a------ C:\WINDOWS\system32\nvaudio.nvu 2007-12-08 00:08 . 2007-12-08 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Christmasville 2007-12-07 19:45 . 2007-12-07 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MythPeople 2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmpEF563.FOT 2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmpC5663.FOT 2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmp34563.FOT 2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmp0B563.FOT 2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmpAE8B4.FOT 2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp689B4.FOT 2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp5D9B4.FOT 2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp23AB4.FOT 2007-12-07 10:14 . 2007-12-21 08:14 17,604 --a------ C:\WINDOWS\system32\Config.MPF 2007-12-07 02:15 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll 2007-12-07 02:14 . 2007-12-18 09:42 <DIR> d-------- C:\mcafee_mcpr 2007-12-07 02:14 . 2007-06-25 10:57 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys 2007-12-07 02:14 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys 2007-12-07 02:14 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys 2007-12-07 02:14 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys 2007-12-07 02:14 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys 2007-12-07 02:14 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys 2007-12-07 02:13 . 2007-12-07 02:13 <DIR> d-------- C:\Program Files\McAfee.com 2007-12-07 02:13 . 2007-12-07 02:15 <DIR> d-------- C:\Program Files\Common Files\McAfee 2007-12-07 02:12 . 2007-12-18 10:29 <DIR> d-------- C:\Program Files\McAfee 2007-12-07 01:23 . 2007-12-07 01:23 <DIR> d-------- C:\Documents and Settings\user\Application Data\SpywareBot 2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Program Files\Lavasoft 2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-07 00:41 . 2007-12-07 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP 2007-12-07 00:07 . 2007-12-07 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Playtonium Games 2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmpB7839.FOT 2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp80939.FOT 2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp56939.FOT 2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp3C939.FOT 2007-12-06 23:28 . 2007-12-06 23:28 <DIR> d-------- C:\Program Files\Smilebox 2007-12-06 23:03 . 2007-12-06 23:03 103,824 --a------ C:\Program Files\InstallDownloader.exe 2007-12-06 22:38 . 2007-12-06 23:52 <DIR> d-------- C:\Documents and Settings\user\Application Data\Smilebox . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-20 16:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-18 17:29 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire 2007-12-18 16:56 --------- d-----w C:\Program Files\Common Files\SystemRequirementsLab 2007-12-18 15:50 --------- d-----w C:\Program Files\Common Files\Scanner 2007-12-09 07:21 --------- d-----w C:\Program Files\RealArcade 2007-12-07 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2007-12-07 07:08 --------- d-----w C:\Program Files\Common Files\AOL 2007-12-07 06:31 --------- d-----w C:\Program Files\Java 2007-12-07 05:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2007-12-06 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-12-03 01:42 --------- d-----w C:\Documents and Settings\user\Application Data\Image Zone Express 2007-11-29 21:50 38,567 ----a-w C:\windows\system32\pcpbios.exe 2007-11-13 10:25 20,480 ----a-w C:\windows\system32\drivers\secdrv.sys 2007-11-12 02:05 --------- d-----w C:\Program Files\Luxor 3 2007-10-29 22:43 1,287,680 ----a-w C:\windows\system32\quartz.dll 2007-10-27 22:40 222,720 ----a-w C:\windows\system32\wmasf.dll 2007-10-22 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo 2006-02-19 07:28 12,288 ----a-w C:\windows\Fonts\RandFont.dll 2005-07-07 23:14 774,144 ----a-w C:\Program Files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548BF73-58FF-71D5-F97D-17C71E323709}] 2007-12-11 16:27 1019904 --a------ C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 07:00] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05] "AOL Fast Start"="C:\Program Files\AOL 9.0b\AOL.exe" [2007-04-18 01:49] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 19:53] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 23:05] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46] "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41] "hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start] C:\Program Files\AOL 9.0b\AOL.EXE -b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\MSMSGS.EXE /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 03:00 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe R3 Airgo;Wireless-G PCI Adapter with SRX Driver;C:\windows\system32\DRIVERS\WniHdd51.sys [2005-04-18 16:47] R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2007-06-08 