Hi, and thank you so much for the help and time.
Have Emsisoft running as stated, and the computer didn't freeze for 5-6 days, but alas, is now freezing again. It's been freezing on me for many months, even on the old drive. One reason I bought the new drive was to get a fresh install of windows going, and now I am back where I was with the freezing problem. However, I have not heard the system baloon.wav since Emsisoft was installed? The only thing I have done while waiting for a response was to run ESET online scanner, and it came up with no infections, so didn't change anything.
I had already disabled sptd by turning off in the registry with the 04 parameter because I am using Imgburn, and it warned of the driver. I will poat the Defog log as well since it's short.
Here are the logs requested
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:19:07 PM, on 12/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
D:\PROGRAMS FOLDER\UTILITIES\SECURITY\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Utilities\Security\AVAST\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe
D:\PROGRAMS FOLDER\UTILITIES\SECURITY\EMSISOFT ANTI-MALWARE\a2guard.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Documents and Settings\DADDY\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Club Bing Toolbar Helper - {B771FEA3-2A05-4c21-B1E2-55551A97D520} - C:\Program Files\Club Bing Toolbar Helper\Bmbho.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Club Bing Toolbar - {719D74AB-1AF9-43A1-8C62-D8750628D93E} - C:\Program Files\Club Bing Toolbar\Toolbar.dll
O3 - Toolbar: Club Bing Toolbar Helper - {B771FEA3-2A05-4c21-B1E2-55551A97D520} - C:\Program Files\Club Bing Toolbar Helper\Bmbho.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe /nogui
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [a-squared] "D:\PROGRAMS FOLDER\UTILITIES\SECURITY\EMSISOFT ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [QuickTime Task] "D:\PROGRAMS FOLDER\UTILITIES\VIDEO\VIDEO PLAYERS\QUICKTIME\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277687844046O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
http://download.eset.com/special/eos/OnlineScanner.cabO16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) -
http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - D:\PROGRAMS FOLDER\UTILITIES\SECURITY\Emsisoft Anti-Malware\a2service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Utilities\Security\AVAST\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Utilities\Security\AVAST\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Utilities\Security\AVAST\AvastSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
--
End of file - 6696 bytes
===============================
===============================
OTL logfile created on: 12/4/2010 2:12:08 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\DADDY\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 6.74 Gb Free Space | 19.72% Space Free | Partition Type: NTFS
Drive D: | 448.66 Gb Total Space | 109.86 Gb Free Space | 24.49% Space Free | Partition Type: NTFS
Drive E: | 448.66 Gb Total Space | 447.93 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Drive F: | 298.08 Gb Total Space | 175.42 Gb Free Space | 58.85% Space Free | Partition Type: NTFS
Drive G: | 3.94 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: HOODFAMILY | User Name: DADDY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2010/12/04 14:10:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DADDY\Desktop\OTL.exe
PRC - [2010/10/14 09:09:02 | 002,806,000 | ---- | M] (Emsi Software GmbH) -- D:\PROGRAMS FOLDER\UTILITIES\SECURITY\Emsisoft Anti-Malware\a2service.exe
PRC - [2010/10/11 15:12:08 | 000,273,672 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe
PRC - [2010/10/05 09:06:40 | 003,416,968 | ---- | M] (Emsi Software GmbH) -- D:\PROGRAMS FOLDER\UTILITIES\SECURITY\Emsisoft Anti-Malware\a2guard.exe
PRC - [2010/09/07 07:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Utilities\Security\AVAST\AvastUI.exe
PRC - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Utilities\Security\AVAST\AvastSvc.exe
PRC - [2010/07/27 13:46:08 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/07/27 13:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
========== Modules (SafeList) ========== MOD - [2010/12/04 14:10:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DADDY\Desktop\OTL.exe
MOD - [2010/11/26 23:27:30 | 000,212,456 | ---- | M] (Emsi Software GmbH) -- D:\PROGRAMS FOLDER\UTILITIES\SECURITY\Emsisoft Anti-Malware\a2hooks32.dll
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/14 09:09:02 | 002,806,000 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- D:\PROGRAMS FOLDER\UTILITIES\SECURITY\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Utilities\Security\AVAST\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Utilities\Security\AVAST\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Utilities\Security\AVAST\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/07/27 13:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/07 13:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 13:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\PROGRAMS FOLDER\UTILITIES\MUSIC & VIDEO PROGRAMS\MUSIC FILE PROGRAMS\ZUNE\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\3B.tmp -- (MEMSWEEP2)
