Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: New Technique Recycles Exploit Chain to Keep Antivirus Silent

Featured Deal: Get The Pay What You Want: AWS Cloud Development Bundle Deal

Comp Freezes, System Notifications, HJThis Log

Started by Tuberocity , Nov 27 2010 06:26 PM

This topic is locked

39 replies to this topic

#1 Tuberocity

Members
22 posts
OFFLINE

Gender:Male
Location:SO CAL
Local time:01:54 AM

Posted 27 November 2010 - 06:26 PM

Short as possible, my computer freezes sporadically at a rate of 0-5 times a day, and has been doing so for many months. These are what I would term, hard freezes, meaning I am unable to use the task manager or start menu to shut down, I must use the off button for a complete shutdown or use the reset button, and reboot. No error codes have ever appeared. Also for many months, I have been getting system notifications many times a day by way of the baloon.wav. The popup is so fast, I can not tell what notification it is sending?

Running XP's firewall at medium along with Avast Home/Free version W/all shields on, and installed Emsisoft Anti-Malware last night which picked up, ( Gen.Variant!IK = C:\System Volume Information\_restore{06B934D9-3F84-4F52-842B-2ED7421B7B52}\RP151\A0121235.dll = HIGH RISK ) and quarantined it. I have it's guard running along with Avast as it stated on their site no conflicts, and so far, so good. I also use MBAM, CCleaner, Sophos, and various online scanners every so often. Been using this site for quite awhile for answers, and can usually fix most problems like finding out why that balloon.wav keeps sounding off, what sound it was, and what it was attached to, but have never had my HijackThis log analyzed. I run MBAM & AVAST through the context menu on every file I download, but I'm sure I am not perfect in this endeavor. lol Thanks in advance for any advice you may have for me.

Running Windows XP Home, fairly new install on a 1TB Caviar Black with three partitions, one 35gb for XP, and two more at 448GB EA. Also using my original drive 320GB Caviar Blue which still has bits and pieces of the old windows on it, windows dir has been deleted. I am currently deleting & moving things around on the 320 drive, and when empty, will reformat the drive, and use for storage or a dual boot system. Other equipment include a Sony cd/dvd WR/RW external USB drive for my cd & dvd needs, an MS wireless mouse, MS wired usb keyboard, Asus MB, Intel dual 2200 cpu, graphics onboard, 2gb memory running in single channel mode, but capbable of dual mode, HP 2009m 20" monitor. Not sure if all this is needed, but I think that about covers it.

Here is my HijackThis Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:03:44 PM, on 11/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
D:\PROGRAMS FOLDER\UTILITIES\SECURITY\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Utilities\Security\AVAST\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe
C:\WINDOWS\system32\igfxsrvc.exe
D:\PROGRAMS FOLDER\UTILITIES\SECURITY\EMSISOFT ANTI-MALWARE\a2guard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Documents and Settings\DADDY\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Club Bing Toolbar Helper - {B771FEA3-2A05-4c21-B1E2-55551A97D520} - C:\Program Files\Club Bing Toolbar Helper\Bmbho.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Club Bing Toolbar - {719D74AB-1AF9-43A1-8C62-D8750628D93E} - C:\Program Files\Club Bing Toolbar\Toolbar.dll
O3 - Toolbar: Club Bing Toolbar Helper - {B771FEA3-2A05-4c21-B1E2-55551A97D520} - C:\Program Files\Club Bing Toolbar Helper\Bmbho.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe /nogui
O4 - HKLM\..\Run: [QuickTime Task] "D:\PROGRAMS FOLDER\UTILITIES\VIDEO\VIDEO PLAYERS\QUICKTIME\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [a-squared] "D:\PROGRAMS FOLDER\UTILITIES\SECURITY\EMSISOFT ANTI-MALWARE\a2guard.exe" /d=60
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277687844046
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - D:\PROGRAMS FOLDER\UTILITIES\SECURITY\Emsisoft Anti-Malware\a2service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Utilities\Security\AVAST\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Utilities\Security\AVAST\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Utilities\Security\AVAST\AvastSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

--
End of file - 6588 bytes

Edited by Tuberocity, 27 November 2010 - 09:35 PM.

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Tuberocity

Topic Starter

Members
22 posts
OFFLINE

Gender:Male
Location:SO CAL
Local time:01:54 AM

Posted 01 December 2010 - 10:41 PM

I guess you can not edit after a few days? I needed to add this, as it may be symptomatic. I ran Emsisoft full version before posting this as I stated above, and since then, I have not had one freeze. Emsisoft is stopping just about every connection and cookie, it seems, to my computer. I'm now wondering if these connections or cookies were causing my freeze ups, and system notifications? Oh ****, this is going to bump me, I'll say sorry to myself then, back to the end of the line hehe
How does the edit work? there is no edit button - link on my original post? Thanks again

#3 etavares

Bleepin' Remover

Malware Response Team
15,514 posts
OFFLINE

Gender:Male
Local time:04:54 AM

Posted 04 December 2010 - 08:26 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,

Please download OTL from this link.
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Under the Custom Scan box paste this in:

netsvcs
msconfig
drivers32 /all
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.sys /90
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
CREATERESTOREPOINT
Click the Quick Scan button.
The scan should take a few minutes.
Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

In your reply, please post both OTL logs and the GMER log.

If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Unified Network of Instructors and Trusted Eliminators

#4 Tuberocity

Topic Starter

Members
22 posts
OFFLINE

Gender:Male
Location:SO CAL
Local time:01:54 AM

Posted 04 December 2010 - 06:19 PM

Hi, and thank you so much for the help and time.
Have Emsisoft running as stated, and the computer didn't freeze for 5-6 days, but alas, is now freezing again. It's been freezing on me for many months, even on the old drive. One reason I bought the new drive was to get a fresh install of windows going, and now I am back where I was with the freezing problem. However, I have not heard the system baloon.wav since Emsisoft was installed? The only thing I have done while waiting for a response was to run ESET online scanner, and it came up with no infections, so didn't change anything.