11:52] R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2007-06-08 11:52] S3 FXDRV;FXDRV;D:\Fxdrv.sys [] S3 USB_RNDIS_XP;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver;C:\windows\system32\DRIVERS\usb8023.sys [2004-08-04 07:00] . Contents of the 'Scheduled Tasks' folder "2007-12-15 06:22:10 C:\windows\Tasks\McDefragTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe' "2007-12-07 07:14:01 C:\windows\Tasks\McQcTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe "2007-12-21 22:00:04 C:\windows\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2007-12-20 16:28:32 C:\windows\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe "2007-12-21 08:00:01 C:\windows\Tasks\SpywareBot Scheduled Scan.job" - C:\Program Files\SpywareBot\SpywareBot.ex - C:\Program Files\SpywareBot . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-22 00:11:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-22 0:12:33 C:\ComboFix2.txt ... 2007-12-20 21:58 C:\ComboFix3.txt ... 2007-12-18 19:39 . 2007-12-16 08:03:35 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:18:55 AM, on 12/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\windows\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\windows\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\windows\system32\svchost.exe C:\Program Files\McAfee\MPS\mpsevh.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\SPYWAREfighter\spftray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\windows\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\SPYWAREfighter\spfprc.exe C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe C:\Program Files\AOL 9.0b\waol.exe C:\Program Files\AOL 9.0b\shellmon.exe C:\windows\explorer.exe C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0b\AOL.EXE" -b O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe -- End of file - 7472 bytes Thanks Joy
  10. Hello, REGLOOKS logfile version 0.977 Fri 12/21/2007 12:37:27.92 running from: "C:\Documents and Settings\user\Desktop" --- SSODL regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad only standard or legit regkeys found --- STS regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler only standard or legit regkeys found --- USERINIT regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit"="C:\\windows\\system32\\userinit.exe," --- SHELL regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="Explorer.exe" --- SYSTEM regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "System"="" --- APPINIT_DLLS regkey --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows "AppInit_DLLs"="" --- NOTIFY regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify "AtiExtEvent" "DLLName"="Ati2evxx.dll" --- BOOTEXECUTE regkey --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager BootExecute= autocheck autochk *lsdelete\ --- SHELLEXECUTEHOOKS regkey --- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" --- HKLM\Run regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\"" "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "spywarefighterguard"="C:\\Program Files\\SPYWAREfighter\\spftray.exe" "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "hpqSRMon"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSRMon.exe" [Run\OptionalComponents] [Run\OptionalComponents\IMAIL] "Installed"="1" [Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [Run\OptionalComponents\MSFS] "Installed"="1" --- HKLM\RunOnce regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce no HKLM RunOnce keys found --- HKLM\RunOnceEx regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx no HKLM RunOnceEx keys found --- HKLM\RunServices regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices no HKLM RunServices keys found --- HKLM\RunServicesOnce regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce regkey does not exist --- HKCU\Run regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ctfmon.exe"="C:\\windows\\system32\\ctfmon.exe" "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" "AOL Fast Start"="\"C:\\Program Files\\AOL 9.0b\\AOL.EXE\" -b" --- HKCU\RunOnce regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce no HKCU RunOnce keys found --- HKCU\RunOnceEx regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx regkey does not exist --- HKCU\RunServices regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices no HKCU RunServices keys found --- HKCU\RunServicesOnce regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce no HKCU RunServicesOnce keys found --- HKU\.DEFAULT\Run regkeys - Default user --- HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run no HKU\.DEFAULT\Run keys found --- HKU\S-1-5-18\Run regkeys - user SYSTEM --- HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run no HKU\S-1-5-18\Run keys found --- HKU\S-1-5-19\Run regkeys - User Lokale service --- HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run regkey does not exist --- HKU\S-1-5-20\Run