DRV - [2010/10/19 23:21:35 | 001,425,280 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010/09/19 07:57:36 | 000,072,808 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- D:\PROGRAMS FOLDER\UTILITIES\SECURITY\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010/09/07 06:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 06:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 06:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 06:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 06:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 06:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/09/05 11:25:22 | 000,041,928 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- D:\PROGRAMS FOLDER\UTILITIES\SECURITY\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2010/09/02 17:11:35 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/05 08:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- D:\PROGRAMS FOLDER\UTILITIES\SECURITY\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2010/01/13 11:18:36 | 001,730,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2009/04/08 13:29:52 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2008/04/14 04:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/13 22:12:02 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2008/01/03 06:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2004/08/13 02:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-1682526488-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/IE - HKU\S-1-5-21-1078081533-1682526488-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/IE - HKU\S-1-5-21-1078081533-1682526488-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1078081533-1682526488-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 D9 51 3D DF 76 CB 01 [binary data]
IE - HKU\S-1-5-21-1078081533-1682526488-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\Firefox [2010/11/01 11:33:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/01 11:33:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/01 11:33:46 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2008/04/14 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Club Bing Toolbar Helper) - {B771FEA3-2A05-4c21-B1E2-55551A97D520} - C:\Program Files\Club Bing Toolbar Helper\Bmbho.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Club Bing Toolbar) - {719D74AB-1AF9-43A1-8C62-D8750628D93E} - C:\Program Files\Club Bing Toolbar\Toolbar.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Club Bing Toolbar Helper) - {B771FEA3-2A05-4c21-B1E2-55551A97D520} - C:\Program Files\Club Bing Toolbar Helper\Bmbho.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1078081533-1682526488-1417001333-1004\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1078081533-1682526488-1417001333-1004\..\Toolbar\WebBrowser: (Club Bing Toolbar) - {719D74AB-1AF9-43A1-8C62-D8750628D93E} - C:\Program Files\Club Bing Toolbar\Toolbar.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1078081533-1682526488-1417001333-1004\..\Toolbar\WebBrowser: (Club Bing Toolbar Helper) - {B771FEA3-2A05-4C21-B1E2-55551A97D520} - C:\Program Files\Club Bing Toolbar Helper\Bmbho.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [a-squared] D:\PROGRAMS FOLDER\UTILITIES\SECURITY\EMSISOFT ANTI-MALWARE\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avast5] C:\Program Files\Utilities\Security\AVAST\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1682526488-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277687844046 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}
http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\DADDY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DADDY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/27 13:57:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/17 13:56:01 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "RDSessMgr"
MsConfig - Services: "ZuneWlanCfgSvc"
MsConfig - Services: "ZuneNetworkSvc"
MsConfig - Services: "WZCSVC"
MsConfig - Services: "WmiApSrv"
MsConfig - StartUpReg:
Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg:
Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found
MsConfig - StartUpReg:
DAEMON Tools Lite - hkey= - key= - D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg:
HDAudDeck - hkey= - key= - C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)
MsConfig - StartUpReg:
HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg:
IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg:
itype - hkey= - key= - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
MsConfig - StartUpReg:
msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg:
Persistence - hkey= - key= - File not found
MsConfig - StartUpReg:
QuickTime Task - hkey= - key= - D:\PROGRAMS FOLDER\UTILITIES\VIDEO\VIDEO PLAYERS\QUICKTIME\qttask.exe (Apple Inc.)