I had already disabled sptd by turning off in the registry with the 04 parameter because I am using Imgburn, and it warned of the driver. I will poat the Defog log as well since it's short.

Here are the logs requested

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:19:07 PM, on 12/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
D:\PROGRAMS FOLDER\UTILITIES\SECURITY\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Utilities\Security\AVAST\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe
D:\PROGRAMS FOLDER\UTILITIES\SECURITY\EMSISOFT ANTI-MALWARE\a2guard.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Documents and Settings\DADDY\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Club Bing Toolbar Helper - {B771FEA3-2A05-4c21-B1E2-55551A97D520} - C:\Program Files\Club Bing Toolbar Helper\Bmbho.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Club Bing Toolbar - {719D74AB-1AF9-43A1-8C62-D8750628D93E} - C:\Program Files\Club Bing Toolbar\Toolbar.dll
O3 - Toolbar: Club Bing Toolbar Helper - {B771FEA3-2A05-4c21-B1E2-55551A97D520} - C:\Program Files\Club Bing Toolbar Helper\Bmbho.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe /nogui
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [a-squared] "D:\PROGRAMS FOLDER\UTILITIES\SECURITY\EMSISOFT ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [QuickTime Task] "D:\PROGRAMS FOLDER\UTILITIES\VIDEO\VIDEO PLAYERS\QUICKTIME\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277687844046
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - D:\PROGRAMS FOLDER\UTILITIES\SECURITY\Emsisoft Anti-Malware\a2service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Utilities\Security\AVAST\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Utilities\Security\AVAST\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Utilities\Security\AVAST\AvastSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

--
End of file - 6696 bytes

===============================
===============================
OTL logfile created on: 12/4/2010 2:12:08 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\DADDY\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 6.74 Gb Free Space | 19.72% Space Free | Partition Type: NTFS
Drive D: | 448.66 Gb Total Space | 109.86 Gb Free Space | 24.49% Space Free | Partition Type: NTFS
Drive E: | 448.66 Gb Total Space | 447.93 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Drive F: | 298.08 Gb Total Space | 175.42 Gb Free Space | 58.85% Space Free | Partition Type: NTFS
Drive G: | 3.94 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOODFAMILY | User Name: DADDY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/04 14:10:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DADDY\Desktop\OTL.exe
PRC - [2010/10/14 09:09:02 | 002,806,000 | ---- | M] (Emsi Software GmbH) -- D:\PROGRAMS FOLDER\UTILITIES\SECURITY\Emsisoft Anti-Malware\a2service.exe
PRC - [2010/10/11 15:12:08 | 000,273,672 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe
PRC - [2010/10/05 09:06:40 | 003,416,968 | ---- | M] (Emsi Software GmbH) -- D:\PROGRAMS FOLDER\UTILITIES\SECURITY\Emsisoft Anti-Malware\a2guard.exe
PRC - [2010/09/07 07:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Utilities\Security\AVAST\AvastUI.exe
PRC - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Utilities\Security\AVAST\AvastSvc.exe
PRC - [2010/07/27 13:46:08 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/07/27 13:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