regkeys - User Netwerkservice --- HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run regkey does not exist --- HKLM\Explorer\Run regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run no HKLM Explorer\Run keys found --- HKCU\Explorer\Run regkeys --- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run no HKCU Explorer\Run keys found --- Image File Execution regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options no debuggers found --- BROWSER HELPER OBJECTS regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" regkey not found (ERROR) "{6548BF73-58FF-71D5-F97D-17C71E323709}" FILE ="C:\\Program Files\\IntelligentAdvisor\\IntelligentAdvisor-2.dll" "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="C:\\Program Files\\Java\\jre1.6.0_02\\bin\\ssv.dll" "{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" FILE ="c:\\PROGRA~1\\mcafee\\VIRUSS~1\\scriptcl.dll" --- TOOLBAR regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar no toolbars found --- URLSEARCHHOOKS regkeys --- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks only standard regkeys found --- CONTEXTMENUHANDLERS regkeys --- HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers "MCVSRIGHTCLICKSCANNER" CLSID ={162EFDC5-2957-465D-887B-590AF4A7E84D} FILE ="c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcodsax.dll" "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll "Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\SHELL32.dll "Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll "SPYWAREfighter" CLSID ={44CB577A-837C-4C36-9C8D-80A1639B9333} FILE ="C:\\Program Files\\SPYWAREfighter\\spfext.dll" "WinZip" CLSID ={E0D79304-84BE-11CE-9641-444553540000} FILE ="C:\\Program Files\\WinZip\\wzshlstb.dll" "{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers "EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll "Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll" "WinZip" CLSID ={E0D79304-84BE-11CE-9641-444553540000} FILE ="C:\\Program Files\\WinZip\\wzshlstb.dll" HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers "MCVSRIGHTCLICKSCANNER" CLSID ={162EFDC5-2957-465D-887B-590AF4A7E84D} FILE ="c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcodsax.dll" "SPYWAREfighter" CLSID ={44CB577A-837C-4C36-9C8D-80A1639B9333} FILE ="C:\\Program Files\\SPYWAREfighter\\spfext.dll" "WinZip" CLSID ={E0D79304-84BE-11CE-9641-444553540000} FILE ="C:\\Program Files\\WinZip\\wzshlstb.dll" --- ALTERNATESHELL regkey --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot "AlternateShell"="cmd.exe" --- SAFEBOOT MINIMAL SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal no unknown services found --- SAFEBOOT NETWORK SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network no unknown services found --- SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Airgo "DisplayName"="Wireless-G PCI Adapter with SRX Driver" system32\DRIVERS\WniHdd51.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AOL ACS "DisplayName"="AOL Connectivity Service" "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Atierecord no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FXDRV "DisplayName"="FXDRV" \??\D:\Fxdrv.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OmniUsb "DisplayName"="Ideazon USB Zboard Driver" system32\DRIVERS\OmniUsb.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OmniUsbl "DisplayName"="Ideazon USBl Zboard Driver" system32\DRIVERS\OmniUsbl.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SpyFighter "DisplayName"="SpyFighter Guard Device" \??\C:\Program Files\SPYWAREfighter\spyfighter.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPYWAREfighterRP "DisplayName"="SPYWAREfighterRP" "C:\Program Files\SPYWAREfighter\spfprc.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VxD no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wanatw "DisplayName"="WAN Miniport (ATW)" system32\DRIVERS\wanatw4.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{0E2F4962-9A16-4D87-A0D6-9E5711282C7F} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{8919D171-E6D3-4DDF-B1C4-5437691BDBFE} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{9E5EF34E-18C0-49E3-90AA-157EAA78B653} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{AA221FEF-2A2D-4239-9BD8-D2A7B0790BDD} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{C1EE0F08-E358-450A-A4A2-88C2CB2F14E6} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{DE83678D-D419-436F-A8AF-2838FFA083C0} no imagepath value found --- SECURITYPROVIDERS regkey --- HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" --- SVCHOST regkey --- HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost HTTPFilter: HTTPFilter\ LocalService: AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\ NetworkService: DnsCache\ netsvcs: 