MsConfig - StartUpReg:
Zune Launcher - hkey= - key= - D:\PROGRAMS FOLDER\UTILITIES\MUSIC & VIDEO PROGRAMS\MUSIC FILE PROGRAMS\ZUNE\ZuneLauncher.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.avis - C:\WINDOWS\System32\ff_acm.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (5319471614918656)
========== Files/Folders - Created Within 30 Days ========== [2010/12/04 14:10:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DADDY\Desktop\OTL.exe
[2010/11/29 16:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DADDY\Local Settings\Application Data\Temp
[2010/11/29 16:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/29 16:54:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/26 23:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DADDY\My Documents\Anti-Malware
[2010/11/24 16:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DADDY\Desktop\TODAYS RECIPES
[2010/11/22 13:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/22 12:51:19 | 003,024,056 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\DADDY\Desktop\dfsetup200.exe
[2010/11/22 12:50:25 | 002,421,128 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\DADDY\Desktop\rcsetup138.exe
[2010/11/19 20:38:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DADDY\Desktop\New Folder
[2010/11/09 14:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/11/08 23:49:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\DADDY\Recent
[2010/11/08 23:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DADDY\My Documents\The KMPlayer
[2010/10/19 18:26:54 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2010/10/19 18:26:54 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/12/04 14:10:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DADDY\Desktop\OTL.exe
[2010/12/04 13:35:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/03 21:40:55 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Speccy.lnk
[2010/12/03 18:00:27 | 005,795,622 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\VIZIO - E370VL Manual - Final2.pdf
[2010/12/01 22:45:18 | 000,000,332 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\How do I get hidden images and downloads off my computer - Computers -PCs, laptops, hardware, software - Page 2 - City-Data Forum.url
[2010/12/01 19:42:17 | 000,000,358 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Comp Freezes, System Notifications, HJThis Log (2).url
[2010/11/30 23:24:21 | 001,950,160 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\ImgBurn - Guide - Settings.pdf
[2010/11/30 23:18:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/30 23:16:12 | 000,000,288 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Uninstall problem - THE DAEMON TOOLS FORUM.url
[2010/11/30 21:32:38 | 000,000,267 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Crime and Punishment - Wikipedia, the free encyclopedia.url
[2010/11/30 18:46:38 | 000,001,240 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\ImgBurn.lnk
[2010/11/30 18:38:27 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Conscious Vibes Principle of Least Privilege.url
[2010/11/30 18:07:23 | 001,566,576 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\SetupVirtualCloneDrive5440.exe
[2010/11/30 14:50:35 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Google Earth Google Earth Download.url
[2010/11/29 17:56:09 | 000,099,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/29 17:46:32 | 000,481,330 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/29 17:46:32 | 000,079,278 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/29 17:44:49 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/29 17:33:20 | 000,004,332 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\1143845875.htm
[2010/11/29 16:57:40 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\DADDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Reader X.lnk
[2010/11/28 14:48:39 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\psychapa.doc
[2010/11/27 21:23:58 | 000,001,563 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Startup Programs Database.url
[2010/11/26 23:18:56 | 000,000,842 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2010/11/26 13:08:36 | 001,514,229 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\InternetSafety.pdf
[2010/11/25 15:06:31 | 000,005,723 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Stuffing Recipes – Homemade Recipes for Turkey Stuffing - Delish.com.url
[2010/11/25 14:52:29 | 000,003,091 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Recycle Letter.rtf
[2010/11/25 12:43:04 | 000,000,156 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\RECYCLING LETTER.rtf
[2010/11/24 16:02:32 | 000,004,221 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Vegetable-Herb Stuffing - Thanksgiving Recipes - Delish.com.url