========== Modules (SafeList) ==========

MOD - [2010/12/04 14:10:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DADDY\Desktop\OTL.exe
MOD - [2010/11/26 23:27:30 | 000,212,456 | ---- | M] (Emsi Software GmbH) -- D:\PROGRAMS FOLDER\UTILITIES\SECURITY\Emsisoft Anti-Malware\a2hooks32.dll
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/14 09:09:02 | 002,806,000 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- D:\PROGRAMS FOLDER\UTILITIES\SECURITY\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Utilities\Security\AVAST\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Utilities\Security\AVAST\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Utilities\Security\AVAST\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/07/27 13:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/07 13:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 13:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\PROGRAMS FOLDER\UTILITIES\MUSIC & VIDEO PROGRAMS\MUSIC FILE PROGRAMS\ZUNE\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\3B.tmp -- (MEMSWEEP2)
DRV - [2010/10/19 23:21:35 | 001,425,280 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010/09/19 07:57:36 | 000,072,808 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- D:\PROGRAMS FOLDER\UTILITIES\SECURITY\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010/09/07 06:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 06:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 06:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 06:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 06:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 06:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/09/05 11:25:22 | 000,041,928 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- D:\PROGRAMS FOLDER\UTILITIES\SECURITY\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2010/09/02 17:11:35 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/05 08:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- D:\PROGRAMS FOLDER\UTILITIES\SECURITY\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2010/01/13 11:18:36 | 001,730,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2009/04/08 13:29:52 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2008/04/14 04:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/13 22:12:02 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2008/01/03 06:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2004/08/13 02:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078081533-1682526488-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1078081533-1682526488-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1078081533-1682526488-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1078081533-1682526488-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 D9 51 3D DF 76 CB 01 [binary data]
IE - HKU\S-1-5-21-1078081533-1682526488-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\Firefox [2010/11/01 11:33:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/01 11:33:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/01 11:33:46 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2008/04/14 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Club Bing Toolbar Helper) - {B771FEA3-2A05-4c21-B1E2-55551A97D520} - C:\Program Files\Club Bing Toolbar Helper\Bmbho.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Club Bing Toolbar) - {719D74AB-1AF9-43A1-8C62-D8750628D93E} - C:\Program Files\Club Bing Toolbar\Toolbar.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Club Bing Toolbar Helper) - {B771FEA3-2A05-4c21-B1E2-55551A97D520} - C:\Program Files\Club Bing Toolbar Helper\Bmbho.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1078081533-1682526488-1417001333-1004\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1078081533-1682526488-1417001333-1004\..\Toolbar\WebBrowser: (Club Bing Toolbar) - {719D74AB-1AF9-43A1-8C62-D8750628D93E} - C:\Program Files\Club Bing Toolbar\Toolbar.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1078081533-1682526488-1417001333-1004\..\Toolbar\WebBrowser: (Club Bing Toolbar Helper) - {B771FEA3-2A05-4C21-B1E2-55551A97D520} - C:\Program Files\Club Bing Toolbar Helper\Bmbho.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [a-squared] D:\PROGRAMS FOLDER\UTILITIES\SECURITY\EMSISOFT ANTI-MALWARE\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avast5] C:\Program Files\Utilities\Security\AVAST\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1682526488-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277687844046 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\DADDY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DADDY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/27 13:57:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/17 13:56:01 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "RDSessMgr"
MsConfig - Services: "ZuneWlanCfgSvc"
MsConfig - Services: "ZuneNetworkSvc"
MsConfig - Services: "WZCSVC"
MsConfig - Services: "WmiApSrv"
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: HDAudDeck - hkey= - key= - C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: itype - hkey= - key= - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - D:\PROGRAMS FOLDER\UTILITIES\VIDEO\VIDEO PLAYERS\QUICKTIME\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: Zune Launcher - hkey= - key= - D:\PROGRAMS FOLDER\UTILITIES\MUSIC & VIDEO PROGRAMS\MUSIC FILE PROGRAMS\ZUNE\ZuneLauncher.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.avis - C:\WINDOWS\System32\ff_acm.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (5319471614918656)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/04 14:10:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DADDY\Desktop\OTL.exe
[2010/11/29 16:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DADDY\Local Settings\Application Data\Temp
[2010/11/29 16:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/29 16:54:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/26 23:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DADDY\My Documents\Anti-Malware
[2010/11/24 16:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DADDY\Desktop\TODAYS RECIPES
[2010/11/22 13:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/22 12:51:19 | 003,024,056 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\DADDY\Desktop\dfsetup200.exe
[2010/11/22 12:50:25 | 002,421,128 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\DADDY\Desktop\rcsetup138.exe
[2010/11/19 20:38:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DADDY\Desktop\New Folder
[2010/11/09 14:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/11/08 23:49:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\DADDY\Recent
[2010/11/08 23:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DADDY\My Documents\The KMPlayer
[2010/10/19 18:26:54 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2010/10/19 18:26:54 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/04 14:10:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DADDY\Desktop\OTL.exe
[2010/12/04 13:35:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/03 21:40:55 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Speccy.lnk
[2010/12/03 18:00:27 | 005,795,622 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\VIZIO - E370VL Manual - Final2.pdf
[2010/12/01 22:45:18 | 000,000,332 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\How do I get hidden images and downloads off my computer - Computers -PCs, laptops, hardware, software - Page 2 - City-Data Forum.url
[2010/12/01 19:42:17 | 000,000,358 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Comp Freezes, System Notifications, HJThis Log (2).url
[2010/11/30 23:24:21 | 001,950,160 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\ImgBurn - Guide - Settings.pdf
[2010/11/30 23:18:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/30 23:16:12 | 000,000,288 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Uninstall problem - THE DAEMON TOOLS FORUM.url
[2010/11/30 21:32:38 | 000,000,267 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Crime and Punishment - Wikipedia, the free encyclopedia.url
[2010/11/30 18:46:38 | 000,001,240 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\ImgBurn.lnk
[2010/11/30 18:38:27 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Conscious Vibes Principle of Least Privilege.url
[2010/11/30 18:07:23 | 001,566,576 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\SetupVirtualCloneDrive5440.exe