6to4AppMgmtAudioSrvBrowserCryptSvcDMServerDHCPERSvcEventSystemFastUserSwitchingCompatibilityHidServIasIpripIrmonLanmanServerLanmanWorkstationMessengerNetmanNlaNtmssvcNWCWorkstationNwsapagentRasautoRasmanRemoteaccessScheduleSeclogonSENSSharedaccessSRServiceTapisrvThemesTrkWksW32TimeWZCSVCWmiWmdmPmSpwinmgmtwscsvcxmlprovBITSwuauservShellHWDetectionhelpsvcWmdmPmSN\ DcomLaunch: DcomLaunchTermService\ rpcss: RpcSs\ imgsvc: StiSvc\ termsvcs: TermService\ WudfServiceGroup: WUDFSvc\ --- WOW-CMDLINE regkeys --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW "cmdline" = %SystemRoot%\system32\ntvdm.exe "wowcmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 --- DNS SERVER regkeys --- no "NameServer" values found --- STARTUP FOLDERS --- C:\Documents and Settings\user\Start Menu\Programs\Startup\desktop.ini C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini --- TASK SCHEDULER JOBS --- C:\windows\tasks\McDefragTask.job C:\windows\tasks\McQcTask.job C:\windows\tasks\RegCure Program Check.job C:\windows\tasks\RegCure.job C:\windows\tasks\SpywareBot Scheduled Scan.job --- File associations --- .BAT files: ("%1" %*) .COM files: ("%1" %*) .EXE files: ("%1" %*) .HLP files: (%SystemRoot%\System32\winhlp32.exe %1) .INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1) .INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1) .JS files: (%SystemRoot%\System32\WScript.exe "%1" %*) .PIF files: ("%1" %*) .REG files: (regedit.exe "%1") .SCR files: ("%1" /S) .TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1) .VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*) FINISHED HIJACKTHIS UNINSTALL MANAGER 7 Wonders II (remove only) Ad-Aware 2007 Adobe Common File Installer Adobe Download Manager 2.0 (Remove Only) Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Reader 7.0.9 Adobe® Photoshop® Album Starter Edition 3.0 AOL Uninstaller (Choose which Products to Remove) ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver Big Fish Games Client CCleaner (remove only) Concentration Evaluation HijackThis 2.0.2 Holly: A Christmas Tale (remove only) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB896344) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) HP Customer Participation Program 7.0 HP Driver Diagnostics HP Imaging Device Functions 7.0 HP Photosmart and Deskjet 7.0 Software HP Photosmart Essential HP Photosmart Essential 2.5 HP Photosmart Premier Software 6.5 HP Product Detection HP Solution Center 7.0 HP Update IntelligentAdvisor Java 6 Update 2 LimeWire 4.12.11 Linksys Wireless-G PCI Adapter with SRX Lucky Clover (remove only) Luxor 3 (remove only) Macromedia Extension Manager Macromedia Flash 8 Macromedia Flash Player 8 McAfee SecurityCenter Microsoft .NET Framework 2.0 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Professional Microsoft Office Excel Viewer 2003 Microsoft Office PowerPoint Viewer 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) Mysteryville 2 NVIDIA Drivers NvMixer Photo Viewer 2.3 PlayMP3z QuickTime Rain Talisman (remove only) RealArcade RealPlayer Basic RegCure 1.5.0.0 Security Update for Microsoft .NET Framework 2.0 (KB928365) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB944653) SpyDestroy Pro 1.0.8 SPYWAREfighter Super Granny 4 Evaluation The Magicians Handbook: Cursed Valley (remove only) The Rise of Atlantis The Stone of Destiny (remove only) Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920342) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB925876) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Viewpoint Media Player Wheel of Fortune 2 Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893086 WinZip 11.1 Zenerchi (remove only) Ok now here is a problem After startup & recovery when I hit settings it comes up with this error message c:boot.inf file can not be oppened. operating system & timeout settings can not be changed Then it goes to the next screen with the edit button when I click on the edit button it comes up with this error message can't find the c:/boot.inf file Do you want to creat a new one? I just hit cancel. I did not want to mess it up any more then it is. Thanks, Joy
  11. Hi Yes to both questions invalid boot.inf file booting from c:/ windows this pop-up was perfectlovercalculator.com Joy
  12. First one came up no infected flies have been found and here is new hijack log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:51:45 PM, on 12/20/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\windows\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\windows\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\windows\system32\svchost.exe C:\Program Files\McAfee\MPS\mpsevh.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\SPYWAREfighter\spftray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\windows\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\SPYWAREfighter\spfprc.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe C:\windows\explorer.exe C:\Program Files\AOL 9.0b\waol.exe C:\Program Files\AOL 9.0b\shellmon.exe C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0b\AOL.EXE" -b O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe -- End of file - 7459 bytes