[2010/11/22 13:25:20 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/22 12:51:30 | 003,024,056 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\DADDY\Desktop\dfsetup200.exe
[2010/11/22 12:50:33 | 002,421,128 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\DADDY\Desktop\rcsetup138.exe
[2010/11/15 16:07:52 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\RECENT FILES.lnk
[2010/11/15 00:41:13 | 000,000,426 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Shortcut to Thomas.lnk
[2010/11/14 16:53:42 | 000,012,249 | ---- | M] () -- C:\WINDOWS\xnview.ini
[2010/11/10 00:26:27 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\What’s My Line (1950) - Free Movies, Watch TV online - Retrovision.tv.url
[2010/11/09 15:25:33 | 000,000,683 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\How to Boost Your BitTorrent Speed and Privacy.url
[2010/11/09 15:22:17 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\DADDY\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/11/08 22:39:25 | 000,148,992 | ---- | M] () -- C:\Documents and Settings\DADDY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/07 14:27:50 | 000,000,273 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Sign In.url
[2010/11/07 12:06:03 | 000,001,515 | ---- | M] () -- C:\Documents and Settings\DADDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Paint.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/12/03 21:40:55 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\Speccy.lnk
[2010/12/03 18:00:27 | 005,795,622 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\VIZIO - E370VL Manual - Final2.pdf
[2010/12/01 22:45:18 | 000,000,332 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\How do I get hidden images and downloads off my computer - Computers -PCs, laptops, hardware, software - Page 2 - City-Data Forum.url
[2010/12/01 19:42:17 | 000,000,358 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\Comp Freezes, System Notifications, HJThis Log (2).url
[2010/11/30 23:24:21 | 001,950,160 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\ImgBurn - Guide - Settings.pdf
[2010/11/30 23:16:12 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\Uninstall problem - THE DAEMON TOOLS FORUM.url
[2010/11/30 21:32:38 | 000,000,267 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\Crime and Punishment - Wikipedia, the free encyclopedia.url
[2010/11/30 18:46:38 | 000,001,240 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\ImgBurn.lnk
[2010/11/30 18:38:27 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\Conscious Vibes Principle of Least Privilege.url
[2010/11/30 18:07:08 | 001,566,576 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\SetupVirtualCloneDrive5440.exe
[2010/11/30 14:50:35 | 000,000,247 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\Google Earth Google Earth Download.url
[2010/11/29 17:43:00 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/11/29 17:33:20 | 000,004,332 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\1143845875.htm
[2010/11/29 16:57:40 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\DADDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Reader X.lnk
[2010/11/28 14:48:39 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\psychapa.doc
[2010/11/27 21:23:58 | 000,001,563 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\Startup Programs Database.url
[2010/11/26 23:18:56 | 000,000,842 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2010/11/26 13:08:32 | 001,514,229 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\InternetSafety.pdf
[2010/11/25 14:52:29 | 000,003,091 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\Recycle Letter.rtf
[2010/11/25 12:43:04 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\RECYCLING LETTER.rtf
[2010/11/22 13:25:20 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/18 18:13:21 | 000,005,723 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\Stuffing Recipes – Homemade Recipes for Turkey Stuffing - Delish.com.url
[2010/11/18 18:13:08 | 000,004,221 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\Vegetable-Herb Stuffing - Thanksgiving Recipes - Delish.com.url
[2010/11/15 16:07:52 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\RECENT FILES.lnk
[2010/11/14 20:40:13 | 000,000,426 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\Shortcut to Thomas.lnk
[2010/11/14 13:08:25 | 000,012,249 | ---- | C] () -- C:\WINDOWS\xnview.ini
[2010/11/10 00:26:27 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\What’s My Line (1950) - Free Movies, Watch TV online - Retrovision.tv.url
[2010/11/09 15:22:17 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\DADDY\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/11/08 21:46:32 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\How to Boost Your BitTorrent Speed and Privacy.url
