Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Serious malware / rootkit infection. Erratic software/hardware behavior.


  • Please log in to reply
8 replies to this topic

#1 Welttraveler

Welttraveler

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 16 January 2011 - 12:25 PM

I was attacked by a TDSS rootkit which disabled Avast including its self-defense mode. Malware scanners were put out of action and Google was redirected. Have done some cleaning, but Windows Defender reports suspicious drivers and some hardware is not responding in an expected manner. TDSSKILLER has removed a forged file. Ran several diagnostic applications referenced in your malware semoval section but am unable to determine what needs to be fixed.
Gmer reports missing files
Recent Windows Defender events: driver Normandy, kftdrprog, fsbl-standalone avastTestService, service: klmd25, driver:klmd25, system32 drivers etc hosts, system33 E6BDA\0B.exe,
Rootkit Unhooker reports possible rootkit activity detected. aswSP.SYS hooked
Ran: MalwareBytes – no problem
Avast boot scan – no problem
Spyware Terminator – no problem
iOBit360 – no problem
SuperAntiSpyware – no problem
Spybot SD – no problem
TrendMicro Housecall – no problem
F-Secure online scanner – no problem
HitmanPro found and removed some trojans.
DVD-Rom will not load DVD, but will do so upon startup. (Sometimes)
USB DVD player/recorder works fine.
It appears these demons are hiding themselves well.
Please advise what scans are needed in order to assess and alleviate this problem.
Windows XP Home Sp 3
Thanks in advance

Here are my logs:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/28/2009 6:04:50 AM
System Uptime: 1/16/2011 10:14:10 AM (2 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | M61SME-S2
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4000+ | Socket M2 | 2109/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 43.616 GiB free.
D: is FIXED (NTFS) - 74 GiB total, 33.076 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP880: 1/1/2011 9:29:39 PM - Restore Operation
RP881: 1/1/2011 9:52:39 PM - Restore Operation
RP882: 1/1/2011 9:57:18 PM - Restore Operation
RP883: 1/1/2011 10:43:44 PM - Software Distribution Service 3.0
RP884: 1/1/2011 11:34:33 PM - Installed Adobe Reader X.
RP885: 1/2/2011 2:23:15 PM - before divx 2212
RP886: 1/2/2011 4:18:17 PM - before directx update
RP887: 1/2/2011 5:31:42 PM - Installed DirectX
RP888: 1/3/2011 5:40:37 PM - System Checkpoint
RP889: 1/4/2011 7:12:50 AM - Spyware Terminator - restore point
RP890: 1/4/2011 12:36:09 PM - before nvidia
RP891: 1/4/2011 5:32:55 PM - Software Distribution Service 3.0
RP892: 1/5/2011 9:30:27 AM - Revo Uninstaller's restore point - Adobe Reader 9.3.4
RP893: 1/5/2011 9:35:13 AM - Revo Uninstaller's restore point - Adobe AIR
RP894: 1/5/2011 9:58:50 AM - Removed Spelling Dictionaries Support For Adobe Reader 9.
RP895: 1/5/2011 10:14:32 AM - before removal of adobe 8
RP896: 1/5/2011 10:16:14 AM - Revo Uninstaller's restore point - Adobe Reader 9.3.4
RP897: 1/5/2011 10:28:11 AM - Removed Adobe Reader X.
RP898: 1/5/2011 12:06:07 PM - Revo Uninstaller's restore point - Adobe Download Manager
RP899: 1/5/2011 1:48:47 PM - Installed %1 %2.
RP900: 1/5/2011 1:52:38 PM - Installed %1 %2.
RP901: 1/5/2011 1:56:05 PM - Installed %1 %2.
RP902: 1/5/2011 2:04:42 PM - Installed %1 %2.
RP903: 1/5/2011 2:53:51 PM - avast! Free Antivirus Setup
RP904: 1/5/2011 2:58:15 PM - avast! Free Antivirus Setup
RP905: 1/5/2011 3:12:44 PM - Installed %1 %2.
RP906: 1/5/2011 3:30:13 PM - Installed %1 %2.
RP907: 1/5/2011 4:36:36 PM - Restore Operation
RP908: 1/5/2011 5:11:19 PM - before avast remove and reinstall
RP909: 1/5/2011 5:11:42 PM - avast! Free Antivirus Setup
RP910: 1/5/2011 5:21:38 PM - avast! Free Antivirus Setup
RP911: 1/5/2011 5:42:08 PM - Removed Adobe Reader X.
RP912: 1/5/2011 5:50:09 PM - Installed Adobe Reader X.
RP913: 1/5/2011 7:47:52 PM - before powerdvd patch
RP914: 1/6/2011 10:11:59 AM - before decoder checkup utility
RP915: 1/7/2011 8:49:42 AM - before divx uninstall
RP916: 1/7/2011 11:10:12 AM - before power dvd uninstall reinstall
RP917: 1/7/2011 12:05:58 PM - Restore Operation
RP918: 1/7/2011 12:36:33 PM - Revo Uninstaller's restore point - PowerDVD
RP919: 1/7/2011 12:37:50 PM - Revo Uninstaller's restore point - PowerDVD
RP920: 1/7/2011 1:43:17 PM - Restore Operation
RP921: 1/7/2011 2:03:31 PM - Revo Uninstaller's restore point - PowerDVD
RP922: 1/7/2011 3:52:58 PM - before windows nvidia update
RP923: 1/7/2011 3:53:44 PM - Software Distribution Service 3.0
RP924: 1/7/2011 4:00:18 PM - Restore Operation
RP925: 1/8/2011 10:54:08 AM - before codec checker
RP926: 1/8/2011 4:20:03 PM - before avicodec
RP927: 1/9/2011 8:20:48 PM - System Checkpoint
RP928: 1/10/2011 4:30:25 PM - before windvd
RP929: 1/11/2011 1:15:12 PM - Spyware Terminator - restore point
RP930: 1/12/2011 2:25:03 PM - Software Distribution Service 3.0
RP931: 1/12/2011 8:03:21 PM - before defender
RP932: 1/12/2011 8:04:55 PM - Installed Windows Defender
RP933: 1/12/2011 8:05:29 PM - Software Distribution Service 3.0
RP934: 1/13/2011 11:50:19 AM - before system files protection
RP935: 1/13/2011 11:51:09 AM - Installed %1 %2.
RP936: 1/14/2011 7:42:42 AM - Software Distribution Service 3.0
RP937: 1/14/2011 11:37:24 AM - error fix
RP938: 1/14/2011 12:36:46 PM - Revo Uninstaller's restore point - Print Screen Replacement 2.0.1.2
RP939: 1/15/2011 10:30:09 AM - before hitman pro virus
RP940: 1/16/2011 11:31:44 AM - System Checkpoint

==== Installed Programs ======================

Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.4
Adobe Reader X
ALPass
ALTools Update
ALZip
AnyDVD
AOL Email Toolbar
Apple Application Support
Apple Software Update
Auslogics Disk Defrag
AutumnLeaves
avast! Free Antivirus
AVIcodec (remove only)
bitRipper
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon iP2600 series
Canon MovieEdit Task for ZoomBrowser EX
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
CCleaner
Compatibility Pack for the 2007 Office system
CreataCard Plus 2
Creative DVD Audio Plugin for Audigy Series
DS Clock
DVD Audio Extractor 4.1.1
DVD Decrypter (Remove Only)
DVD Flick 1.3.0.7
DVD Shrink 3.2
DVDFab 6.2.1.8 (31/12/2009)
Easy Picture2Icon 3.0
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Event Manager
EPSON File Manager
EPSON Scan
EPSON Scan Assistant
EssentialFax
Font Creator Program 4.1
Free Audio Converter version 2.0
Free AVI MPEG WMV MP4 FLV Video Joiner 3.7.2.1
Free DVD Video Burner version 2.4
Free Video Flip and Rotate version 1.8
Free Video to DVD Converter version 1.6
Free Video to MP3 Converter version 4.0
Free YouTube Download 2.10
Free YouTube to DVD Converter version 2.6
Free YouTube to MP3 Converter version 3.8
FreeRIP v3.091
GIMP 2.6.6
Glary Utilities 2.30.0.1066
GoldWave v5.12
Google Earth
Google Update Helper
Hallmark Card Studio 2006
Hanami for Windows
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB954550-v5)
ImgBurn
InterVideo WinDVD 5
IObit Security 360
IrfanView (remove only)
Java Auto Updater
Java™ 6 Update 23
Java™ 6 Update 3
jv16 PowerTools 2006
L&H TTS3000 British English
L&H TTS3000 Deutsch
Lernout & Hauspie TruVoice American English TTS Engine
LingoPad 2.5.1 (Build 325)
Linksys EasyLink Advisor
LP Recorder
LP Ripper
Malwarebytes' Anti-Malware
MGI PhotoSuite 4 (Remove Only)
MGI PhotoSuite SE (Remove Only)
MGI Photovista 2.02(Remove only)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.52
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works
Mindful version 1.2.5
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
Music Alarm Clock
Nero 7 Ultra Edition
Nostalgic Screensaver
NVIDIA Drivers
Paint.NET v3.5.6
Pankaj Arora Software's Tumi Cursor PowerPack (Remove)
Partition Wizard Home Edition 5.0
PCI SoftV92 Modem
PFPortChecker 1.0.36
PhoneTray Free
PhoneTray Voices
Photo To Sketch 3.5
PM Stitch Creator 3 Trial
Pure Networks Platform
QuickTime
Rain Screensaver 1.0
RealPlayer
Realtek High Definition Audio Driver
RegSupreme
Revo Uninstaller 1.91
RipIt4Me
Ripple Screensaver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982802)
Shockwave
Shorty
Snow for Windows
SolSuite
Speakonia
Spybot - Search & Destroy
Spyware Terminator
SpywareBlaster 4.4
SUPERAntiSpyware
TempCleaner
The Print Shop 12
The Weather Channel Toolbar
TMPGEnc Plus 2.5
Triscape FxFoto
Turbo Lister 2
Tweak UI
Ulead PhotoImpact XL Trial
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Virtual Account Numbers
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows Presentation Foundation
Wise Registry Cleaner 5.8.5
WordWeb
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