  13. also at boot after post invalid boot.inf booting from C:/windows. then the box with the stuff in it ComboFix 07-12-19.2 - user 2007-12-20 21:54:33.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.692 [GMT -5:00] Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 ))))))))))))))))))))))))))))))) . 2007-12-20 21:16 . 2007-12-20 21:16 <DIR> d-------- C:\Program Files\CCleaner 2007-12-20 14:06 . 2007-12-20 14:08 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2007-12-18 16:26 . 2007-12-18 16:26 <DIR> d-------- C:\Program Files\Common Files\Application 2007-12-18 16:25 . 2007-12-18 16:29 <DIR> d-------- C:\Program Files\SPYWAREfighter 2007-12-18 16:23 . 2007-12-18 16:23 <DIR> d-------- C:\Program Files\SpyDestroy Pro 2007-12-18 14:04 . 2007-12-18 14:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Viewpoint 2007-12-18 14:04 . 2007-12-20 21:54 50,014 --a------ C:\VETlog.dmp 2007-12-18 14:03 . 2007-12-18 14:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL 2007-12-18 13:51 . 2007-12-18 13:51 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-18 12:53 . 2007-12-18 13:06 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-12-18 12:23 . 2007-12-18 13:06 <DIR> d-------- C:\Program Files\XoftSpySE 2007-12-18 10:33 . 2007-12-18 10:50 <DIR> d-------- C:\Program Files\PCPitstop 2007-12-18 10:33 . 2007-12-18 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop 2007-12-17 17:08 . 2006-11-13 01:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll 2007-12-17 17:08 . 2006-11-13 01:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll 2007-12-17 17:08 . 2006-11-13 01:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll 2007-12-17 15:43 . 2007-12-17 16:07 <DIR> d-------- C:\Program Files\RegCure 2007-12-17 15:15 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-12-17 15:09 . 2007-12-17 15:11 <DIR> d-------- C:\Program Files\BitDownload 2007-12-17 14:29 . 2007-12-18 19:14 <DIR> d-------- C:\Program Files\PlayMP3z 2007-12-17 14:29 . 2007-12-20 21:49 <DIR> d-------- C:\Program Files\IntelligentAdvisor 2007-12-17 13:49 . 2007-12-17 14:23 <DIR> d-------- C:\Program Files\Registry Easy 2007-12-17 13:24 . 2007-12-17 13:24 <DIR> d-------- C:\Documents and Settings\user\Application Data\Uniblue 2007-12-12 23:39 . 2007-12-12 23:39 <DIR> d-------- C:\Program Files\Lucky Clover 2007-12-12 22:32 . 2007-12-12 22:43 <DIR> d-------- C:\Program Files\The Magicians Handbook - Cursed Valley 2007-12-12 22:19 . 2007-12-12 22:19 <DIR> d-------- C:\Documents and Settings\user\Application Data\Legends of pirates 2007-12-10 23:52 . 2007-12-10 23:53 <DIR> d-------- C:\Program Files\Holly - A Christmas Tale 2007-12-09 01:48 . 2007-12-18 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\does dog two city 2007-12-09 01:44 . 2007-12-09 01:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZipEC 2007-12-09 01:43 . 2007-12-17 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip 2007-12-09 00:16 . 2005-06-03 17:01 4,624 --a------ C:\WINDOWS\system32\nvaudio.nvu 2007-12-08 00:08 . 2007-12-08 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Christmasville 2007-12-07 19:45 . 2007-12-07 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MythPeople 2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmpEF563.FOT 2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmpC5663.FOT 2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmp34563.FOT 2007-12-07 19:38 . 2007-12-07 19:38 1,409 --a------ C:\WINDOWS\system32\tmp0B563.FOT 2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmpAE8B4.FOT 2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp689B4.FOT 2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp5D9B4.FOT 2007-12-07 19:09 . 2007-12-07 19:09 1,409 --a------ C:\WINDOWS\system32\tmp23AB4.FOT 2007-12-07 10:14 . 2007-12-20 21:49 17,604 --a------ C:\WINDOWS\system32\Config.MPF 2007-12-07 02:15 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll 2007-12-07 02:14 . 2007-12-18 09:42 <DIR> d-------- C:\mcafee_mcpr 2007-12-07 02:14 . 2007-06-25 10:57 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys 2007-12-07 02:14 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys 2007-12-07 02:14 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys 2007-12-07 02:14 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys 2007-12-07 02:14 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys 2007-12-07 02:14 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys 2007-12-07 02:13 . 2007-12-07 02:13 <DIR> d-------- C:\Program Files\McAfee.com 2007-12-07 02:13 . 2007-12-07 02:15 <DIR> d-------- C:\Program Files\Common Files\McAfee 2007-12-07 02:12 . 2007-12-18 10:29 <DIR> d-------- C:\Program Files\McAfee 2007-12-07 01:23 . 2007-12-07 01:23 <DIR> d-------- C:\Documents and Settings\user\Application Data\SpywareBot 2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Program Files\Lavasoft 2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-07 00:59 . 