[2010/11/30 14:50:35 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Google Earth Google Earth Download.url
[2010/11/29 17:56:09 | 000,099,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/29 17:46:32 | 000,481,330 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/29 17:46:32 | 000,079,278 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/29 17:44:49 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/29 17:33:20 | 000,004,332 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\1143845875.htm
[2010/11/29 16:57:40 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\DADDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Reader X.lnk
[2010/11/28 14:48:39 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\psychapa.doc
[2010/11/27 21:23:58 | 000,001,563 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Startup Programs Database.url
[2010/11/26 23:18:56 | 000,000,842 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2010/11/26 13:08:36 | 001,514,229 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\InternetSafety.pdf
[2010/11/25 15:06:31 | 000,005,723 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Stuffing Recipes – Homemade Recipes for Turkey Stuffing - Delish.com.url
[2010/11/25 14:52:29 | 000,003,091 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Recycle Letter.rtf
[2010/11/25 12:43:04 | 000,000,156 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\RECYCLING LETTER.rtf
[2010/11/24 16:02:32 | 000,004,221 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Vegetable-Herb Stuffing - Thanksgiving Recipes - Delish.com.url
[2010/11/22 13:25:20 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/22 12:51:30 | 003,024,056 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\DADDY\Desktop\dfsetup200.exe
[2010/11/22 12:50:33 | 002,421,128 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\DADDY\Desktop\rcsetup138.exe
[2010/11/15 16:07:52 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\RECENT FILES.lnk
[2010/11/15 00:41:13 | 000,000,426 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Shortcut to Thomas.lnk
[2010/11/14 16:53:42 | 000,012,249 | ---- | M] () -- C:\WINDOWS\xnview.ini
[2010/11/10 00:26:27 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\What’s My Line (1950) - Free Movies, Watch TV online - Retrovision.tv.url
[2010/11/09 15:25:33 | 000,000,683 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\How to Boost Your BitTorrent Speed and Privacy.url
[2010/11/09 15:22:17 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\DADDY\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/11/08 22:39:25 | 000,148,992 | ---- | M] () -- C:\Documents and Settings\DADDY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/07 14:27:50 | 000,000,273 | ---- | M] () -- C:\Documents and Settings\DADDY\Desktop\Sign In.url
[2010/11/07 12:06:03 | 000,001,515 | ---- | M] () -- C:\Documents and Settings\DADDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Paint.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/03 21:40:55 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\Speccy.lnk
[2010/12/03 18:00:27 | 005,795,622 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\VIZIO - E370VL Manual - Final2.pdf
[2010/12/01 22:45:18 | 000,000,332 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\How do I get hidden images and downloads off my computer - Computers -PCs, laptops, hardware, software - Page 2 - City-Data Forum.url
[2010/12/01 19:42:17 | 000,000,358 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\Comp Freezes, System Notifications, HJThis Log (2).url
[2010/11/30 23:24:21 | 001,950,160 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\ImgBurn - Guide - Settings.pdf
[2010/11/30 23:16:12 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\Uninstall problem - THE DAEMON TOOLS FORUM.url
[2010/11/30 21:32:38 | 000,000,267 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\Crime and Punishment - Wikipedia, the free encyclopedia.url
[2010/11/30 18:46:38 | 000,001,240 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\ImgBurn.lnk
[2010/11/30 18:38:27 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\Conscious Vibes Principle of Least Privilege.url
[2010/11/30 18:07:08 | 001,566,576 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\SetupVirtualCloneDrive5440.exe
[2010/11/30 14:50:35 | 000,000,247 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\Google Earth Google Earth Download.url
[2010/11/29 17:43:00 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/11/29 17:33:20 | 000,004,332 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\1143845875.htm
[2010/11/29 16:57:40 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\DADDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Reader X.lnk
[2010/11/28 14:48:39 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\psychapa.doc
[2010/11/27 21:23:58 | 000,001,563 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\Startup Programs Database.url
[2010/11/26 23:18:56 | 000,000,842 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2010/11/26 13:08:32 | 001,514,229 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\InternetSafety.pdf
[2010/11/25 14:52:29 | 000,003,091 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\Recycle Letter.rtf
[2010/11/25 12:43:04 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\RECYCLING LETTER.rtf
[2010/11/22 13:25:20 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/18 18:13:21 | 000,005,723 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\Stuffing Recipes – Homemade Recipes for Turkey Stuffing - Delish.com.url
[2010/11/18 18:13:08 | 000,004,221 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\Vegetable-Herb Stuffing - Thanksgiving Recipes - Delish.com.url
[2010/11/15 16:07:52 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\RECENT FILES.lnk
[2010/11/14 20:40:13 | 000,000,426 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\Shortcut to Thomas.lnk
[2010/11/14 13:08:25 | 000,012,249 | ---- | C] () -- C:\WINDOWS\xnview.ini
[2010/11/10 00:26:27 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\What’s My Line (1950) - Free Movies, Watch TV online - Retrovision.tv.url
[2010/11/09 15:22:17 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\DADDY\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/11/08 21:46:32 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\DADDY\Desktop\How to Boost Your BitTorrent Speed and Privacy.url
[2010/11/07 12:06:03 | 000,001,515 | ---- | C] () -- C:\Documents and Settings\DADDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Paint.lnk
[2010/10/19 23:28:01 | 000,137,760 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/19 23:22:20 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/07/26 19:36:00 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\DADDY\Application Data\burnaware.ini
[2010/06/28 22:44:28 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/28 20:42:22 | 000,148,992 | ---- | C] () -- C:\Documents and Settings\DADDY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/27 16:50:29 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4935.dll
[2010/06/27 16:44:56 | 000,013,004 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/06/27 16:44:56 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/06/27 16:44:49 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/06/27 06:39:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2010/07/10 14:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/09/02 17:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/07/04 20:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DADDY\Application Data\Ashampoo
[2010/09/02 17:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DADDY\Application Data\DAEMON Tools Lite
[2010/08/24 12:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DADDY\Application Data\foobar2000
[2010/08/31 22:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DADDY\Application Data\HamsterSoft
[2010/10/19 12:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DADDY\Application Data\SoundSpectrum
[2010/10/26 10:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DADDY\Application Data\Uniblue
[2010/11/09 23:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DADDY\Application Data\uTorrent
[2010/11/10 20:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DADDY\Application Data\XnView
[2010/11/14 13:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMY\Application Data\XnView