1/9/2011 3:30:06 PM, error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 1 time(s).
1/14/2011 8:16:48 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
1/12/2011 5:36:22 PM, error: Service Control Manager [7034] - The Spyware Terminator Realtime Shield Service service terminated unexpectedly. It has done this 1 time(s).
1/11/2011 9:58:33 PM, error: Service Control Manager [7003] - The tmrkb service depends on the following nonexistent service: tmcomm
1/11/2011 2:00:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/11/2011 11:11:59 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
1/11/2011 1:56:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdPPM aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL sp_rsdrv2 Tcpip
1/11/2011 1:56:54 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
1/11/2011 1:56:54 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/11/2011 1:56:54 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/11/2011 1:56:54 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/11/2011 1:55:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

==== End Of File ===========================

DDS (Ver_10-12-12.02) - NTFSx86
Run by Uta at 12:39:41.78 on Sun 01/16/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1221 [GMT -7:00]

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Felitec\Mindful\Mindful.exe
C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DS Clock\dsclock.exe
C:\Program Files\Iconoid\iconoid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Glary Utilities\memdefrag.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe
C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe
C:\Program Files\Shorty\Shorty.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol email toolbar\AolMailTbServer.exe
C:\WINDOWS\system32\OBroker.exe
C:\Documents and Settings\Uta\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
BHO: IEEvents Class: {00533b73-e574-46e9-b06a-fdf4592e67cb} - c:\program files\estsoft\alpass\ApsHelper14.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\program files\virtual account numbers\BhoCitUS.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: AOL Email Toolbar Loader: {fbea8524-8c72-4208-9d12-7fb73e9926eb} - c:\program files\aol email toolbar\aolmailtb.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: AOL Email Toolbar: {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - c:\program files\aol email toolbar\aolmailtb.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [DS Clock] "c:\program files\ds clock\dsclock.exe"
uRun: [Iconoid] "c:\program files\iconoid\iconoid.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
uRun: [Glary Memory Optimizer] "c:\program files\glary utilities\memdefrag.exe" /autostart
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVD.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Mindful] c:\program files\felitec\mindful\Mindful.exe
mRun: [PhoneTray] c:\program files\traysoft\phonetray\PhoneTray.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\documents and settings\uta\start menu\programs\startup\Glass2k.exe
StartupFolder: c:\docume~1\uta\startm~1\programs\startup\shorty.lnk - c:\program files\shorty\Shorty.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pepsiv~1.lnk - c:\program files\zamaan's software\pepsi volume controller 5.0\pvc.exe
IE: &AOL Email Toolbar Search - c:\documents and settings\all users\application data\aol email toolbar\ietoolbar\resources\en-us\local\search.html
IE: &AOL Toolbar Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\uta\application data\dvdvideosoftiehelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\uta\application data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {572E3910-4764-4E88-8929-176B2B192FF7} - c:\program files\estsoft\alpass\ALPass.exe
IE: {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - c:\progra~1\virtua~1\CitiVAN.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2E5E800E-6AC0-411E-940A-369530A35E43} - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-5 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-10-3 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-5 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-5 40384]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-12-30 312152]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-5 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-5 40384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-2-28 133104]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2003-7-16 14336]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-7-23 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-7-23 11104]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 SIS163u;SIS163u;c:\windows\system32\drivers\sis163u.sys --> c:\windows\system32\drivers\sis163u.sys [?]

=============== Created Last 30 ================

2011-01-16 14:37:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2011-01-15 17:34:42 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-01-15 17:32:10 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-01-15 17:30:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-01-14 18:27:39 -------- d-----w- C:\TDSSKiller_Quarantine
2011-01-14 14:42:45 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{4104506d-c10a-4973-ad03-0ad4c32afcef}\mpengine.dll
2011-01-13 03:05:34 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-01-13 03:05:31 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-10 23:32:05 -------- d-----w- c:\program files\common files\InterVideo
2011-01-10 23:31:29 -------- d-----w- c:\program files\InterVideo
2011-01-10 23:31:28 77824 ----a-w- c:\windows\system32\ctdvda32.dll
2011-01-10 23:31:28 315248 ----a-w- c:\windows\system32\drivers\ctdvda2k.sys
2011-01-10 23:31:28 122880 ----a-w- c:\windows\system32\cddvdint.dll
2011-01-10 23:31:28 -------- d-----w- c:\program files\Creative
2011-01-10 23:31:00 212992 ------w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2011-01-08 23:20:13 -------- d-----w- c:\program files\AVIcodec
2011-01-07 23:00:52 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-01-07 23:00:52 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-06 17:16:33 -------- d-----w- C:\DECCHECK
2011-01-06 00:21:44 38848 ----a-w- c:\windows\avastSS.scr
2011-01-05 22:31:26 -------- d-----w- c:\docume~1\uta\applic~1\ElevatedDiagnostics
2011-01-05 19:00:13 -------- d--h--w- c:\documents and settings\uta\Recent(3)
2011-01-04 03:29:39 1912872 ----a-w- c:\docume~1\uta\applic~1\microsoft\internet explorer\quick launch\HousecallLauncher.exe
2011-01-02 16:55:29 180224 ----a-w- c:\windows\system32\QTCF.dll
2011-01-01 18:06:27 -------- d--h--w- c:\documents and settings\uta\Recent(2)
2011-01-01 00:55:21 -------- d-----w- c:\docume~1\uta\applic~1\IObit
2011-01-01 00:55:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit
2011-01-01 00:55:19 -------- d-----w- c:\program files\Trend Micro
2010-12-31 23:39:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-12-31 23:39:49 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-12-31 23:39:48 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-12-31 23:39:48 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-12-31 23:39:38 -------- d-----w- c:\program files\NVIDIA Corporation
2010-12-30 13:09:33 -------- d-----w- c:\program files\IObit
2010-12-30 01:58:25 388096 ----a-r- c:\docume~1\uta\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-12-28 18:47:15 -------- d-----w- c:\docume~1\uta\applic~1\Local
2010-12-20 23:55:10 -------- d-----w- c:\program files\LSI SoftModem
2010-12-20 23:22:11 55824 ----a-w- c:\windows\agrsmdel.exe
2010-12-20 23:22:11 13824 ----a-w- c:\windows\system32\agrscoin.dll
2010-12-20 23:22:11 1203776 ----a-w- c:\windows\system32\drivers\AGRSM.sys

==================== Find3M ====================

2011-01-16 01:15:06 1033728 ----a-w- c:\windows\explorer.exe
2010-11-30 00:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 00:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-17 06:41:00 323624 ----a-w- c:\windows\system32\wiaaut.dll
2010-11-13 01:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 23:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34:11 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-24 06:20:58 1195760 ------w- c:\windows\wweb32.dll