2007-12-07 00:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-07 00:41 . 2007-12-07 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP 2007-12-07 00:07 . 2007-12-07 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Playtonium Games 2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmpB7839.FOT 2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp80939.FOT 2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp56939.FOT 2007-12-07 00:07 . 2007-12-07 00:07 1,409 --a------ C:\WINDOWS\system32\tmp3C939.FOT 2007-12-06 23:28 . 2007-12-06 23:28 <DIR> d-------- C:\Program Files\Smilebox 2007-12-06 23:03 . 2007-12-06 23:03 103,824 --a------ C:\Program Files\InstallDownloader.exe 2007-12-06 22:38 . 2007-12-06 23:52 <DIR> d-------- C:\Documents and Settings\user\Application Data\Smilebox . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-20 16:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-18 17:29 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire 2007-12-18 16:56 --------- d-----w C:\Program Files\Common Files\SystemRequirementsLab 2007-12-18 15:50 --------- d-----w C:\Program Files\Common Files\Scanner 2007-12-09 07:21 --------- d-----w C:\Program Files\RealArcade 2007-12-07 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2007-12-07 07:08 --------- d-----w C:\Program Files\Common Files\AOL 2007-12-07 06:31 --------- d-----w C:\Program Files\Java 2007-12-07 05:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2007-12-06 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-12-03 01:42 --------- d-----w C:\Documents and Settings\user\Application Data\Image Zone Express 2007-11-29 21:50 38,567 ----a-w C:\windows\system32\pcpbios.exe 2007-11-13 10:25 20,480 ----a-w C:\windows\system32\drivers\secdrv.sys 2007-11-12 02:05 --------- d-----w C:\Program Files\Luxor 3 2007-10-29 22:43 1,287,680 ----a-w C:\windows\system32\quartz.dll 2007-10-27 22:40 222,720 ----a-w C:\windows\system32\wmasf.dll 2007-10-22 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo 2006-02-19 07:28 12,288 ----a-w C:\windows\Fonts\RandFont.dll 2005-07-07 23:14 774,144 ----a-w C:\Program Files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548BF73-58FF-71D5-F97D-17C71E323709}] 2007-12-11 16:27 1019904 --a------ C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 07:00] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05] "AOL Fast Start"="C:\Program Files\AOL 9.0b\AOL.exe" [2007-04-18 01:49] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 19:53] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 23:05] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46] "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41] "hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start] C:\Program Files\AOL 9.0b\AOL.EXE -b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\MSMSGS.EXE /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 03:00 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe R3 Airgo;Wireless-G PCI Adapter with SRX Driver;C:\windows\system32\DRIVERS\WniHdd51.sys [2005-04-18 16:47] R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2007-06-08 11:52] R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2007-06-08 11:52] S3 FXDRV;FXDRV;D:\Fxdrv.sys [] S3 USB_RNDIS_XP;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver;C:\windows\system32\DRIVERS\usb8023.sys [2004-08-04 07:00] . Contents of the 'Scheduled Tasks' folder "2007-12-15 06:22:10 C:\windows\Tasks\McDefragTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe' "2007-12-07 07:14:01 C:\windows\Tasks\McQcTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe "2007-12-21 02:48:32 C:\windows\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2007-12-20 16:28:32 C:\windows\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe "2007-12-20 08:00:17 C:\windows\Tasks\SpywareBot Scheduled Scan.job" - C:\Program Files\SpywareBot\SpywareBot.ex - C:\Program Files\SpywareBot . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-20 21:57:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-20 21:58:13 C:\ComboFix2.txt ... 2007-12-18 19:39 . 2007-12-16 08:03:35 --- E O F ---
  14. That file cheched out ok....I still have the setthetrend pop-up....All my keys and programs appear to be working again....but on boot up after post but before windows log-in a box comes up with this "ê…˜Ãâ…°ÃĹĈ爸Þ"in it. it will not let me x out of it i have to click ok and then it loads the window log in screen. Thanks
  15. I have the ctrl - alt - del back and also microsoft office is working again....lol....I did not even tell you about that one. The pop-ups seem to be gone....I went to the online malware scan....The first time I tried it said the site was busy try again in 20 sec.....I tried again and it has been sitting like this for about 10 mins. Is this normal? or should I try again later? Thank you so very much for all your help and time... Joy