Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine redirect persists after fixing other issues


  • This topic is locked This topic is locked
22 replies to this topic

#1 Glint

Glint

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 11 February 2011 - 07:32 PM

Bleeping Computer Gurus please help.

I have a persistent search engine redirect issue. I have been trying to remove it since it first popped up over a week ago. It started as a fake virus scan software that changed my internet connection settings so that only it would work & and a rootkit (I think it was called TLD4). Using various anti-virus/spyware software I seemed to have gotten rid of the rootkit and fake virus scan, but the redirect issue isn’t going away.

Thank you in advance for fighting the good fight and for your help with my issue.

Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:57:02 PM, on 2/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Backup\Utilities\Spyware removal\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {31c8dcc1-ec21-6caa-b880-4eb27c574ea7} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/42.19/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267942632984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267984429000
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://constantcontact.webex.com/client/T26L/training/ieatgpc.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - http://yme.music.yahoo.com/qos/cabs/DiagCollectionControl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate1ca4306ce17a000) (gupdate1ca4306ce17a000) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12463 bytes

BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:02:18 PM

Posted 15 February 2011 - 06:12 PM

Hi,

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.

Do Not make any changes on your own to the infected computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now, let's look more thoroughly at the infected computer -

We need to see some information about what is happening in your machine. Please perform the following scan:
  • We need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Next, we need a log from the GMER anti-rootkit scanner, but, first, we need to disable your CD Emulation drivers.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Next, please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Once you have the above logs, click on the Add Reply button below, copy in the contents of the two OTL logs and the GMER log. Also include any comments that you might have concerning the infection(s) and the infected computer.
Shannon

#3 Glint

Glint
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 16 February 2011 - 02:04 AM

Shannon,

Thank you so much for your help!

Since my initial request I have ran a few different mallware & virus scans. Malwarebytes, Avast and an Avira boot CD. Now that you are on the case I will resist the urge to keep messing with it and follow your instructions to the letter.

I have a couple of notes from following your directions. After running DeFogger I was not asked to reboot the computer, I did anyways. Pasting all three text files resulted in my post being too long, so I'm breaking up my reply into several posts.

Here are the requested log files:
OTL.txt:
OTL logfile created on: 2/15/2011 7:53:11 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Backup\Utilities\Spyware removal
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 11.82 Gb Free Space | 5.07% Space Free | Partition Type: NTFS
Drive T: | 1397.26 Gb Total Space | 300.33 Gb Free Space | 21.49% Space Free | Partition Type: NTFS

Computer Name: AMDADDY | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/15 19:52:10 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Backup\Utilities\Spyware removal\OTL.exe
PRC - [2011/02/11 08:55:02 | 000,939,848 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/02/11 08:54:58 | 001,405,384 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/01/13 01:06:26 | 003,115,976 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
PRC - [2011/01/13 00:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 00:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/25 21:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/10/01 18:20:58 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/24 08:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/14 08:52:47 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/12/20 17:12:36 | 000,131,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe


========== Modules (SafeList) ==========

MOD - [2011/02/15 19:52:10 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Backup\Utilities\Spyware removal\OTL.exe
MOD - [2011/01/13 00:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/10/01 18:21:27 | 000,102,400 | ---- | M] (RealPlayer) -- c:\Program Files\Real\realplayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2009/08/13 05:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/11 08:54:58 | 001,405,384 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/01/13 00:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/05/21 15:57:50 | 000,092,792 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/02/15 17:28:31 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0168AC8-F027-4029-BDB5-225D8E79AB83}\MpKslc87d3d6d.sys -- (MpKslc87d3d6d)
DRV - [2011/02/15 17:25:19 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0168AC8-F027-4029-BDB5-225D8E79AB83}\MpKsla8d6b2dd.sys -- (MpKsla8d6b2dd)
DRV - [2011/02/11 09:00:24 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/02/11 08:55:31 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/01/13 00:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 00:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 00:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/13 00:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 00:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/13 00:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/26 10:39:08 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\4.tmp -- (MEMSWEEP2)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/10/07 00:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 00:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 500(UVC)
DRV - [2009/10/07 00:47:55 | 000,266,008 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/03/02 21:52:14 | 000,128,008 | R--- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TotRec7.sys -- (TotRec7)
DRV - [2008/05/21 15:57:38 | 000,034,576 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 10:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 10:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/08/16 14:24:34 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/08/16 14:24:32 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2007/08/16 14:24:32 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/08/16 14:24:32 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/04/19 12:26:00 | 003,988,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/12/13 17:31:56 | 000,087,040 | ---- | M] (Cmotech Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmusbser.sys -- (cmusbser)
DRV - [2005/04/13 12:34:02 | 000,414,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2005/04/13 12:32:42 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2005/04/06 03:22:30 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/04/06 03:22:28 | 000,033,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2002/09/27 18:56:50 | 000,009,856 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/04/11 10:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/09/18 19:25:48 | 000,057,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2001/08/17 06:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-220523388-1454471165-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-220523388-1454471165-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-220523388-1454471165-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
IE - HKU\S-1-5-21-220523388-1454471165-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-220523388-1454471165-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-220523388-1454471165-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-220523388-1454471165-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{47D75892-4B3F-47C7-AD63-1C3062B81F3E}: C:\Documents and Settings\Owner\Local Settings\Application Data\{47D75892-4B3F-47C7-AD63-1C3062B81F3E} [2010/05/04 15:49:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1D5944B1-3BE7-47FA-B059-CFF4C8A1DA02}: C:\Documents and Settings\Administrator.AMDADDY\Local Settings\Application Data\{1D5944B1-3BE7-47FA-B059-CFF4C8A1DA02}\ [2010/03/04 20:20:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/06 14:59:50 | 000,000,000 | ---D | M]