[2010/11/07 12:06:03 | 000,001,515 | ---- | C] () -- C:\Documents and Settings\DADDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Paint.lnk
[2010/10/19 23:28:01 | 000,137,760 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/19 23:22:20 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/07/26 19:36:00 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\DADDY\Application Data\burnaware.ini
[2010/06/28 22:44:28 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/28 20:42:22 | 000,148,992 | ---- | C] () -- C:\Documents and Settings\DADDY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/27 16:50:29 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4935.dll
[2010/06/27 16:44:56 | 000,013,004 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/06/27 16:44:56 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/06/27 16:44:49 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/06/27 06:39:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
========== LOP Check ========== [2010/07/10 14:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/09/02 17:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/07/04 20:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DADDY\Application Data\Ashampoo
[2010/09/02 17:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DADDY\Application Data\DAEMON Tools Lite
[2010/08/24 12:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DADDY\Application Data\foobar2000
[2010/08/31 22:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DADDY\Application Data\HamsterSoft
[2010/10/19 12:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DADDY\Application Data\SoundSpectrum
[2010/10/26 10:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DADDY\Application Data\Uniblue
[2010/11/09 23:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DADDY\Application Data\uTorrent
[2010/11/10 20:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DADDY\Application Data\XnView
[2010/11/14 13:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMY\Application Data\XnView
========== Purity Check ========== ========== Custom Scans ========== < %systemroot%\system32\*.dll /lockedfiles >[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\*.sys /90 >[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav >[2010/06/27 06:36:47 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/06/27 06:36:47 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/06/27 06:36:47 | 000,921,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %SYSTEMDRIVE%\*.* >[2010/06/27 13:57:48 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/10/26 10:34:05 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2010/06/27 13:57:48 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/06/27 13:57:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/27 13:57:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 04:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/12/04 13:35:36 | 4290,772,992 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
< %systemroot%\*. /mp /s > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < > < >< End of report >
==========================================
==========================================
OTL Extras logfile created on: 12/4/2010 2:12:08 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\DADDY\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 6.74 Gb Free Space | 19.72% Space Free | Partition Type: NTFS
Drive D: | 448.66 Gb Total Space | 109.86 Gb Free Space | 24.49% Space Free | Partition Type: NTFS
Drive E: | 448.66 Gb Total Space | 447.93 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Drive F: | 298.08 Gb Total Space | 175.42 Gb Free Space | 58.85% Space Free | Partition Type: NTFS
Drive G: | 3.94 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: HOODFAMILY | User Name: DADDY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with XnView] -- Reg Error: Key error.
Directory [explore] -- C:\WINDOWS\explorer.exe "%1" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OPEN_WIDE] -- C:\WINDOWS\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Utilities\Security\AVG\AVG9\avgui.exe" = C:\Program Files\Utilities\Security\AVG\AVG9\avgui.exe:*:Enabled:AVG Free User Interface -- File not found
"D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\7-Zip\7zFM.exe" = D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\7-Zip\7zFM.exe:*:Disabled:7-Zip File Manager -- (Igor Pavlov)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Utilities\Security\AVG\AVG9\avgtray.exe" = C:\Program Files\Utilities\Security\AVG\AVG9\avgtray.exe:*:Disabled:AVG Free Tray Icon -- File not found
"F:\Program Files\File Sharing Programs\uTorrent.exe" = F:\Program Files\File Sharing Programs\uTorrent.exe:*:Disabled:µTorrent -- (BitTorrent, Inc.)