============= FINISH: 12:40:38.32 ===============

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-16 14:07:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000061 ST3160813AS rev.CC2F
Running: 7rxy20vi.exe; Driver: C:\DOCUME~1\Uta\LOCALS~1\Temp\kftdrpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xB598CCF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xB598CBAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xB598D160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xB598D08A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xB598C782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xB598CC86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xB598C6C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xB598C726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xB598CDA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB598D22E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xB598CD66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xB598CEE6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB5999BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xB59999D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xB5999B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP B5999B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP B59999D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP B59955D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP B5996FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP B5999BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB8C7C380, 0x2468FD, 0xE8000020]
? C:\DOCUME~1\Uta\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe[140] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe[140] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe[140] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe[140] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe[140] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FF0001
.text C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe[140] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe[140] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe[140] advapi32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe[140] advapi32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe[140] advapi32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe[140] advapi32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe[140] advapi32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[176] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[176] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[176] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[176] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[176] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01940001
.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[176] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[176] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[176] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[176] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[176] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[176] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[176] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[188] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[188] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[188] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[188] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[188] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013D0001
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[188] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[188] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[188] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[188] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[188] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[188] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[188] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Shorty\Shorty.exe[208] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shorty\Shorty.exe[208] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Shorty\Shorty.exe[208] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shorty\Shorty.exe[208] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Shorty\Shorty.exe[208] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01350001
.text C:\Program Files\Shorty\Shorty.exe[208] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Shorty\Shorty.exe[208] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Shorty\Shorty.exe[208] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Shorty\Shorty.exe[208] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shorty\Shorty.exe[208] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Shorty\Shorty.exe[208] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Shorty\Shorty.exe[208] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[216] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[216] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[216] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[216] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[216] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[216] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[216] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[216] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[216] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[216] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[216] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[216] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1220] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4D9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1220] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3527F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1220] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E352777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1220] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3527BB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1220] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E352703 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1220] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E35273D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1220] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352831 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1220] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20178A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1220] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3529F3 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DC0001
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\RTHDCPL.EXE[1796] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[1796] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[1796] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[1796] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\RTHDCPL.EXE[1796] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 04D40001
.text C:\WINDOWS\RTHDCPL.EXE[1796] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\RTHDCPL.EXE[1796] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\RTHDCPL.EXE[1796] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\RTHDCPL.EXE[1796] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[1796] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\RTHDCPL.EXE[1796] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\RTHDCPL.EXE[1796] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1812] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1812] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1812] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1812] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1812] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02240001
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1812] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1812] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1812] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1812] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1812] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1812] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1812] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1824] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1824] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1824] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1824] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1824] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D20001
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1824] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1824] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1824] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1824] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1824] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1824] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1824] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1856] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1856] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1856] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1856] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1856] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01090001
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1856] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1856] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1856] advapi32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1856] advapi32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1856] advapi32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1856] advapi32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1856] advapi32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 016E0001
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[1892] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[1892] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Windows Defender\MSASCui.exe[1892] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[1892] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Windows Defender\MSASCui.exe[1892] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01A60001
.text C:\Program Files\Windows Defender\MSASCui.exe[1892] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[1892] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[1892] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[1892] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[1892] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Windows Defender\MSASCui.exe[1892] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[1892] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\DS Clock\dsclock.exe[1916] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DS Clock\dsclock.exe[1916] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\DS Clock\dsclock.exe[1916] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DS Clock\dsclock.exe[1916] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\DS Clock\dsclock.exe[1916] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AA0001
.text C:\Program Files\DS Clock\dsclock.exe[1916] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\DS Clock\dsclock.exe[1916] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\DS Clock\dsclock.exe[1916] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\DS Clock\dsclock.exe[1916] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DS Clock\dsclock.exe[1916] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\DS Clock\dsclock.exe[1916] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\DS Clock\dsclock.exe[1916] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Iconoid\iconoid.exe[1924] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iconoid\iconoid.exe[1924] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Iconoid\iconoid.exe[1924] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iconoid\iconoid.exe[1924] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Iconoid\iconoid.exe[1924] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D50001
.text C:\Program Files\Iconoid\iconoid.exe[1924] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Iconoid\iconoid.exe[1924] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Iconoid\iconoid.exe[1924] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Iconoid\iconoid.exe[1924] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iconoid\iconoid.exe[1924] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Iconoid\iconoid.exe[1924] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Iconoid\iconoid.exe[1924] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1932] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1932] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[1932] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1932] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[1932] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E50001
.text C:\WINDOWS\system32\ctfmon.exe[1932] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1932] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1932] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\ctfmon.exe[1932] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1932] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1932] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\ctfmon.exe[1932] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\WordWeb\wweb32.exe[1944] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WordWeb\wweb32.exe[1944] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\WordWeb\wweb32.exe[1944] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WordWeb\wweb32.exe[1944] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\WordWeb\wweb32.exe[1944] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F80001
.text C:\Program Files\WordWeb\wweb32.exe[1944] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\WordWeb\wweb32.exe[1944] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\WordWeb\wweb32.exe[1944] advapi32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\WordWeb\wweb32.exe[1944] advapi32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WordWeb\wweb32.exe[1944] advapi32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\WordWeb\wweb32.exe[1944] advapi32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\WordWeb\wweb32.exe[1944] advapi32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Glary Utilities\memdefrag.exe[2012] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Glary Utilities\memdefrag.exe[2012] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Glary Utilities\memdefrag.exe[2012] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Glary Utilities\memdefrag.exe[2012] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Glary Utilities\memdefrag.exe[2012] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01650001
.text C:\Program Files\Glary Utilities\memdefrag.exe[2012] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Glary Utilities\memdefrag.exe[2012] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Glary Utilities\memdefrag.exe[2012] advapi32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Glary Utilities\memdefrag.exe[2012] advapi32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Glary Utilities\memdefrag.exe[2012] advapi32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Glary Utilities\memdefrag.exe[2012] advapi32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Glary Utilities\memdefrag.exe[2012] advapi32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Documents and Settings\Uta\Desktop\gmer\7rxy20vi.exe[4708] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Uta\Desktop\gmer\7rxy20vi.exe[4708] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Documents and Settings\Uta\Desktop\gmer\7rxy20vi.exe[4708] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Uta\Desktop\gmer\7rxy20vi.exe[4708] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Documents and Settings\Uta\Desktop\gmer\7rxy20vi.exe[4708] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001
.text C:\Documents and Settings\Uta\Desktop\gmer\7rxy20vi.exe[4708] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\Uta\Desktop\gmer\7rxy20vi.exe[4708] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Uta\Desktop\gmer\7rxy20vi.exe[4708] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\Uta\Desktop\gmer\7rxy20vi.exe[4708] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Uta\Desktop\gmer\7rxy20vi.exe[4708] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Documents and Settings\Uta\Desktop\gmer\7rxy20vi.exe[4708] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\Uta\Desktop\gmer\7rxy20vi.exe[4708] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\atapi \Device\Ide\IdePort0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\USBSTOR \Device\0000006c AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\USBSTOR \Device\0000006f AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)

---- EOF - GMER 1.0.15 ----

EDIT: Posts merged ~BP

Edited by Budapest, 16 January 2011 - 07:18 PM.


BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 20 January 2011 - 11:30 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 Welttraveler

Welttraveler
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 20 January 2011 - 04:32 PM

I have not been able to correct the problems with this PC. I did uninstall some software that was scanned by 3 online scanners and found to be clean, however HitmanPro found a trojan. Recent scans have spyware/malware scans have found nothing. Windows Defender has quieted down somewhat but still reports problems with driver kftdprog, mbr, some globally open ports.
DVD-RW drive plays DVDs sometimes, but for the most part the drive shows as empty. Occasionally it will play upon startup.

Here are some fresh logs and thanks for the help.
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-20 14:02:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000061 ST3160813AS rev.CC2F
Running: 7rxy20vi.exe; Driver: C:\DOCUME~1\Uta\LOCALS~1\Temp\kftdrpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xB5E3ACF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xB5E3ABAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xB5E3B160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xB5E3B08A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xB5E3A782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xB5E3AC86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xB5E3A6C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xB5E3A726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xB5E3ADA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB5E3B22E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xB5E3AD66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xB5E3AEE6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB5E47BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xB5E479D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xB5E47B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP B5E47B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP B5E479D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP B5E435D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP B5E44FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP B5E47BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB8C44380, 0x2468FD, 0xE8000020]
? C:\DOCUME~1\Uta\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[124] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[124] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[124] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[124] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[124] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01940001
.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[124] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[124] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[124] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[124] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[124] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[124] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe[124] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[184] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4D9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[184] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3527F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[184] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E352777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[184] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3527BB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[184] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E352703 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[184] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E35273D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[184] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352831 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[184] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20178A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[184] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3529F3 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[244] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[244] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[244] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[244] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[244] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013D0001
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[244] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[244] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[244] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[244] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[244] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[244] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe[244] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe[272] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe[272] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe[272] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe[272] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe[272] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01880001
.text C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe[272] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe[272] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe[272] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe[272] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe[272] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe[272] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe[272] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Shorty\Shorty.exe[288] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shorty\Shorty.exe[288] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Shorty\Shorty.exe[288] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shorty\Shorty.exe[288] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Shorty\Shorty.exe[288] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01350001
.text C:\Program Files\Shorty\Shorty.exe[288] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Shorty\Shorty.exe[288] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Shorty\Shorty.exe[288] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Shorty\Shorty.exe[288] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shorty\Shorty.exe[288] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Shorty\Shorty.exe[288] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Shorty\Shorty.exe[288] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1508] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\WINDOWS\Explorer.EXE[1708] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01420001
.text C:\WINDOWS\Explorer.EXE[1708] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[1708] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1708] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[1708] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1708] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\RTHDCPL.EXE[1800] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[1800] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[1800] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[1800] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\RTHDCPL.EXE[1800] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 04D40001
.text C:\WINDOWS\RTHDCPL.EXE[1800] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\RTHDCPL.EXE[1800] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\RTHDCPL.EXE[1800] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\RTHDCPL.EXE[1800] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[1800] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\RTHDCPL.EXE[1800] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\RTHDCPL.EXE[1800] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1820] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1820] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1820] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1820] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1820] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02220001
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1820] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1820] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1820] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1820] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1820] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1820] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1820] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1828] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1828] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1828] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1828] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1828] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 031A0001
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1828] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1828] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1828] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1828] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1828] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1828] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1828] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1864] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1864] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1864] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1864] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1864] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F90001
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1864] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1864] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1864] advapi32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1864] advapi32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1864] advapi32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1864] advapi32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Felitec\Mindful\Mindful.exe[1864] advapi32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 016E0001
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe[1872] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[1912] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[1912] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Windows Defender\MSASCui.exe[1912] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[1912] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Windows Defender\MSASCui.exe[1912] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01A60001
.text C:\Program Files\Windows Defender\MSASCui.exe[1912] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[1912] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[1912] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[1912] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[1912] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Windows Defender\MSASCui.exe[1912] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[1912] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\DS Clock\dsclock.exe[1920] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DS Clock\dsclock.exe[1920] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\DS Clock\dsclock.exe[1920] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DS Clock\dsclock.exe[1920] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\DS Clock\dsclock.exe[1920] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E90001
.text C:\Program Files\DS Clock\dsclock.exe[1920] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\DS Clock\dsclock.exe[1920] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\DS Clock\dsclock.exe[1920] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\DS Clock\dsclock.exe[1920] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DS Clock\dsclock.exe[1920] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\DS Clock\dsclock.exe[1920] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\DS Clock\dsclock.exe[1920] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Iconoid\iconoid.exe[1928] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iconoid\iconoid.exe[1928] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Iconoid\iconoid.exe[1928] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iconoid\iconoid.exe[1928] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Iconoid\iconoid.exe[1928] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D50001
.text C:\Program Files\Iconoid\iconoid.exe[1928] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Iconoid\iconoid.exe[1928] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Iconoid\iconoid.exe[1928] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Iconoid\iconoid.exe[1928] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iconoid\iconoid.exe[1928] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Iconoid\iconoid.exe[1928] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Iconoid\iconoid.exe[1928] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1936] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1936] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[1936] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1936] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[1936] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BD0001
.text C:\WINDOWS\system32\ctfmon.exe[1936] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1936] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1936] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\ctfmon.exe[1936] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1936] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1936] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\ctfmon.exe[1936] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\WordWeb\wweb32.exe[1944] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WordWeb\wweb32.exe[1944] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\WordWeb\wweb32.exe[1944] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WordWeb\wweb32.exe[1944] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\WordWeb\wweb32.exe[1944] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F80001
.text C:\Program Files\WordWeb\wweb32.exe[1944] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\WordWeb\wweb32.exe[1944] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\WordWeb\wweb32.exe[1944] advapi32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\WordWeb\wweb32.exe[1944] advapi32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WordWeb\wweb32.exe[1944] advapi32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\WordWeb\wweb32.exe[1944] advapi32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\WordWeb\wweb32.exe[1944] advapi32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Glary Utilities\memdefrag.exe[1952] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Glary Utilities\memdefrag.exe[1952] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Glary Utilities\memdefrag.exe[1952] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Glary Utilities\memdefrag.exe[1952] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Glary Utilities\memdefrag.exe[1952] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01C60001
.text C:\Program Files\Glary Utilities\memdefrag.exe[1952] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Glary Utilities\memdefrag.exe[1952] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Glary Utilities\memdefrag.exe[1952] advapi32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Glary Utilities\memdefrag.exe[1952] advapi32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Glary Utilities\memdefrag.exe[1952] advapi32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Glary Utilities\memdefrag.exe[1952] advapi32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Glary Utilities\memdefrag.exe[1952] advapi32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2220] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4D9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2220] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3527F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2220] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E352777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2220] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3527BB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2220] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E352703 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2220] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E35273D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2220] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352831 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2220] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20178A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2220] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3529F3 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\ESTsoft\ALPass\ALPass.exe[2796] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESTsoft\ALPass\ALPass.exe[2796] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\ESTsoft\ALPass\ALPass.exe[2796] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESTsoft\ALPass\ALPass.exe[2796] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\ESTsoft\ALPass\ALPass.exe[2796] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01000001
.text C:\Program Files\ESTsoft\ALPass\ALPass.exe[2796] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\ESTsoft\ALPass\ALPass.exe[2796] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\ESTsoft\ALPass\ALPass.exe[2796] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\ESTsoft\ALPass\ALPass.exe[2796] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESTsoft\ALPass\ALPass.exe[2796] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\ESTsoft\ALPass\ALPass.exe[2796] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\ESTsoft\ALPass\ALPass.exe[2796] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\notepad.exe[4768] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\notepad.exe[4768] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\notepad.exe[4768] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\notepad.exe[4768] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\notepad.exe[4768] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AB0001
.text C:\WINDOWS\system32\notepad.exe[4768] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\notepad.exe[4768] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\notepad.exe[4768] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\notepad.exe[4768] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\notepad.exe[4768] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\notepad.exe[4768] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\notepad.exe[4768] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\notepad.exe[5064] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\notepad.exe[5064] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\notepad.exe[5064] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\notepad.exe[5064] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\notepad.exe[5064] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AB0001
.text C:\WINDOWS\system32\notepad.exe[5064] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\notepad.exe[5064] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\notepad.exe[5064] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\notepad.exe[5064] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\notepad.exe[5064] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\notepad.exe[5064] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\notepad.exe[5064] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Documents and Settings\Uta\Desktop\7rxy20vi.exe[5692] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Uta\Desktop\7rxy20vi.exe[5692] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Documents and Settings\Uta\Desktop\7rxy20vi.exe[5692] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Uta\Desktop\7rxy20vi.exe[5692] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Documents and Settings\Uta\Desktop\7rxy20vi.exe[5692] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001
.text C:\Documents and Settings\Uta\Desktop\7rxy20vi.exe[5692] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\Uta\Desktop\7rxy20vi.exe[5692] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Uta\Desktop\7rxy20vi.exe[5692] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\Uta\Desktop\7rxy20vi.exe[5692] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Uta\Desktop\7rxy20vi.exe[5692] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Documents and Settings\Uta\Desktop\7rxy20vi.exe[5692] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\Uta\Desktop\7rxy20vi.exe[5692] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