[2010/01/17 15:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/01/17 15:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2011/02/10 20:58:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {31c8dcc1-ec21-6caa-b880-4eb27c574ea7} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-220523388-1454471165-839522115-1003\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-220523388-1454471165-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-220523388-1454471165-839522115-1003..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-220523388-1454471165-839522115-1003..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-220523388-1454471165-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-220523388-1454471165-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-1454471165-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220523388-1454471165-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-220523388-1454471165-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-220523388-1454471165-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-220523388-1454471165-839522115-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-220523388-1454471165-839522115-1003\..Trusted Domains: pge.com ([ra] https in Trusted sites)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/42.19/uploader2.cab (UploadListView Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267942632984 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267984429000 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} http://download.yahoo.com/dl/bookmarks/ybconvfav030408.cab (YbUploadFavsCtl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://constantcontact.webex.com/client/T26L/training/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} http://yme.music.yahoo.com/qos/cabs/DiagCollectionControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/09 01:30:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/12 11:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/02/11 15:55:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\CleanUp!
[2011/02/11 15:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2011/02/11 14:56:57 | 000,294,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/02/11 14:56:57 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/02/11 14:56:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/02/11 14:56:56 | 000,047,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/02/11 14:56:56 | 000,023,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/02/11 14:56:55 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/02/11 14:56:55 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/02/11 14:56:54 | 000,029,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/02/11 14:56:38 | 000,188,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/02/11 14:56:38 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/02/11 14:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/02/11 14:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/02/11 09:02:30 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/02/11 09:01:56 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/02/11 08:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sunbelt Software
[2011/02/11 08:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/02/11 08:00:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011/02/11 07:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/02/11 07:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/02/11 07:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/02/10 21:03:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/02/10 18:39:43 | 000,000,000 | ---D | C] -- C:\Adobe
[2011/02/10 18:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2011/02/10 18:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\HPAppData
[2011/02/10 18:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/02/10 18:06:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011/02/10 18:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/09 19:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/02/09 19:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/02/09 19:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/02/09 19:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/02/09 19:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/08 17:55:45 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2011/02/08 17:55:45 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2011/02/08 17:33:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/08 17:24:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/08 17:24:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/08 17:24:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/08 17:24:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/08 17:24:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/08 17:19:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/08 04:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/02/06 11:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/02/06 10:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\iaexcqxhv
[2011/02/06 09:15:28 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/02/05 15:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/02/03 18:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/02/03 18:39:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/02/03 14:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/02/03 09:04:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/03 09:04:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/03 09:04:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/02 21:28:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/02/02 21:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/01/21 06:44:37 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/01/18 20:08:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\PERU
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/15 19:47:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/15 19:43:33 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B32BDC43-908E-4273-AC79-C3687751E0A5}.job
[2011/02/15 17:33:31 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/02/15 17:31:37 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/02/15 17:29:09 | 000,000,433 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/02/15 17:29:08 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/15 17:28:29 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\tasks\NMTQS.job