"D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\UTORRENT\uTorrent.exe" = D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\UTORRENT\uTorrent.exe:*:Enabled:µTorrent -- File not found
"D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\U-TORRENT\uTorrent.exe" = D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\U-TORRENT\uTorrent.exe:*:Enabled:µTorrent -- File not found
"D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\U-TORRENT 2.0.2\uTorrent 2.0.2..exe" = D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\U-TORRENT 2.0.2\uTorrent 2.0.2..exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\UTORRENT 1.8.2\uTorrent 1.8.2..exe" = D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\UTORRENT 1.8.2\uTorrent 1.8.2..exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\uTorrent 2.0.4\uTorrent.exe" = D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\uTorrent 2.0.4\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{02EE107B-8D95-4949-8935-4DEBE8F08BE3}" = Bing Bar Platform
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4D777040-B426-44F8-8AA5-4EA26C38ECAE}" = Club Bing Toolbar Helper
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A35B36EA-39FE-4AA8-8119-D66B060C9E72}" = Club Bing Toolbar
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{ADD72094-D289-4714-A62E-70574478A2BC}" = System Requirements Lab for Intel
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast5" = avast! Free Antivirus
"BurnAware Free_is1" = BurnAware Free 3.0.1
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"ClubBingToolbar" = Club Bing Toolbar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cool Timer_is1" = Cool Timer 3.6
"CSCLIB" = Canon Camera Support Core Library
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.0
"EOS Utility" = Canon Utilities EOS Utility
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"File Renamer - Basic" = File Renamer - Basic
"foobar2000" = foobar2000 v1.0.3
"G-Force" = G-Force
"Hamster Free Video Converter_is1" = HamsterFreeVideoConverter
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"Speccy" = Speccy
"TagScanner_is1" = TagScanner 5.1 build 571
"The KMPlayer" = The KMPlayer (remove only)
"Unlocker" = Unlocker 1.9.0
"uTorrent" = µTorrent
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XnView_is1" = XnView 1.97.6
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
"Zune" = Zune
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1078081533-1682526488-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 10/4/2010 5:47:56 AM | Computer Name = HOODFAMILY | Source = WPDMTPDriver | ID = 80836
Description =
Error - 10/12/2010 9:34:00 PM | Computer Name = HOODFAMILY | Source = Windows Product Activation | ID = 1012
Description = Due to hardware changes on this computer, you will need to reactivate
your Windows product.
Error - 10/13/2010 8:10:06 PM | Computer Name = HOODFAMILY | Source = WPDMTPDriver | ID = 80836
Description =
Error - 10/15/2010 5:51:35 AM | Computer Name = HOODFAMILY | Source = WPDMTPDriver | ID = 80836
Description =
Error - 10/22/2010 8:51:35 AM | Computer Name = HOODFAMILY | Source = WPDMTPDriver | ID = 80836
Description =
Error - 11/3/2010 5:43:23 PM | Computer Name = HOODFAMILY | Source = WPDMTPDriver | ID = 80836
Description =
Error - 11/4/2010 8:25:08 PM | Computer Name = HOODFAMILY | Source = WPDMTPDriver | ID = 80836
Description =
Error - 11/29/2010 9:56:30 PM | Computer Name = HOODFAMILY | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
Error - 12/1/2010 12:16:24 AM | Computer Name = HOODFAMILY | Source = WPDMTPDriver | ID = 80836
Description =
[ System Events ]
Error - 10/12/2010 9:43:35 PM | Computer Name = HOODFAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt
Error - 10/12/2010 10:08:15 PM | Computer Name = HOODFAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt
Error - 10/13/2010 10:20:06 AM | Computer Name = HOODFAMILY | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 71.156.65.64 on
the Network Card with network address 002215C3F052.
Error - 10/13/2010 10:21:01 AM | Computer Name = HOODFAMILY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 002215C3F052 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).
Error - 10/13/2010 7:05:00 PM | Computer Name = HOODFAMILY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 002215C3F052 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).
Error - 10/18/2010 5:32:05 PM | Computer Name = HOODFAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt
Error - 10/18/2010 5:32:06 PM | Computer Name = HOODFAMILY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 002215C3F052 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).
Error - 10/19/2010 3:52:36 PM | Computer Name = HOODFAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt
Error - 10/19/2010 3:52:37 PM | Computer Name = HOODFAMILY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 002215C3F052 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).