DDS (Ver_10-12-12.02) - NTFSx86
Run by Uta at 12:38:43.57 on Thu 01/20/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1160 [GMT -7:00]

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Felitec\Mindful\Mindful.exe
C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DS Clock\dsclock.exe
C:\Program Files\Iconoid\iconoid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Glary Utilities\memdefrag.exe
C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe
C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe
C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
C:\Program Files\Shorty\Shorty.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol email toolbar\AolMailTbServer.exe
C:\WINDOWS\system32\OBroker.exe
C:\Program Files\ESTsoft\ALPass\ALPass.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Uta\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
BHO: IEEvents Class: {00533b73-e574-46e9-b06a-fdf4592e67cb} - c:\program files\estsoft\alpass\ApsHelper14.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\program files\virtual account numbers\BhoCitUS.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: AOL Email Toolbar Loader: {fbea8524-8c72-4208-9d12-7fb73e9926eb} - c:\program files\aol email toolbar\aolmailtb.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: AOL Email Toolbar: {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - c:\program files\aol email toolbar\aolmailtb.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [DS Clock] "c:\program files\ds clock\dsclock.exe"
uRun: [Iconoid] "c:\program files\iconoid\iconoid.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
uRun: [Glary Memory Optimizer] "c:\program files\glary utilities\memdefrag.exe" /autostart
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Mindful] c:\program files\felitec\mindful\Mindful.exe
mRun: [PhoneTray] c:\program files\traysoft\phonetray\PhoneTray.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
StartupFolder: c:\documents and settings\uta\start menu\programs\startup\Glass2k.exe
StartupFolder: c:\docume~1\uta\startm~1\programs\startup\screen~1.lnk - c:\program files\wisdom-soft screenhunter 5 free\ScreenHunter.exe
StartupFolder: c:\docume~1\uta\startm~1\programs\startup\shorty.lnk - c:\program files\shorty\Shorty.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pepsiv~1.lnk - c:\program files\zamaan's software\pepsi volume controller 5.0\pvc.exe
IE: &AOL Email Toolbar Search - c:\documents and settings\all users\application data\aol email toolbar\ietoolbar\resources\en-us\local\search.html
IE: &AOL Toolbar Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\uta\application data\dvdvideosoftiehelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\uta\application data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {572E3910-4764-4E88-8929-176B2B192FF7} - c:\program files\estsoft\alpass\ALPass.exe
IE: {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - c:\progra~1\virtua~1\CitiVAN.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2E5E800E-6AC0-411E-940A-369530A35E43} - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-5 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-10-3 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-5 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-5 40384]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-12-30 312152]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-5 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-5 40384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-2-28 133104]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2003-7-16 14336]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-7-23 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-7-23 11104]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 SIS163u;SIS163u;c:\windows\system32\drivers\sis163u.sys --> c:\windows\system32\drivers\sis163u.sys [?]

=============== Created Last 30 ================

2011-01-20 15:47:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
2011-01-20 15:47:32 -------- d-----w- c:\program files\Security Task Manager
2011-01-19 17:57:18 81920 ----a-w- c:\windows\ALCFDRTM.VER
2011-01-19 17:57:18 81920 ----a-w- c:\windows\ALCFDRTM.EXE
2011-01-18 11:52:04 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{da10175b-7c18-4bf1-947d-c211686240bc}\mpengine.dll
2011-01-17 16:49:35 -------- d-----w- c:\program files\Wisdom-soft ScreenHunter 5 Free
2011-01-16 14:37:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2011-01-15 17:34:42 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-01-15 17:32:10 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-01-15 17:30:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-01-14 18:27:39 -------- d-----w- C:\TDSSKiller_Quarantine
2011-01-13 03:05:34 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-01-13 03:05:31 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-10 23:32:05 -------- d-----w- c:\program files\common files\InterVideo
2011-01-10 23:31:29 -------- d-----w- c:\program files\InterVideo
2011-01-10 23:31:28 77824 ----a-w- c:\windows\system32\ctdvda32.dll
2011-01-10 23:31:28 315248 ----a-w- c:\windows\system32\drivers\ctdvda2k.sys
2011-01-10 23:31:28 122880 ----a-w- c:\windows\system32\cddvdint.dll
2011-01-10 23:31:28 -------- d-----w- c:\program files\Creative
2011-01-10 23:31:00 212992 ------w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2011-01-08 23:20:13 -------- d-----w- c:\program files\AVIcodec
2011-01-07 23:00:52 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-01-07 23:00:52 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-06 17:16:33 -------- d-----w- C:\DECCHECK
2011-01-06 00:21:44 38848 ----a-w- c:\windows\avastSS.scr
2011-01-05 22:31:26 -------- d-----w- c:\docume~1\uta\applic~1\ElevatedDiagnostics
2011-01-05 19:00:13 -------- d--h--w- c:\documents and settings\uta\Recent(3)
2011-01-04 03:29:39 1912872 ----a-w- c:\docume~1\uta\applic~1\microsoft\internet explorer\quick launch\HousecallLauncher.exe
2011-01-02 16:55:29 180224 ----a-w- c:\windows\system32\QTCF.dll
2011-01-01 18:06:27 -------- d--h--w- c:\documents and settings\uta\Recent(2)
2011-01-01 00:55:21 -------- d-----w- c:\docume~1\uta\applic~1\IObit
2011-01-01 00:55:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit
2011-01-01 00:55:19 -------- d-----w- c:\program files\Trend Micro
2010-12-31 23:39:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-12-31 23:39:49 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-12-31 23:39:48 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-12-31 23:39:48 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-12-31 23:39:38 -------- d-----w- c:\program files\NVIDIA Corporation
2010-12-30 13:09:33 -------- d-----w- c:\program files\IObit
2010-12-30 01:58:25 388096 ----a-r- c:\docume~1\uta\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-12-28 18:47:15 -------- d-----w- c:\docume~1\uta\applic~1\Local