[2011/02/15 17:27:07 | 000,041,237 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/02/15 17:26:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/15 17:26:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/02/15 17:26:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/02/13 16:35:29 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/12 11:53:51 | 000,227,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/12 11:49:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/12 11:46:56 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/02/12 08:23:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/11 16:11:25 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/02/11 14:56:58 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/02/11 14:56:55 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/02/11 09:01:52 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/02/11 09:01:12 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/02/11 08:55:31 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/02/11 08:17:55 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/02/11 08:17:55 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/11 07:59:58 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/02/11 07:59:58 | 000,000,902 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/02/10 20:58:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/08 17:33:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/02/06 11:52:49 | 000,000,986 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/06 11:52:49 | 000,000,968 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/02/05 15:38:37 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/02/03 14:36:41 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/02/03 09:04:54 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/01/28 10:02:28 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/01/21 06:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011/01/21 06:44:37 | 000,439,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/13 16:43:42 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/02/12 11:48:43 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/02/12 11:46:56 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/02/12 11:46:56 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/02/11 20:50:49 | 000,000,105 | ---- | C] () -- C:\Documents and Settings\Owner\profilingData.log
[2011/02/11 14:56:58 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/02/11 09:19:36 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/02/11 09:08:46 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/02/11 08:17:55 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/02/11 08:17:55 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/11 07:59:58 | 000,000,920 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/02/11 07:59:58 | 000,000,902 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/02/10 18:21:18 | 000,000,312 | -HS- | C] () -- C:\WINDOWS\tasks\NMTQS.job
[2011/02/08 17:33:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/02/08 17:33:47 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/08 17:24:28 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/08 17:24:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/08 17:24:28 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/08 17:24:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/08 17:24:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/06 11:52:49 | 000,000,986 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/06 11:52:49 | 000,000,968 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/02/05 15:38:01 | 000,001,715 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/02/03 14:36:41 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/02/03 09:04:54 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/02 21:30:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/28 11:44:20 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2010/08/06 14:50:55 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/03/13 09:42:03 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/06 22:38:45 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/04 19:49:31 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\rbuwzv.dat
[2010/02/22 20:44:18 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\bwmedia.dll
[2010/02/22 20:36:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\olx98NT.sys
[2010/01/16 16:50:40 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/12/28 16:29:25 | 000,000,366 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/05/17 13:49:57 | 000,000,099 | ---- | C] () -- C:\WINDOWS\vgplayer.ini
[2008/12/31 13:20:04 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/08/19 15:17:55 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mcs.rma
[2008/08/19 15:17:55 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\FFAEBE
[2008/07/08 16:40:41 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/08 16:40:41 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/05/21 15:56:36 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/05/01 18:46:33 | 000,028,238 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2007/10/23 19:29:52 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\VYAAUFMZPWQQ.SYS
[2007/07/13 20:42:26 | 000,000,109 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/06/15 12:07:56 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2007/03/12 19:25:35 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/14 15:19:02 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/08/14 15:19:02 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2006/08/14 09:38:47 | 000,000,541 | ---- | C] () -- C:\WINDOWS\smrpro.INI
[2006/05/22 18:16:53 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/05/22 18:16:53 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/05/22 18:16:53 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/04/10 21:56:07 | 000,165,232 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Cosmos Prefs
[2005/12/12 10:28:32 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2005/12/09 14:48:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/12/09 14:30:38 | 000,000,525 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2005/12/09 02:45:28 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/09 02:18:16 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3g.DLL
[2005/12/09 01:31:08 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/08 17:25:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/11/11 13:47:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/11/11 13:47:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/11/11 13:47:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/11/11 13:47:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/11/11 13:47:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/11/11 13:47:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/11/11 13:47:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/11 10:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf:SummaryInformation
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29