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/06/27 06:36:47 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/06/27 06:36:47 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/06/27 06:36:47 | 000,921,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2010/06/27 13:57:48 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/10/26 10:34:05 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2010/06/27 13:57:48 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/06/27 13:57:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/27 13:57:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 04:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/12/04 13:35:36 | 4290,772,992 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< >

< >

< End of report >
==========================================
==========================================
OTL Extras logfile created on: 12/4/2010 2:12:08 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\DADDY\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 6.74 Gb Free Space | 19.72% Space Free | Partition Type: NTFS
Drive D: | 448.66 Gb Total Space | 109.86 Gb Free Space | 24.49% Space Free | Partition Type: NTFS
Drive E: | 448.66 Gb Total Space | 447.93 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Drive F: | 298.08 Gb Total Space | 175.42 Gb Free Space | 58.85% Space Free | Partition Type: NTFS
Drive G: | 3.94 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOODFAMILY | User Name: DADDY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with XnView] -- Reg Error: Key error.
Directory [explore] -- C:\WINDOWS\explorer.exe "%1" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OPEN_WIDE] -- C:\WINDOWS\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Utilities\Security\AVG\AVG9\avgui.exe" = C:\Program Files\Utilities\Security\AVG\AVG9\avgui.exe:*:Enabled:AVG Free User Interface -- File not found
"D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\7-Zip\7zFM.exe" = D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\7-Zip\7zFM.exe:*:Disabled:7-Zip File Manager -- (Igor Pavlov)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Utilities\Security\AVG\AVG9\avgtray.exe" = C:\Program Files\Utilities\Security\AVG\AVG9\avgtray.exe:*:Disabled:AVG Free Tray Icon -- File not found
"F:\Program Files\File Sharing Programs\uTorrent.exe" = F:\Program Files\File Sharing Programs\uTorrent.exe:*:Disabled:µTorrent -- (BitTorrent, Inc.)
"D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\UTORRENT\uTorrent.exe" = D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\UTORRENT\uTorrent.exe:*:Enabled:µTorrent -- File not found
"D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\U-TORRENT\uTorrent.exe" = D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\U-TORRENT\uTorrent.exe:*:Enabled:µTorrent -- File not found
"D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\U-TORRENT 2.0.2\uTorrent 2.0.2..exe" = D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\U-TORRENT 2.0.2\uTorrent 2.0.2..exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\UTORRENT 1.8.2\uTorrent 1.8.2..exe" = D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\UTORRENT 1.8.2\uTorrent 1.8.2..exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\uTorrent 2.0.4\uTorrent.exe" = D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\uTorrent 2.0.4\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{02EE107B-8D95-4949-8935-4DEBE8F08BE3}" = Bing Bar Platform
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4D777040-B426-44F8-8AA5-4EA26C38ECAE}" = Club Bing Toolbar Helper
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A35B36EA-39FE-4AA8-8119-D66B060C9E72}" = Club Bing Toolbar
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{ADD72094-D289-4714-A62E-70574478A2BC}" = System Requirements Lab for Intel
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast5" = avast! Free Antivirus
"BurnAware Free_is1" = BurnAware Free 3.0.1
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"ClubBingToolbar" = Club Bing Toolbar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cool Timer_is1" = Cool Timer 3.6
"CSCLIB" = Canon Camera Support Core Library
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.0
"EOS Utility" = Canon Utilities EOS Utility
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"File Renamer - Basic" = File Renamer - Basic
"foobar2000" = foobar2000 v1.0.3
"G-Force" = G-Force
"Hamster Free Video Converter_is1" = HamsterFreeVideoConverter
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"Speccy" = Speccy
"TagScanner_is1" = TagScanner 5.1 build 571
"The KMPlayer" = The KMPlayer (remove only)
"Unlocker" = Unlocker 1.9.0
"uTorrent" = µTorrent
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XnView_is1" = XnView 1.97.6
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1078081533-1682526488-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/4/2010 5:47:56 AM | Computer Name = HOODFAMILY | Source = WPDMTPDriver | ID = 80836
Description =

Error - 10/12/2010 9:34:00 PM | Computer Name = HOODFAMILY | Source = Windows Product Activation | ID = 1012
Description = Due to hardware changes on this computer, you will need to reactivate
your Windows product.

Error - 10/13/2010 8:10:06 PM | Computer Name = HOODFAMILY | Source = WPDMTPDriver | ID = 80836
Description =

Error - 10/15/2010 5:51:35 AM | Computer Name = HOODFAMILY | Source = WPDMTPDriver | ID = 80836
Description =

Error - 10/22/2010 8:51:35 AM | Computer Name = HOODFAMILY | Source = WPDMTPDriver | ID = 80836
Description =

Error - 11/3/2010 5:43:23 PM | Computer Name = HOODFAMILY | Source = WPDMTPDriver | ID = 80836
Description =

Error - 11/4/2010 8:25:08 PM | Computer Name = HOODFAMILY | Source = WPDMTPDriver | ID = 80836
Description =

Error - 11/29/2010 9:56:30 PM | Computer Name = HOODFAMILY | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 12/1/2010 12:16:24 AM | Computer Name = HOODFAMILY | Source = WPDMTPDriver | ID = 80836
Description =

[ System Events ]
Error - 10/12/2010 9:43:35 PM | Computer Name = HOODFAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 10/12/2010 10:08:15 PM | Computer Name = HOODFAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 10/13/2010 10:20:06 AM | Computer Name = HOODFAMILY | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 71.156.65.64 on
the Network Card with network address 002215C3F052.

Error - 10/13/2010 10:21:01 AM | Computer Name = HOODFAMILY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 002215C3F052 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/13/2010 7:05:00 PM | Computer Name = HOODFAMILY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 002215C3F052 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/18/2010 5:32:05 PM | Computer Name = HOODFAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 10/18/2010 5:32:06 PM | Computer Name = HOODFAMILY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 002215C3F052 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/19/2010 3:52:36 PM | Computer Name = HOODFAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 10/19/2010 3:52:37 PM | Computer Name = HOODFAMILY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 002215C3F052 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/19/2010 8:38:58 PM | Computer Name = HOODFAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

< End of report >
==========================================
==========================================