==================== Find3M ====================

2011-01-16 01:15:06 1033728 ----a-w- c:\windows\explorer.exe
2010-11-30 00:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 00:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-17 06:41:00 323624 ----a-w- c:\windows\system32\wiaaut.dll
2010-11-13 01:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 23:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34:11 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-24 06:20:58 1195760 ------w- c:\windows\wweb32.dll

============= FINISH: 12:39:48.79 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/28/2009 6:04:50 AM
System Uptime: 1/20/2011 12:14:12 PM (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | M61SME-S2
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4000+ | Socket M2 | 2109/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 50.478 GiB free.
D: is FIXED (NTFS) - 74 GiB total, 35.586 GiB free.
E: is CDROM ()
F: is CDROM (UDF)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP880: 1/1/2011 9:29:39 PM - Restore Operation
RP881: 1/1/2011 9:52:39 PM - Restore Operation
RP882: 1/1/2011 9:57:18 PM - Restore Operation
RP883: 1/1/2011 10:43:44 PM - Software Distribution Service 3.0
RP884: 1/1/2011 11:34:33 PM - Installed Adobe Reader X.
RP885: 1/2/2011 2:23:15 PM - before divx 2212
RP886: 1/2/2011 4:18:17 PM - before directx update
RP887: 1/2/2011 5:31:42 PM - Installed DirectX
RP888: 1/3/2011 5:40:37 PM - System Checkpoint
RP889: 1/4/2011 7:12:50 AM - Spyware Terminator - restore point
RP890: 1/4/2011 12:36:09 PM - before nvidia
RP891: 1/4/2011 5:32:55 PM - Software Distribution Service 3.0
RP892: 1/5/2011 9:30:27 AM - Revo Uninstaller's restore point - Adobe Reader 9.3.4
RP893: 1/5/2011 9:35:13 AM - Revo Uninstaller's restore point - Adobe AIR
RP894: 1/5/2011 9:58:50 AM - Removed Spelling Dictionaries Support For Adobe Reader 9.
RP895: 1/5/2011 10:14:32 AM - before removal of adobe 8
RP896: 1/5/2011 10:16:14 AM - Revo Uninstaller's restore point - Adobe Reader 9.3.4
RP897: 1/5/2011 10:28:11 AM - Removed Adobe Reader X.
RP898: 1/5/2011 12:06:07 PM - Revo Uninstaller's restore point - Adobe Download Manager
RP899: 1/5/2011 1:48:47 PM - Installed %1 %2.
RP900: 1/5/2011 1:52:38 PM - Installed %1 %2.
RP901: 1/5/2011 1:56:05 PM - Installed %1 %2.
RP902: 1/5/2011 2:04:42 PM - Installed %1 %2.
RP903: 1/5/2011 2:53:51 PM - avast! Free Antivirus Setup
RP904: 1/5/2011 2:58:15 PM - avast! Free Antivirus Setup
RP905: 1/5/2011 3:12:44 PM - Installed %1 %2.
RP906: 1/5/2011 3:30:13 PM - Installed %1 %2.
RP907: 1/5/2011 4:36:36 PM - Restore Operation
RP908: 1/5/2011 5:11:19 PM - before avast remove and reinstall
RP909: 1/5/2011 5:11:42 PM - avast! Free Antivirus Setup
RP910: 1/5/2011 5:21:38 PM - avast! Free Antivirus Setup
RP911: 1/5/2011 5:42:08 PM - Removed Adobe Reader X.
RP912: 1/5/2011 5:50:09 PM - Installed Adobe Reader X.
RP913: 1/5/2011 7:47:52 PM - before powerdvd patch
RP914: 1/6/2011 10:11:59 AM - before decoder checkup utility
RP915: 1/7/2011 8:49:42 AM - before divx uninstall
RP916: 1/7/2011 11:10:12 AM - before power dvd uninstall reinstall
RP917: 1/7/2011 12:05:58 PM - Restore Operation
RP918: 1/7/2011 12:36:33 PM - Revo Uninstaller's restore point - PowerDVD
RP919: 1/7/2011 12:37:50 PM - Revo Uninstaller's restore point - PowerDVD
RP920: 1/7/2011 1:43:17 PM - Restore Operation
RP921: 1/7/2011 2:03:31 PM - Revo Uninstaller's restore point - PowerDVD
RP922: 1/7/2011 3:52:58 PM - before windows nvidia update
RP923: 1/7/2011 3:53:44 PM - Software Distribution Service 3.0
RP924: 1/7/2011 4:00:18 PM - Restore Operation
RP925: 1/8/2011 10:54:08 AM - before codec checker
RP926: 1/8/2011 4:20:03 PM - before avicodec
RP927: 1/9/2011 8:20:48 PM - System Checkpoint
RP928: 1/10/2011 4:30:25 PM - before windvd
RP929: 1/11/2011 1:15:12 PM - Spyware Terminator - restore point
RP930: 1/12/2011 2:25:03 PM - Software Distribution Service 3.0
RP931: 1/12/2011 8:03:21 PM - before defender
RP932: 1/12/2011 8:04:55 PM - Installed Windows Defender
RP933: 1/12/2011 8:05:29 PM - Software Distribution Service 3.0
RP934: 1/13/2011 11:50:19 AM - before system files protection
RP935: 1/13/2011 11:51:09 AM - Installed %1 %2.
RP936: 1/14/2011 7:42:42 AM - Software Distribution Service 3.0
RP937: 1/14/2011 11:37:24 AM - error fix
RP938: 1/14/2011 12:36:46 PM - Revo Uninstaller's restore point - Print Screen Replacement 2.0.1.2
RP939: 1/15/2011 10:30:09 AM - before hitman pro virus
RP940: 1/16/2011 11:31:44 AM - System Checkpoint
RP941: 1/17/2011 9:48:36 AM - screen capture
RP942: 1/18/2011 4:52:01 AM - Software Distribution Service 3.0
RP943: 1/18/2011 8:51:09 AM - Spyware Terminator - restore point
RP944: 1/19/2011 8:53:08 AM - System Checkpoint
RP945: 1/20/2011 8:47:01 AM - b4 security task manager

==== Installed Programs ======================

Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.4
Adobe Reader X
ALPass
ALTools Update
ALZip
AnyDVD
AOL Email Toolbar
Apple Application Support
Apple Software Update
Auslogics Disk Defrag
AutumnLeaves
avast! Free Antivirus
AVIcodec (remove only)
bitRipper
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon iP2600 series
Canon MovieEdit Task for ZoomBrowser EX
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
CCleaner
Compatibility Pack for the 2007 Office system
CreataCard Plus 2
Creative DVD Audio Plugin for Audigy Series
DS Clock
DVD Audio Extractor 4.1.1
DVD Decrypter (Remove Only)
DVD Flick 1.3.0.7
DVD Shrink 3.2
DVDFab 6.2.1.8 (31/12/2009)
Easy Picture2Icon 3.0
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Event Manager
EPSON File Manager
EPSON Scan
EPSON Scan Assistant
EssentialFax
Font Creator Program 4.1
Free Audio Converter version 2.0
Free AVI MPEG WMV MP4 FLV Video Joiner 3.7.2.1
Free DVD Video Burner version 2.4
Free Video Flip and Rotate version 1.8
Free Video to DVD Converter version 1.6
Free Video to MP3 Converter version 4.0
Free YouTube Download 2.10
Free YouTube to DVD Converter version 2.6
Free YouTube to MP3 Converter version 3.8
FreeRIP v3.091
GIMP 2.6.6
Glary Utilities 2.30.0.1066
GoldWave v5.12
Google Earth
Google Update Helper
Hallmark Card Studio 2006
Hanami for Windows
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB954550-v5)
ImgBurn
InterVideo WinDVD 5
IObit Security 360
IrfanView (remove only)
Java Auto Updater
Java™ 6 Update 23
Java™ 6 Update 3
jv16 PowerTools 2006
L&H TTS3000 British English
L&H TTS3000 Deutsch
Lernout & Hauspie TruVoice American English TTS Engine
LingoPad 2.5.1 (Build 325)
Linksys EasyLink Advisor
LP Recorder
LP Ripper
Malwarebytes' Anti-Malware
MGI PhotoSuite 4 (Remove Only)
MGI PhotoSuite SE (Remove Only)
MGI Photovista 2.02(Remove only)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.52
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works
Mindful version 1.2.5
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
Music Alarm Clock
Nero 7 Ultra Edition
Nostalgic Screensaver
NVIDIA Drivers
Paint.NET v3.5.6
Pankaj Arora Software's Tumi Cursor PowerPack (Remove)
Partition Wizard Home Edition 5.0
PCI SoftV92 Modem
PFPortChecker 1.0.36
PhoneTray Free
PhoneTray Voices
Photo To Sketch 3.5
PM Stitch Creator 3 Trial
Pure Networks Platform
QuickTime
Rain Screensaver 1.0
RealPlayer
Realtek High Definition Audio Driver
RegSupreme
Revo Uninstaller 1.91
RipIt4Me
Ripple Screensaver
Security Task Manager 1.8c
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982802)
Shockwave
Shorty
Snow for Windows
SolSuite
Speakonia
Spybot - Search & Destroy
Spyware Terminator
SpywareBlaster 4.4
SUPERAntiSpyware
TempCleaner
The Print Shop 12
The Weather Channel Toolbar
TMPGEnc Plus 2.5
Triscape FxFoto
Turbo Lister 2
Tweak UI
Ulead PhotoImpact XL Trial
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Virtual Account Numbers
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows Presentation Foundation
Wisdom-soft Set up ScreenHunter 5.1 Free
Wise Registry Cleaner 5.8.5
WordWeb
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

1/14/2011 8:16:48 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
1/14/2011 11:31:08 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
1/14/2011 10:41:05 AM, error: Service Control Manager [7003] - The tmrkb service depends on the following nonexistent service: tmcomm