Error - 10/19/2010 8:38:58 PM | Computer Name = HOODFAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt
< End of report >
==========================================
==========================================
GMER 1.0.15.15530 -
http://www.gmer.netRootkit scan 2010-12-04 14:54:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 WDC_WD1002FAEX-00Z3A0 rev.05.01D05
Running: gmer.exe; Driver: C:\DOCUME~1\DADDY\LOCALS~1\Temp\kwdiafob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA8D6ECF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xA8D6EBAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xA8D6F160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xA8D6F08A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA8D6E782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xA8D6EC86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA8D6E6C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA8D6E726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA8D6EDA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA8D6F22E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA8D6ED66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xA8D6EEE6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA8D7BBAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA8D7B9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA8D7BB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP A8D7BB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP A8D7B9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP A8D775D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP A8D78FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP A8D7BBB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [75, 71] {JNZ 0x73}
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [7B, 71] {JNP 0x73}
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [72, 71] {JB 0x73}
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [78, 71] {JS 0x73}
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B10001
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71850F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71820F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 71880F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 718E0F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 718B0F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] USER32.dll!SendInput + 4 7E42F144 2 Bytes [93, 71]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71910F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 719A0F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71970F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A00F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 719D0F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71A30F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 71A90F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 71A60F5A
.text C:\Program Files\Utilities\Security\AVAST\AvastSvc.exe[1464] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00970001
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ws2_32.dll!WSALookupServiceNextW 00E63181 6 Bytes JMP 71760F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ws2_32.dll!WSALookupServiceEnd 00E6350E 6 Bytes JMP 71820F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ws2_32.dll!WSALookupServiceBeginW 00E635EF 6 Bytes JMP 71790F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ws2_32.dll!connect 00E64A07 6 Bytes JMP 717F0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ws2_32.dll!listen 00E68CD3 6 Bytes JMP 717C0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00970001
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!getaddrinfo 023F2A6F 5 Bytes JMP 46CB3704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!WSALookupServiceNextW 023F3181 6 Bytes JMP 71790F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!WSALookupServiceEnd 023F350E 6 Bytes JMP 71820F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!WSALookupServiceBeginW 023F35EF 6 Bytes JMP 717C0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!closesocket 023F3E2B 5 Bytes JMP 46CB41DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!socket 023F4211 3 Bytes JMP 46CB354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!socket + 4 023F4215 1 Byte [44]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!connect 023F4A07 3 Bytes JMP 46CB35DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!connect + 4 023F4A0B 2 Bytes [44, CC] {INC ESP; INT 3 }
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!send 023F4C27 3 Bytes JMP 46CB3B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!send + 4 023F4C2B 1 Byte [44]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!recv 023F676F 3 Bytes JMP 46CB4549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!recv + 4 023F6773 1 Byte [44]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!listen 023F8CD3 6 Bytes JMP 717F0F5A
.text C:\WINDOWS\Explorer.EXE[2976] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\Explorer.EXE[2976] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2976] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\WINDOWS\Explorer.EXE[2976] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2976] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\WINDOWS\Explorer.EXE[2976] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2976] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\WINDOWS\Explorer.EXE[2976] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2976] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\WINDOWS\Explorer.EXE[2976] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2976] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\WINDOWS\Explorer.EXE[2976] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CA0001
.text C:\WINDOWS\Explorer.EXE[2976] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\WINDOWS\Explorer.EXE[2976] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\WINDOWS\Explorer.EXE[2976] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\WINDOWS\Explorer.EXE[2976] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\WINDOWS\Explorer.EXE[2976] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\WINDOWS\Explorer.EXE[2976] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2976] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\WINDOWS\Explorer.EXE[2976] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\WINDOWS\Explorer.EXE[2976] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\WINDOWS\Explorer.EXE[2976] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\Explorer.EXE[2976] WS2_32.dll!WSALookupServiceNextW 02353181 6 Bytes JMP 71790F5A