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-04 14:54:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 WDC_WD1002FAEX-00Z3A0 rev.05.01D05
Running: gmer.exe; Driver: C:\DOCUME~1\DADDY\LOCALS~1\Temp\kwdiafob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA8D6ECF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xA8D6EBAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xA8D6F160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xA8D6F08A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA8D6E782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xA8D6EC86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA8D6E6C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA8D6E726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA8D6EDA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA8D6F22E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA8D6ED66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xA8D6EEE6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA8D7BBAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA8D7B9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA8D7BB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP A8D7BB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP A8D7B9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP A8D775D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP A8D78FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP A8D7BBB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [75, 71] {JNZ 0x73}
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [7B, 71] {JNP 0x73}
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [72, 71] {JB 0x73}
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [78, 71] {JS 0x73}
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B10001
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71850F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71820F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 71880F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 718E0F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 718B0F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] USER32.dll!SendInput + 4 7E42F144 2 Bytes [93, 71]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71910F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 719A0F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71970F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A00F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 719D0F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71A30F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 71A90F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1260] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 71A60F5A
.text C:\Program Files\Utilities\Security\AVAST\AvastSvc.exe[1464] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\Documents and Settings\DADDY\Desktop\gmer\gmer.exe[1508] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00970001
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ws2_32.dll!WSALookupServiceNextW 00E63181 6 Bytes JMP 71760F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ws2_32.dll!WSALookupServiceEnd 00E6350E 6 Bytes JMP 71820F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ws2_32.dll!WSALookupServiceBeginW 00E635EF 6 Bytes JMP 71790F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ws2_32.dll!connect 00E64A07 6 Bytes JMP 717F0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2604] ws2_32.dll!listen 00E68CD3 6 Bytes JMP 717C0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00970001
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!getaddrinfo 023F2A6F 5 Bytes JMP 46CB3704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!WSALookupServiceNextW 023F3181 6 Bytes JMP 71790F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!WSALookupServiceEnd 023F350E 6 Bytes JMP 71820F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!WSALookupServiceBeginW 023F35EF 6 Bytes JMP 717C0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!closesocket 023F3E2B 5 Bytes JMP 46CB41DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!socket 023F4211 3 Bytes JMP 46CB354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!socket + 4 023F4215 1 Byte [44]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!connect 023F4A07 3 Bytes JMP 46CB35DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!connect + 4 023F4A0B 2 Bytes [44, CC] {INC ESP; INT 3 }
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!send 023F4C27 3 Bytes JMP 46CB3B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!send + 4 023F4C2B 1 Byte [44]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!recv 023F676F 3 Bytes JMP 46CB4549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!recv + 4 023F6773 1 Byte [44]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2640] ws2_32.dll!listen 023F8CD3 6 Bytes JMP 717F0F5A
.text C:\WINDOWS\Explorer.EXE[2976] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\Explorer.EXE[2976] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2976] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\WINDOWS\Explorer.EXE[2976] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2976] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\WINDOWS\Explorer.EXE[2976] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2976] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\WINDOWS\Explorer.EXE[2976] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2976] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\WINDOWS\Explorer.EXE[2976] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2976] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\WINDOWS\Explorer.EXE[2976] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CA0001
.text C:\WINDOWS\Explorer.EXE[2976] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\WINDOWS\Explorer.EXE[2976] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\WINDOWS\Explorer.EXE[2976] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\WINDOWS\Explorer.EXE[2976] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\WINDOWS\Explorer.EXE[2976] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\WINDOWS\Explorer.EXE[2976] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2976] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\WINDOWS\Explorer.EXE[2976] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\WINDOWS\Explorer.EXE[2976] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\WINDOWS\Explorer.EXE[2976] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\Explorer.EXE[2976] WS2_32.dll!WSALookupServiceNextW 02353181 6 Bytes JMP 71790F5A
.text C:\WINDOWS\Explorer.EXE[2976] WS2_32.dll!WSALookupServiceEnd 0235350E 6 Bytes JMP 71760F5A
.text C:\WINDOWS\Explorer.EXE[2976] WS2_32.dll!WSALookupServiceBeginW 023535EF 6 Bytes JMP 717C0F5A
.text C:\WINDOWS\Explorer.EXE[2976] WS2_32.dll!connect 02354A07 6 Bytes JMP 71820F5A
.text C:\WINDOWS\Explorer.EXE[2976] WS2_32.dll!listen 02358CD3 6 Bytes JMP 717F0F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [74, 71] {JZ 0x73}
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [7A, 71] {JP 0x73}
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [71, 71] {JNO 0x73}
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [77, 71] {JA 0x73}
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [7D, 71] {JGE 0x73}
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01060001
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 719F0F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 719C0F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71A20F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 71A80F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 71A50F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71840F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71810F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 71870F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 718D0F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 718A0F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] USER32.dll!SendInput + 4 7E42F144 2 Bytes [92, 71]
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71900F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71990F5A
.text C:\PROGRA~1\UTILIT~1\Security\AVAST\avastUI.exe[3096] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71960F5A
.text C:\WINDOWS\system32\hkcmd.exe[3236] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\hkcmd.exe[3236] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3236] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\hkcmd.exe[3236] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3236] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\hkcmd.exe[3236] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3236] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\WINDOWS\system32\hkcmd.exe[3236] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3236] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\hkcmd.exe[3236] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3236] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\WINDOWS\system32\hkcmd.exe[3236] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A80001
.text C:\WINDOWS\system32\hkcmd.exe[3236] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\WINDOWS\system32\hkcmd.exe[3236] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\WINDOWS\system32\hkcmd.exe[3236] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\WINDOWS\system32\hkcmd.exe[3236] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3236] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\hkcmd.exe[3236] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\WINDOWS\system32\hkcmd.exe[3236] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\WINDOWS\system32\hkcmd.exe[3236] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\hkcmd.exe[3236] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\WINDOWS\system32\hkcmd.exe[3236] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\WINDOWS\system32\igfxpers.exe[3332] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\igfxpers.exe[3332] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3332] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\igfxpers.exe[3332] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3332] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\igfxpers.exe[3332] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3332] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\WINDOWS\system32\igfxpers.exe[3332] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3332] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\igfxpers.exe[3332] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3332] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\WINDOWS\system32\igfxpers.exe[3332] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text C:\WINDOWS\system32\igfxpers.exe[3332] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\WINDOWS\system32\igfxpers.exe[3332] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\WINDOWS\system32\igfxpers.exe[3332] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\WINDOWS\system32\igfxpers.exe[3332] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3332] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\igfxpers.exe[3332] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\WINDOWS\system32\igfxpers.exe[3332] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\WINDOWS\system32\igfxpers.exe[3332] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\igfxpers.exe[3332] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\WINDOWS\system32\igfxpers.exe[3332] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3356] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00960001
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] WS2_32.dll!WSALookupServiceNextW 01043181 6 Bytes JMP 717C0F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] WS2_32.dll!WSALookupServiceEnd 0104350E 6 Bytes JMP 71790F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] WS2_32.dll!WSALookupServiceBeginW 010435EF 6 Bytes JMP 717F0F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] WS2_32.dll!connect 01044A07 6 Bytes JMP 71760F5A
.text C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe[3380] WS2_32.dll!listen 01048CD3 6 Bytes JMP 71820F5A