==== End Of File ===========================

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:40 PM

Posted 21 January 2011 - 09:55 AM

Hello Welttraveler

Welcome to BleepingComputer :)
========================
The drivers that Windows defender is detecting are from gmer the kftdprog service is gmers driver also mbr is included in the dds scanner to check for mbr infection those are both legitimate.
=================
=====================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 Welttraveler

Welttraveler
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 21 January 2011 - 05:16 PM

Here are the two requested logs:
OTL Extras logfile created on: 1/21/2011 3:04:28 PM - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\Uta\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 75.19 Gb Total Space | 50.27 Gb Free Space | 66.86% Space Free | Partition Type: NTFS
Drive D: | 73.85 Gb Total Space | 35.59 Gb Free Space | 48.19% Space Free | Partition Type: NTFS

Computer Name: A64-4K | User Name: Uta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\PFPortChecker\PFPortChecker.exe" = C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Disabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded. -- (portforward.com)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\InterVideo\DVD5\WinDVD.exe" = C:\Program Files\InterVideo\DVD5\WinDVD.exe:*:Disabled:WinDVD -- (InterVideo Inc.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A2B469-49E1-444C-AC27-674FD2D575D8}_is1" = Rain Screensaver 1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{164A4433-C56D-42E5-BAAA-8C922F1A8AF6}" = Nostalgic Screensaver
"{190BF7E6-59C5-45E2-B9CE-E8E7245A5B4D}" = TMPGEnc Plus 2.5
"{192C6FB8-40B8-4910-BE8C-5EE77FACF08D}" = Hallmark Card Studio 2006
"{1B399A41-C1D0-40A2-9E4F-095868EFAF01}" = InterVideo WinDVD 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2D7D9D86-923A-41A8-919F-437332AB1033}" = Nero 7 Ultra Edition
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DD1FE66-5536-41E3-B786-70068887B3F4}" = The Print Shop 12
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.091
"{560CA2E4-D5D1-4E19-9F6C-895F80C702A4}" = PM Stitch Creator 3 Trial
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3723EB8-255B-4A2D-9831-0752C0D06FF6}_is1" = EssentialFax
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A802A94B-1C59-446C-BE78-A4063EF47777}" = Ulead PhotoImpact XL Trial
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806}" = Virtual Account Numbers
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
"{FD382CAF-4B68-4DA5-9BCB-60394D9BF2D2}" = PhoneTray Voices
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ALPass_is1" = ALPass
"ALUpdate_is1" = ALTools Update
"ALZip_is1" = ALZip
"AnyDVD" = AnyDVD
"AOL Email Toolbar" = AOL Email Toolbar
"AutumnLeaves" = AutumnLeaves
"avast5" = avast! Free Antivirus
"AVIcodec" = AVIcodec (remove only)
"bitRipper" = bitRipper
"CAL" = Canon Camera Access Library
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_HSF" = PCI SoftV92 Modem
"CreataCard Plus 2" = CreataCard Plus 2
"CSCLIB" = Canon Camera Support Core Library
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DS Clock_is1" = DS Clock
"DVD Audio Extractor_is1" = DVD Audio Extractor 4.1.1
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"Easy Picture2Icon" = Easy Picture2Icon 3.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Scanner" = EPSON Scan
"Font Creator Program_is1" = Font Creator Program 4.1
"Free Audio Converter_is1" = Free Audio Converter version 2.0
"Free AVI MPEG WMV MP4 FLV Video Joiner_is1" = Free AVI MPEG WMV MP4 FLV Video Joiner 3.7.2.1
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.4
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.0
"Free YouTube Download_is1" = Free YouTube Download 2.10
"Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 2.6
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FxFoto" = Triscape FxFoto
"Glary Utilities_is1" = Glary Utilities 2.30.0.1066
"GoldWave v5.12" = GoldWave v5.12
"Hanami for Windows" = Hanami for Windows
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"InstallShield_{190BF7E6-59C5-45E2-B9CE-E8E7245A5B4D}" = TMPGEnc Plus 2.5
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{FD382CAF-4B68-4DA5-9BCB-60394D9BF2D2}" = PhoneTray Voices
"IObit Security 360_is1" = IObit Security 360
"IrfanView" = IrfanView (remove only)
"jv16 PowerTools_is1" = jv16 PowerTools 2006
"LHTTSENG" = L&H TTS3000 British English
"LHTTSGED" = L&H TTS3000 Deutsch
"LingoPad_is1" = LingoPad 2.5.1 (Build 325)
"Linksys EasyLink Advisor" = Linksys EasyLink Advisor
"LP Recorder" = LP Recorder
"LP Ripper" = LP Ripper
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MGI_PHOTOSUITE_SE_V10" = MGI PhotoSuite SE (Remove Only)
"MGI_Photovista_V1_4_0" = MGI Photovista 2.02(Remove only)
"MGI_PRISM_V4_0" = MGI PhotoSuite 4 (Remove Only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mindful_is1" = Mindful version 1.2.5
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Music Alarm Clock" = Music Alarm Clock
"NVIDIA Drivers" = NVIDIA Drivers
"Pankaj Arora Software's Tumi Cursor PowerPack" = Pankaj Arora Software's Tumi Cursor PowerPack (Remove)
"PFPortChecker" = PFPortChecker 1.0.36
"PhoneTray" = PhoneTray Free
"Photo To Sketch_is1" = Photo To Sketch 3.5
"PhotoStitch" = Canon Utilities PhotoStitch
"PUBLISHERR" = Microsoft Office Publisher 2007
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RegSupreme_is1" = RegSupreme
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.91
"RipIt4Me" = RipIt4Me
"Ripple Screensaver" = Ripple Screensaver
"Security Task Manager" = Security Task Manager 1.8c
"Shockwave" = Shockwave
"Shorty" = Shorty
"Snow for Windows" = Snow for Windows
"SolSuite" = SolSuite
"Speakonia_is1" = Speakonia
"Spyware Terminator_is1" = Spyware Terminator
"SpywareBlaster_is1" = SpywareBlaster 4.4
"TempCleaner" = TempCleaner
"The Weather Channel Toolbar" = The Weather Channel Toolbar
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Tweak UI 2.10" = Tweak UI
"Uninstall_is1" = Uninstall 1.0.0.1
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.6
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.8.5
"WordWeb" = WordWeb
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/1/2010 6:19:44 PM | Computer Name = A64-4K | Source = Application Error | ID = 1000
Description = Faulting application spybotsd.exe, version 1.6.2.46, faulting module
unknown, version 0.0.0.0, fault address 0x71356800.

Error - 6/1/2010 6:20:18 PM | Computer Name = A64-4K | Source = Application Error | ID = 1000
Description = Faulting application spybotsd.exe, version 1.6.2.46, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 6/4/2010 2:28:42 PM | Computer Name = A64-4K | Source = Application Error | ID = 1000
Description = Faulting application photosuite.exe, version 4.0.0.1311, faulting
module ps4cataloglistbox.dll, version 4.0.0.1311, fault address 0x00007c9c.

Error - 6/6/2010 10:14:52 PM | Computer Name = A64-4K | Source = Application Error | ID = 1000
Description = Faulting application photosuite.exe, version 4.0.0.1311, faulting
module ps4cataloglistbox.dll, version 4.0.0.1311, fault address 0x00007c9c.

Error - 6/17/2010 8:44:14 AM | Computer Name = A64-4K | Source = Google Update | ID = 20
Description =

Error - 6/17/2010 9:44:14 AM | Computer Name = A64-4K | Source = Google Update | ID = 20
Description =

Error - 6/17/2010 10:44:14 AM | Computer Name = A64-4K | Source = Google Update | ID = 20
Description =

Error - 6/17/2010 11:44:14 AM | Computer Name = A64-4K | Source = Google Update | ID = 20
Description =

Error - 6/17/2010 6:49:33 PM | Computer Name = A64-4K | Source = Application Error | ID = 1000
Description = Faulting application spybotsd.exe, version 1.6.2.46, faulting module
spybotsd.exe, version 1.6.2.46, fault address 0x00004d8a.

Error - 7/8/2010 6:44:51 AM | Computer Name = A64-4K | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 1/20/2011 6:14:16 PM | Computer Name = A64-4K | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 1/20/2011 6:14:18 PM | Computer Name = A64-4K | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 1/20/2011 6:14:22 PM | Computer Name = A64-4K | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 1/20/2011 6:14:30 PM | Computer Name = A64-4K | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 1/20/2011 6:14:31 PM | Computer Name = A64-4K | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 1/20/2011 6:14:31 PM | Computer Name = A64-4K | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 1/20/2011 6:14:32 PM | Computer Name = A64-4K | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 1/20/2011 6:14:36 PM | Computer Name = A64-4K | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 1/20/2011 6:14:41 PM | Computer Name = A64-4K | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 1/20/2011 6:14:43 PM | Computer Name = A64-4K | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.