.text C:\WINDOWS\Explorer.EXE[2976] WS2_32.dll!WSALookupServiceEnd 0235350E 6 Bytes JMP 71760F5A
.text C:\WINDOWS\Explorer.EXE[2976] WS2_32.dll!WSALookupServiceBeginW 023535EF 6 Bytes JMP 717C0F5A
.text C:\WINDOWS\Explorer.EXE[2976] WS2_32.dll!connect 02354A07 6 Bytes JMP 71820F5A
.text C:\WINDOWS\Explorer.EXE[2976] WS2_32.dll!listen 02358CD3 6 Bytes JMP 717F0F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [74, 71] {JZ 0x73}
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [7A, 71] {JP 0x73}
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [71, 71] {JNO 0x73}
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [77, 71] {JA 0x73}
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [7D, 71] {JGE 0x73}
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01060001
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 719F0F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 719C0F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71A20F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 71A80F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 71A50F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71840F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71810F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 71870F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 718D0F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 718A0F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] USER32.dll!SendInput + 4 7E42F144 2 Bytes [92, 71]
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71900F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71990F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71960F5A
.text C:\WINDOWS\system32\hkcmd.exe[3236] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\hkcmd.exe[3236] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3236] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\hkcmd.exe[3236] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3236] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\hkcmd.exe[3236] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3236] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\WINDOWS\system32\hkcmd.exe[3236] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3236] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\hkcmd.exe[3236] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3236] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\WINDOWS\system32\hkcmd.exe[3236] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A80001
.text C:\WINDOWS\system32\hkcmd.exe[3236] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\WINDOWS\system32\hkcmd.exe[3236] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\WINDOWS\system32\hkcmd.exe[3236] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\WINDOWS\system32\hkcmd.exe[3236] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3236] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\hkcmd.exe[3236] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\WINDOWS\system32\hkcmd.exe[3236] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\WINDOWS\system32\hkcmd.exe[3236] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\hkcmd.exe[3236] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\WINDOWS\system32\hkcmd.exe[3236] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\WINDOWS\system32\igfxpers.exe[3332] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\igfxpers.exe[3332] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3332] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\igfxpers.exe[3332] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3332] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\igfxpers.exe[3332] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3332] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\WINDOWS\system32\igfxpers.exe[3332] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3332] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\igfxpers.exe[3332] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3332] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\WINDOWS\system32\igfxpers.exe[3332] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text C:\WINDOWS\system32\igfxpers.exe[3332] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\WINDOWS\system32\igfxpers.exe[3332] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\WINDOWS\system32\igfxpers.exe[3332] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\WINDOWS\system32\igfxpers.exe[3332] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3332] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\igfxpers.exe[3332] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\WINDOWS\system32\igfxpers.exe[3332] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\WINDOWS\system32\igfxpers.exe[3332] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\igfxpers.exe[3332] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\WINDOWS\system32\igfxpers.exe[3332] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00960001
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] WS2_32.dll!WSALookupServiceNextW 01043181 6 Bytes JMP 717C0F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] WS2_32.dll!WSALookupServiceEnd 0104350E 6 Bytes JMP 71790F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] WS2_32.dll!WSALookupServiceBeginW 010435EF 6 Bytes JMP 717F0F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] WS2_32.dll!connect 01044A07 6 Bytes JMP 71760F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] WS2_32.dll!listen 01048CD3 6 Bytes JMP 71820F5A
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\WudfRd \Device\UMDFCtrlDev-7b5d2830-ffee-11df-97cc-002215c3f052 A6EF5156
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x81 0x52 0xED 0x4F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7F 0x96 0x85 0x2F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEF 0x33 0x03 0x13 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x81 0x52 0xED 0x4F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7F 0x96 0x85 0x2F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEF 0x33 0x03 0x13 ...
---- EOF - GMER 1.0.15 ----
====================================
====================================
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:25 on 04/12/2010 (DADDY)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
=================
Thanks again