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\WudfRd \Device\UMDFCtrlDev-7b5d2830-ffee-11df-97cc-002215c3f052 A6EF5156

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x81 0x52 0xED 0x4F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7F 0x96 0x85 0x2F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEF 0x33 0x03 0x13 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\PROGRAMS FOLDER\UTILITIES\FILE UTILITIES\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x81 0x52 0xED 0x4F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7F 0x96 0x85 0x2F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEF 0x33 0x03 0x13 ...

---- EOF - GMER 1.0.15 ----

====================================
====================================

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:25 on 04/12/2010 (DADDY)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled

-=E.O.F=-

=================

Thanks again

#5 etavares

Bleepin' Remover

Malware Response Team
15,514 posts
OFFLINE

Gender:Male
Local time:04:54 AM

Posted 05 December 2010 - 11:56 AM

Hello, Tuberocity.

I would still recommend to uninstall Emi-Soft and just use Avast. Antiviruses often conflict, even when they claim it is ok to run side by side. I will leave that choice up to you.

This may not be malware related, I'm not seeing much at first glance. Is your computer running hot?

You were infected at one point, although Emi-soft got an file in your system restore that was not active.

Please tell me more about this:

Also for many months, I have been getting system notifications many times a day by way of the baloon.wav

P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.

Registry Cleaner Warning

I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578&#entry1326578

Step 1

Do you know what this HTML file is?

C:\Documents and Settings\DADDY\Desktop\1143845875.htm

Step 2

Please launch MBAM, update it first, then run a quick scan and post the resulting log here.

Step 3

Scan With RKUnHooker

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.
Click the Report tab, then click Scan.
Check Drivers, Stealth, and uncheck the rest.
Click OK.
Wait until it's finished and then go to File > Save Report.
Save the report to your Desktop.
Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

etavares

#6 Tuberocity

Topic Starter

Members
22 posts
OFFLINE

Gender:Male
Location:SO CAL
Local time:01:54 AM

Posted 05 December 2010 - 05:11 PM

Hi etavares, in regards to the baloon.wav. It, as far as I know, is connected with only the system notification, and no other process. I was getting this daily multiple times, but have not heard it in the last few weeks since installing Emsisoft.

As to the restore file Emsisoft removed, it also reinstalled it? Emsissoft updated itself, and through a pop up said it had missidentified the file as infected, and did I want to restore the file. I clicked yes as it said the file was fine. If it is a restore file, I have no need of it, and if I had thought for a second, I would not have restored it.

The link Explorer 1143845875 is simply a Microsoft request - Question from myself for information on why I was being offered updates for Office 2003 when I do not have Office installed on my computer. They said because I had the Microsoft free office Word doc. reader installed, I should install the updates, and let them know if there are any problems. I got the email yesterday, and will not install anything until we are done here, unless you specify it ok to do so?

I know P2P is dangerous, and am taking risks when using, but I take as many precations as I can by running varrious programs, online & and off. I don't use P2P daily by any means, maybe 1 - 4 times a month.

Regarding CCleaner, I always use the back up registry option, and actually did have Erunt on the previous install so would have two backups of the registry if needed. Since the new install, as you know, I have not reinstalled yet, but will do so.

As to RKUnhooker, I downloaded from the first 2 links mentioned, and got the same result ( 02 Error loading data file & same on zipped file from second link listed ) so was unable to get a log from it. I looked on the net for another download, and saw some flaming - very bad review of this program so will wait for your instruction on this.

Ran MBAM, and here is the log. It did find something, but may just be that I have auto updates turned off, but then again, it may be nefarious in nature. I look forward to waht you have to say, and thanks again. Tom

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5214

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/5/2010 1:08:17 PM
mbam-log-2010-12-05 (13-08-05).txt

Scan type: Quick scan
Objects scanned: 153714
Time elapsed: 6 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 Tuberocity

Topic Starter

Members
22 posts
OFFLINE

Gender:Male
Location:SO CAL
Local time:01:54 AM

Posted 05 December 2010 - 05:15 PM

Security center says my firewall is on, antivirus on, auto updates off.

#8 etavares

Bleepin' Remover

Malware Response Team
15,514 posts
OFFLINE

Gender:Male
Local time:04:54 AM

Posted 06 December 2010 - 07:17 PM

Hello, Tuberocity.

We'll run another antivirus scan that will detect if it should have been removed or not. Not super critical unless you do a System Restore.

Thanks for the other info.

CCLeaner does back up the registry...but if you can't boot, you can't easily restore. That is where ERUNT comes in handy.

RKU is a legitmate program, but like all software, it can be faked online. Best to note download it from links I don't directly provide.

The MBAM would detect your update setting as malware...keeping your system up to date is critical. Not doing so means that known holes in your system are not patched, rendering you much more subsceptible to viruses.

I'm not seeing much, so Emi-soft may have solved a lot.