< End of report >

OTL logfile created on: 1/21/2011 3:04:28 PM - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\Uta\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 75.19 Gb Total Space | 50.27 Gb Free Space | 66.86% Space Free | Partition Type: NTFS
Drive D: | 73.85 Gb Total Space | 35.59 Gb Free Space | 48.19% Space Free | Partition Type: NTFS

Computer Name: A64-4K | User Name: Uta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Uta\desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Glary Utilities\memdefrag.exe (Glarysoft Ltd)
PRC - C:\WINDOWS\system32\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (Wisdom Software Inc. )
PRC - C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
PRC - C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe ()
PRC - C:\Program Files\WordWeb\wweb32.exe (WordWeb Software)
PRC - C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe (Zamaan's Software)
PRC - c:\Program Files\AOL Email Toolbar\aolmailtbServer.exe (AOL LLC)
PRC - C:\Program Files\ESTsoft\ALPass\ALPass.exe (ESTsoft corp.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
PRC - C:\WINDOWS\system32\OBroker.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Felitec\Mindful\Mindful.exe (Felitec Inc.)
PRC - C:\Program Files\Iconoid\iconoid.exe (SillySot Software)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\DS Clock\dsclock.exe (Duality Software)
PRC - C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe (Chime Softwares)
PRC - C:\Program Files\Shorty\Shorty.exe (Dreamscenes.net)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Uta\desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\IObit\IObit Security 360\is360mon.dll (IObit)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (IS360service) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)


========== Driver Services (SafeList) ==========

DRV - (sp_rsdrv2) -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ()
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (pwdrvio) -- C:\WINDOWS\system32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\WINDOWS\system32\pwdspio.sys ()
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® Codename Longhorn DDK provider)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvata) -- C:\WINDOWS\System32\DRIVERS\nvata.sys (NVIDIA Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 09:16:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/04/15 18:29:36 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/01/14 18:23:29 | 000,428,637 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14760 more lines...
O2 - BHO: (IEEvents Class) - {00533B73-E574-46E9-B06A-FDF4592E67CB} - C:\Program Files\ESTsoft\ALPass\ApsHelper14.dll (ESTsoft corp.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (CitiUSBrowserHelper Class) - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\Program Files\Virtual Account Numbers\BhoCitUS.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Email Toolbar Loader) - {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (AOL Email Toolbar) - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Email Toolbar) - {A3704FA3-DBF6-46B5-B95E-0677DFD39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Mindful] C:\Program Files\Felitec\Mindful\Mindful.exe (Felitec Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PhoneTray] C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DS Clock] C:\Program Files\DS Clock\dsclock.exe (Duality Software)
O4 - HKCU..\Run: [Glary Memory Optimizer] C:\Program Files\Glary Utilities\memdefrag.exe (Glarysoft Ltd)
O4 - HKCU..\Run: [Iconoid] C:\Program Files\Iconoid\iconoid.exe (SillySot Software)
O4 - HKCU..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe (WordWeb Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pepsi Volume Controller 5.0.lnk = C:\Program Files\Zamaan's Software\Pepsi Volume Controller 5.0\pvc.exe (Zamaan's Software)
O4 - Startup: C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Glass2k.exe (Chime Softwares)
O4 - Startup: C:\Documents and Settings\Uta\Start Menu\Programs\Startup\ScreenHunter 5.1 Free.lnk = C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (Wisdom Software Inc. )
O4 - Startup: C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Shorty.LNK = C:\Program Files\Shorty\Shorty.exe (Dreamscenes.net)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Email Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Email Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Uta\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Uta\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
O9 - Extra Button: ALPass - {572E3910-4764-4E88-8929-176B2B192FF7} - C:\Program Files\ESTsoft\ALPass\ALPass.exe (ESTsoft corp.)
O9 - Extra 'Tools' menuitem : ALPass - {572E3910-4764-4E88-8929-176B2B192FF7} - C:\Program Files\ESTsoft\ALPass\ALPass.exe (ESTsoft corp.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Virtual Account Numbers - {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - C:\Program Files\Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: D:\My Pictures\Desktop display\Wide Screen\CityScape.bmp
O24 - Desktop BackupWallPaper: D:\My Pictures\Desktop display\Wide Screen\CityScape.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/21 15:01:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Uta\Desktop\OTL.exe
[2011/01/20 22:49:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Uta\Recent
[2011/01/20 14:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uta\Desktop\bleeping computer Jan 20
[2011/01/20 08:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/01/20 08:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager
[2011/01/20 08:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2011/01/19 10:57:18 | 000,081,920 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2011/01/19 10:57:18 | 000,081,920 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.EXE
[2011/01/17 09:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uta\Start Menu\Programs\Wisdom-soft ScreenHunter 5 Free
[2011/01/17 09:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wisdom-soft ScreenHunter 5 Free
[2011/01/17 09:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Wisdom-soft ScreenHunter 5 Free
[2011/01/16 15:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uta\Desktop\BleepingComputer
[2011/01/16 07:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/01/15 10:34:42 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/01/15 10:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/01/14 16:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uta\Desktop\various sytem utilities
[2011/01/14 11:27:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/01/13 11:51:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/01/12 20:05:31 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/01/12 20:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011/01/10 16:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uta\My Documents\InterVideo
[2011/01/10 16:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uta\Application Data\InterVideo
[2011/01/10 16:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InterVideo
[2011/01/10 16:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo WinDVD 5
[2011/01/10 16:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2011/01/10 16:31:28 | 000,315,248 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys
[2011/01/10 16:31:28 | 000,077,824 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\ctdvda32.dll
[2011/01/10 16:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2011/01/09 11:38:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uta\My Documents\Nero Recode
[2011/01/09 11:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2011/01/08 16:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uta\Start Menu\Programs\AVIcodec
[2011/01/08 16:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVIcodec
[2011/01/06 10:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uta\Start Menu\Programs\Windows Media
[2011/01/06 10:16:33 | 000,000,000 | ---D | C] -- C:\DECCHECK
[2011/01/06 09:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2011/01/05 20:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uta\My Documents\nvidia info
[2011/01/05 17:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/01/05 17:21:58 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/01/05 17:21:58 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/01/05 17:21:58 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/01/05 17:21:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/01/05 17:21:57 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/01/05 17:21:57 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/01/05 17:21:57 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/01/05 17:21:57 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/01/05 17:21:44 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/01/05 17:21:44 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/01/05 15:31:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uta\Application Data\ElevatedDiagnostics
[2011/01/05 13:48:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/01/05 12:00:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Uta\Recent(3)
[2011/01/04 12:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2011/01/03 20:29:39 | 001,912,872 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Uta\Application Data\Microsoft\Internet Explorer\Quick Launch\HousecallLauncher.exe
[2011/01/02 09:55:29 | 000,180,224 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QTCF.dll
[2011/01/02 09:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/01/01 21:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/01/01 11:06:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Uta\Recent(2)
[2010/12/31 17:55:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uta\Application Data\IObit
[2010/12/31 17:55:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/12/31 17:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/31 17:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uta\Start Menu\Programs\Spyware Terminator
[2010/12/31 17:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uta\Start Menu\Programs\HiJackThis
[2010/12/31 17:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uta\Start Menu\Programs\Revo Uninstaller
[2010/12/31 16:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/12/31 16:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/12/31 14:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/12/31 11:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uta\My Documents\00-pics
[2010/12/30 06:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Security 360
[2010/12/30 06:09:33 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/12/28 11:47:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uta\Application Data\Local
[2010/01/13 10:18:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Uta\Application Data\pcouffin.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/21 15:04:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/21 15:01:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Uta\Desktop\OTL.exe
[2011/01/21 12:09:52 | 000,003,838 | ---- | M] () -- C:\Documents and Settings\Uta\Application Data\wklnhst.dat
[2011/01/21 12:09:09 | 004,320,054 | ---- | M] () -- C:\Documents and Settings\Uta\Desktop\Uta-1 Jan. 21, 2011 12.09 PM.bmp
[2011/01/21 10:37:18 | 004,493,448 | ---- | M] () -- C:\Documents and Settings\Uta\My Documents\Vacuum cleaner manual.pdf
[2011/01/21 10:30:45 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/21 10:28:04 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/01/21 10:28:01 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/01/21 10:27:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/21 10:27:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/20 12:11:35 | 000,712,502 | ---- | M] () -- C:\Documents and Settings\Uta\Desktop\Dpupdchk.exe removal.bmp
[2011/01/20 12:09:06 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/20 08:59:46 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/01/20 06:30:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/19 11:13:51 | 000,081,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2011/01/19 10:57:18 | 000,081,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.EXE
[2011/01/19 10:48:18 | 021,068,854 | ---- | M] () -- C:\Documents and Settings\Uta\Desktop\1948.01.bmp
[2011/01/17 09:49:36 | 000,001,683 | ---- | M] () -- C:\Documents and Settings\Uta\Start Menu\Programs\Startup\ScreenHunter 5.1 Free.lnk
[2011/01/15 18:15:06 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe
[2011/01/15 18:15:06 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2011/01/15 10:34:42 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/01/14 18:23:29 | 000,428,637 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/14 14:00:07 | 000,092,672 | ---- | M] () -- C:\Documents and Settings\Uta\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/12 20:04:58 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\Uta\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Defender.lnk
[2011/01/11 15:04:34 | 000,000,092 | ---- | M] () -- C:\Documents and Settings\Uta\default.pls
[2011/01/11 14:29:54 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/01/11 13:32:00 | 000,428,511 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-182329.backup
[2011/01/10 20:40:08 | 000,000,000 | ---- | M] () -- C:\dump_dvd.vob
[2011/01/08 16:21:49 | 000,026,326 | ---- | M] () -- C:\Documents and Settings\Uta\My Documents\DirectShow filters list.csv
[2011/01/07 16:23:47 | 000,674,571 | ---- | M] () -- C:\Documents and Settings\Uta\My Documents\restore operation.jpg
[2011/01/07 15:54:20 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/07 15:54:20 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/07 15:54:18 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/07 14:06:34 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\Uta\.recently-used.xbel
[2011/01/07 10:06:50 | 000,002,862 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011/01/05 17:21:57 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/03 20:33:35 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Uta\Local Settings\Application Data\housecall.guid.cache
[2011/01/03 20:29:43 | 001,912,872 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Uta\Application Data\Microsoft\Internet Explorer\Quick Launch\HousecallLauncher.exe
[2011/01/01 22:49:30 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Shorty.LNK
[2010/12/31 16:39:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/12/31 11:03:43 | 000,078,664 | -H-- | M] () -- C:\Documents and Settings\Uta\My Documents\ZbThumbnail.info
[2010/12/31 11:03:10 | 000,000,926 | ---- | M] () -- C:\ZB20101231110305001.xml
[2010/12/30 08:19:05 | 000,428,373 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110111-133200.backup
[2010/12/30 06:09:42 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\Uta\Application Data\Microsoft\Internet Explorer\Quick Launch\IObit Security 360.lnk
[2010/12/27 09:33:04 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Uta\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/23 06:16:22 | 000,428,313 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101230-081905.backup
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/21 12:09:09 | 004,320,054 | ---- | C] () -- C:\Documents and Settings\Uta\Desktop\Uta-1 Jan. 21, 2011 12.09 PM.bmp
[2011/01/21 10:37:18 | 004,493,448 | ---- | C] () -- C:\Documents and Settings\Uta\My Documents\Vacuum cleaner manual.pdf
[2011/01/20 12:10:40 | 000,712,502 | ---- | C] () -- C:\Documents and Settings\Uta\Desktop\Dpupdchk.exe removal.bmp
[2011/01/18 10:46:26 | 021,068,854 | ---- | C] () -- C:\Documents and Settings\Uta\Desktop\1948.01.bmp
[2011/01/18 10:38:33 | 003,373,571 | ---- | C] () -- C:\Documents and Settings\Uta\Desktop\1948.01.jpg
[2011/01/17 09:49:36 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\Uta\Start Menu\Programs\Startup\ScreenHunter 5.1 Free.lnk
[2011/01/15 10:32:10 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/01/12 20:08:02 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/12 20:04:58 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\Uta\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Defender.lnk
[2011/01/10 16:31:28 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2011/01/10 16:31:28 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2011/01/08 16:21:49 | 000,026,326 | ---- | C] () -- C:\Documents and Settings\Uta\My Documents\DirectShow filters list.csv
[2011/01/07 16:23:47 | 000,674,571 | ---- | C] () -- C:\Documents and Settings\Uta\My Documents\restore operation.jpg
[2011/01/07 14:06:34 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\Uta\.recently-used.xbel
[2011/01/03 20:33:35 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Uta\Local Settings\Application Data\housecall.guid.cache
[2011/01/02 11:59:05 | 000,000,000 | ---- | C] () -- C:\dump_dvd.vob
[2011/01/01 22:49:30 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\Uta\Start Menu\Programs\Startup\Shorty.LNK
[2010/12/31 16:39:49 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/31 16:39:48 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/31 16:39:48 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/31 16:39:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/12/31 11:03:10 | 000,000,926 | ---- | C] () -- C:\ZB20101231110305001.xml
[2010/12/30 06:09:42 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\Uta\Application Data\Microsoft\Internet Explorer\Quick Launch\IObit Security 360.lnk
[2010/10/12 13:48:56 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ImportClient.ini
[2010/10/03 08:32:32 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010/09/12 10:06:39 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/09/08 14:22:57 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2010/09/06 09:49:35 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/08/29 17:33:24 | 000,000,071 | ---- | C] () -- C:\Documents and Settings\Uta\Local Settings\Application Data\FASTWiz.log
[2010/07/23 13:40:08 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2010/07/23 13:40:08 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2010/07/15 11:16:55 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/07/15 11:07:32 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERF4490.ini
[2010/07/08 10:21:19 | 000,000,025 | ---- | C] () -- C:\WINDOWS\PERFV30V300.ini
[2010/07/08 04:26:33 | 001,479,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/28 08:35:54 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2010/01/13 10:18:33 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Uta\Application Data\pcouffin.log
[2010/01/13 10:18:28 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Uta\Application Data\inst.exe
[2010/01/13 10:18:28 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Uta\Application Data\pcouffin.cat
[2010/01/13 10:18:28 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Uta\Application Data\pcouffin.inf
[2009/03/09 07:37:11 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\dcbccacfe9_s.dll
[2009/03/03 09:46:08 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2009/03/03 09:46:08 | 000,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll
[2009/03/03 09:46:08 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2009/03/03 09:46:08 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll
[2009/03/03 09:46:08 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll
[2009/03/03 09:46:08 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2009/03/03 08:28:39 | 000,000,179 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/03/03 06:54:06 | 000,005,017 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tuhpttzl.his
[2009/03/03 06:53:30 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\essfaxpm.dll
[2009/03/02 14:41:44 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/03/01 19:34:07 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2009/03/01 18:45:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/01 16:45:07 | 000,005,817 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/01 16:43:48 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2009/03/01 16:43:45 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2009/03/01 16:43:45 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2009/03/01 16:43:36 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2009/03/01 16:43:36 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2009/03/01 10:25:26 | 000,002,862 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/03/01 09:01:51 | 000,000,023 | -HS- | C] () -- C:\WINDOWS\System32\abaeeab9_g.dll
[2009/02/28 20:07:03 | 000,003,838 | ---- | C] () -- C:\Documents and Settings\Uta\Application Data\wklnhst.dat
[2009/02/28 18:48:28 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarIe7.dll
[2009/02/28 18:48:28 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarBho.dll
[2009/02/28 11:59:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\swunilog.ini
[2009/02/28 09:04:47 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\Uta\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/28 08:08:00 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/02/28 07:54:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/27 22:56:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/10/30 23:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/30 23:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/30 23:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/30 23:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/30 23:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/30 23:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/30 23:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/30 23:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(9).dll
[2006/10/30 23:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(8).dll
[2006/10/30 23:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(7).dll
[2006/10/30 23:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(16).dll
[2006/10/30 23:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(15).dll
[2006/10/30 23:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(14).dll
[2006/10/30 23:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(13).dll
[2006/10/30 23:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(12).dll
[2006/10/30 23:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(11).dll
[2006/10/30 23:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(10).dll
[2004/09/15 02:09:08 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\SkinPlusPlusDLL.dll