Please do NOT check remove found threads with the below instructions:

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

etavares

#9 Tuberocity

Topic Starter

Members
22 posts
OFFLINE

Gender:Male
Location:SO CAL
Local time:01:54 AM

Posted 07 December 2010 - 07:46 PM

Hi again etavares, lol I ran ESET while waiting for a reply on BleepingComputer, and it came up with no threats found, but I ran it again as you suggested, but left the remove threats checked, so had to restart. lol luckily it was only at 7% so no big deal. ESET, as was the case last time I ran it, found nothing, so no log.

I have reinstalled ERUNT also, been meaning to do that, thanks for the reminder.

I read up a lot before seeking help on BleepingComputer, and ran numerous good scans, such as ESET, and always read reviews and recomendations before running or loading anything.

I'm thinking it may be a system glitch somewhere, overheating maybe, as you stated, mouse driver possibly, 2 drivers each are loaded for both mouse and keyboard by the way. That was going to be my next avenue, disable one each, of the drivers. Who knows, any more ideas are welcome.

I am leaning toward overheating, I wrote most of this before logging on, and the computer has froze 3 times today. I have the computer situated in an area under my desk, and if it is pushed back, the power supply fan is blocked. Also, I am missing 2 front false, face covers which could affect air flow also. However I have run computers with the sides off for years as I was constantly changing, adding etc, and it had no ill affect. The power fan being blocked is another story. I will watch that closely, seel up the front with tape until I can find the pieces that go in there. Thanks again, Tom

#10 etavares

Bleepin' Remover

Malware Response Team
15,514 posts
OFFLINE

Gender:Male
Local time:04:54 AM

Posted 08 December 2010 - 07:28 PM

Hello, Tuberocity.

I do believe it may be hardware. I can help you determine the temperature if you need. If there's more spot for air to get through, that can help, so I don't know if it is that. It could also be a failing power supplier, RAM, etc. Let's run Combofix to be sure since you were infected at the start of all this.

Next, please download ComboFix from one of these locations:

* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on etavaresCF.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares

#11 Tuberocity

Topic Starter

Members
22 posts
OFFLINE

Gender:Male
Location:SO CAL
Local time:01:54 AM

Posted 09 December 2010 - 09:26 PM

Hi etavares, lol, as I said earlier, I usually investigate anything I install on my computer, and when you asked me to save the ComboFix file as etavares.exe I researched it, and that name came up as very bad malware? So, I'm sitting here, MR. Paranoid, wondering weather to do as you instructed? lol I didn't have any virus at the beginning of this, Emsissoft found a problem in a restore file, but then said it had been wrong in it's tagging that file as malware or a virus, and it asked me if I wanted to reinstall it, and I did. As I said before, had I thought about it, I probably wouldn't have as I have no need of the file, so better safe than sorry. eta=estimated time of arrival, va=Virginia, res=resident, and all together=etavares.
lol, see how my mind works? hehe Anyway, if we need to run Combofix, I am not against it, but I also read it can cause real problems for the uninitiated, but as I understand it, Combofix creates a log, and then I/we would have to break it down, and do the damage, or hopefully undamage in my case. If that is so, I wonder why anyone would have a problem with it, don't touch things you are not familiar with, and that log is just a log! Can you tell me why you want me to name it etavares.exe, and why did you name yourself after malware? hehe Also, I read up on the MS Recovery Console, and MS stated it can be run anytime from my XP disc, and that it wasn't critical it be installed before I might have need of it? There are two people on this computer, and I would not want the other to accidentaly boot to it, or start it, and really screw everything up. Thanks again, Tom

#12 etavares

Bleepin' Remover

Malware Response Team
15,514 posts
OFFLINE

Gender:Male
Local time:04:54 AM

Posted 11 December 2010 - 08:43 AM

Hello, Tuberocity.

That file is legitimate and hosted here at BC. Antiviruses often detect our removal tools as malware since we do things viruses do to remove them and/or any leftovers. I want to run it to fully rule out malware as the cause of the problems. This is an invasive scan. e.It g. will remove files/registry settings (versus OTL or DDS that just scan and don't touch a thing) that are known bad and occasionally remove legitimate entries we can restore. The act of renaming it does not change anything.

We prefer the recovery console to be installed as not everyone has a windows CD or remembers where they keep it. You can boot up from the CD so that is okay in this case.

If you want to skip this step, we can assume it is hardware and start going down that path. We just can't fully rule out malware. I am ok with either way...I did debate if we should do this step or not, but I can't rule out malware without it.

etavares

#13 Tuberocity

Topic Starter

Members
22 posts
OFFLINE

Gender:Male
Location:SO CAL
Local time:01:54 AM

Posted 12 December 2010 - 04:02 PM

Helloooooooo ( Sienfeld ) Lots Of Laughs; anyway I downloaded the file from bleeping computer, and have read up on it
a bit more. I now see the reason for many avenues of recovering information ComboFix may destroy. I also feel better about running it as ComboFix states it stops your internet connection. I was wondering about stopping the antivirus, and firewal while running this program, and being connected to the internet with no protection! That solved, I will run it for the heck of it, as you say, I don't thinks it's malware either, but only one way to find out; Run a lot of antivirus - antimalware until we're certain. Very busy, give me a day or two, and I'll send the log, and thanks again for your time. Tom

#14 etavares

Bleepin' Remover

Malware Response Team
15,514 posts
OFFLINE

Gender:Male
Local time:04:54 AM

Posted 13 December 2010 - 06:19 PM

Hello, Tuberocity.

Newman!

No need to run it if you don't want to. I got tired of people asking for more scans/fixes at this point when I don't offer it so I have been lately. It usually makes people feel better to do an exhaustive clean, and we can always fix anything if CF deletes something it shouldn't. But, there's no indications to run it. So, it's completely up to you. If you feel satisfied it's hardware, then we can clean up and I'll refer you to another subforum with people better able to help with non-malware issues.

etavares