========== LOP Check ==========

[2011/01/05 17:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/03/03 11:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2009/03/03 11:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/02/28 15:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/03/01 06:45:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/01/16 07:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/08/03 19:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2011/01/15 10:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/12/31 17:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/07/22 18:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2011/01/20 08:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/01/06 09:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2011/01/18 08:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2011/01/18 09:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/09 07:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/01/11 23:24:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
[2010/07/28 13:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uta\Application Data\Auslogics
[2009/03/08 06:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uta\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/05 15:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uta\Application Data\DVDVideoSoft
[2010/08/05 15:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uta\Application Data\DVDVideoSoftIEHelpers
[2011/01/13 11:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uta\Application Data\ElevatedDiagnostics
[2010/07/15 11:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uta\Application Data\EPSON
[2010/10/22 15:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uta\Application Data\Free AVI MPEG WMV MP4 FLV Video Joiner
[2010/09/07 17:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uta\Application Data\FxFotoDB
[2010/07/29 13:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uta\Application Data\GlarySoft
[2010/06/15 01:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uta\Application Data\gtk-2.0
[2010/07/26 11:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uta\Application Data\ImgBurn
[2011/01/10 16:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uta\Application Data\InterVideo
[2010/12/31 17:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uta\Application Data\IObit
[2009/03/01 09:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uta\Application Data\Lingo4u
[2010/12/28 11:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uta\Application Data\Local
[2009/03/01 16:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uta\Application Data\MGI
[2010/08/02 09:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uta\Application Data\RipIt4Me
[2009/10/28 19:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uta\Application Data\SolSuite
[2011/01/20 14:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uta\Application Data\Spyware Terminator
[2009/03/04 10:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uta\Application Data\Template
[2009/03/09 07:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uta\Application Data\Ulead Systems
[2009/12/06 16:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uta\Application Data\WordWeb
[2011/01/21 10:28:01 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/01/21 10:30:45 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\explorer.exe:SummaryInformation

< End of report >


Thank you very much!!!

#6 Welttraveler

Welttraveler
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 21 January 2011 - 05:37 PM

The CDRom errors are very odd, because I was able to play the very same DVD later that day. Sometimes the drive works and then it doesn't.

#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:40 PM

Posted 22 January 2011 - 09:09 AM

I don't see any malware but this is leaning towards a faulty drive:

Error - 1/20/2011 6:14:16 PM | Computer Name = A64-4K | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 1/20/2011 6:14:18 PM | Computer Name = A64-4K | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 1/20/2011 6:14:22 PM | Computer Name = A64-4K | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 1/20/2011 6:14:30 PM | Computer Name = A64-4K | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 1/20/2011 6:14:31 PM | Computer Name = A64-4K | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 1/20/2011 6:14:31 PM | Computer Name = A64-4K | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 1/20/2011 6:14:32 PM | Computer Name = A64-4K | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 1/20/2011 6:14:36 PM | Computer Name = A64-4K | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 1/20/2011 6:14:41 PM | Computer Name = A64-4K | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 1/20/2011 6:14:43 PM | Computer Name = A64-4K | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

I suggest changing it if the problems continue.
Did you remove the infection that hitman pro found?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#8 Welttraveler

Welttraveler
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 22 January 2011 - 12:46 PM

Yes, I did remove the infection. It was in an application that was scanned with multipe online scanners. I think malware attacked it because it was running ok for a long time.
Thanks for the help.

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:40 PM

Posted 23 January 2011 - 12:09 PM

You are welcome.
Please uninstall this version only of Java > Java™ 6 Update 3
=========
  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.
======================Clear out infected System Restore points======================
Then we need to reset your System Restore points.
The link below shows how to do this.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.


After that your all set.


===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

How did I get infected in the first place? Also this one by Tony Klein.

If your computer is slow Things you can do if your computer is slow.

PC Safety and Security - What Do I Need? Security suggestions and general hints and tips for PC security.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...



===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware
superantispyware

===Free antivirus links===

This is antivirus and antispyware.
Microsoft Security Essentials
This is free antispyware protection and Antivirus protection.
AVG free
This is just antivirus protection.
Antivir
This is antivirus and antispyware protection.
Avast
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users