< End of report >



Extra.txt:
OTL Extras logfile created on: 2/15/2011 7:53:11 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Backup\Utilities\Spyware removal
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 11.82 Gb Free Space | 5.07% Space Free | Partition Type: NTFS
Drive T: | 1397.26 Gb Total Space | 300.33 Gb Free Space | 21.49% Space Free | Partition Type: NTFS

Computer Name: AMDADDY | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\pcAnywhere\winaw32.exe" = C:\Program Files\Symantec\pcAnywhere\winaw32.exe:*:Enabled:pcAnywhere Main Program -- (Symantec Corporation)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\Valve\Steam\SteamApps\common\bookworm adventures deluxe\BookwormAdventures.exe" = C:\Program Files\Valve\Steam\SteamApps\common\bookworm adventures deluxe\BookwormAdventures.exe:*:Enabled:Bookworm Adventures Deluxe -- (PopCap Games, Inc.)
"C:\Program Files\Valve\Steam\SteamApps\common\bioshock\Builds\Release\Bioshock.exe" = C:\Program Files\Valve\Steam\SteamApps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:Bioshock -- ()
"C:\Program Files\Boxee\BOXEE.exe" = C:\Program Files\Boxee\BOXEE.exe:*:Enabled:Boxee -- (boxee.tv)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Valve\Steam\SteamApps\common\torchlight\Torchlight.exe" = C:\Program Files\Valve\Steam\SteamApps\common\torchlight\Torchlight.exe:*:Enabled:Torchlight -- (Runic Games, Inc.)
"C:\Program Files\Real\realplayer\realplay.exe" = C:\Program Files\Real\realplayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0E6FDBFA-7BF9-4C6D-9FAA-5ACF27710361}" = Franklin CDU680 USB Modem
"{105C38AF-4C1C-4279-8C59-9680792B3E59}" = MotionBased Agent
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{174D5678-D941-433C-BD23-58A5C7B0D36D}" = Jasc Animation Shop 3
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{2FD94FBC-07AE-475C-B522-BFE899B9048E}" = Garmin WebUpdater
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{44E24545-F317-4498-B7CD-240DE7BA8DE2}" = RAW Image Task
"{4787278D-6526-4701-A9FE-03E7EE9F1945}" = Garmin Training Center
"{4DBBF091-FACD-422C-B43C-786335BD5398}" = MovieEdit Task
"{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55BC7EFA-D832-4EE3-9DEA-49B0C07539D9}" =
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = MyDVD
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97901EEE-8617-4261-AD04-BD06ACA467B6}" = Visions at a Glance
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = RemoteCapture 2.7.0
"{C05E8183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C865B036-B1D9-417F-BA37-E0D5D391B79F}" = Garmin PC Basemap v2
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{DCDC8E79-4600-4C02-9824-CD3BB8971D4E}" =
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1D7C392-EAF5-405F-A31D-BBD3B56C0C6A}" = ImageMixer 3 SE for SD
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = File Viewer Utility 1.2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AIM_7" = AIM 7
"AlbumArtTagger_is1" = MediaMonkey Script - AlbumArtTagger 3.9
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"CANONBJ_Deinstall_CNMCP3g.DLL" = Canon S900
"CCleaner" = CCleaner
"Citrix ICA Web Client" = Citrix ICA Web Client
"CleanUp!" = CleanUp!
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ExpressBurn" = Express Burn
"Google Chrome" = Google Chrome
"HandBrake" = Handbrake 0.9.4
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IGN Download Manager" = IGN Download Manager 2.2.1
"ImageConverter Plus_is1" = ImageConverter Plus 7.1
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{44E24545-F317-4498-B7CD-240DE7BA8DE2}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{4DBBF091-FACD-422C-B43C-786335BD5398}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX
"InstallShield_{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = Canon Utilities File Viewer Utility 1.2
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.2
"Metronome_is1" = D'Accord Metronome
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"oggcodecs" = oggcodecs 0.71.0946
"OpenAL" = OpenAL
"PhotoRecord" = Canon PhotoRecord
"Picasa 3" = Picasa 3
"PitchPerfect" = PitchPerfect Musical Instrument Tuner
"PowerArchiver_is1" = PowerArchiver 2004 v9.25
"PS3 Media Server" = PS3 Media Server
"Puzzle Quest1.01" = Puzzle Quest
"RealPlayer 12.0" = RealPlayer
"Rhapsody" = Rhapsody
"Shop for HP Supplies" = Shop for HP Supplies
"Snood Towers_is1" = Snood Towers for Windows version 1.02
"Snood_is1" = Snood for Windows version 3.52-W
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"Steam App 400" = Portal
"Steam App 41500" = Torchlight
"Steam App 7670" = Bioshock
"ToolBox" = NCH Toolbox
"TotalRecorder" = Total Recorder 7.1
"Transcribe!_is1" = Transcribe! 8.10
"URLSnooper 2_is1" = URL Snooper v2.22.02
"Videora iPod touch Converter" = Videora iPod touch Converter 6
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.1 beta4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xqdcXSP_is1" = Xteq-dotec X-Setup Pro 6.6.300.Final1
"YouTube Downloader App" = YouTube Downloader App 3.00

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-220523388-1454471165-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BOXEE" = Boxee
"Dropbox" = Dropbox
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/10/2011 9:34:02 AM | Computer Name = AMDADDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/10/2011 10:11:48 PM | Computer Name = AMDADDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 2/10/2011 10:11:49 PM | Computer Name = AMDADDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/11/2011 9:59:27 AM | Computer Name = AMDADDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 2/11/2011 9:59:33 AM | Computer Name = AMDADDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/11/2011 12:31:10 PM | Computer Name = AMDADDY | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2/11/2011 8:32:48 PM | Computer Name = AMDADDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 2/11/2011 8:32:49 PM | Computer Name = AMDADDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/12/2011 1:05:47 PM | Computer Name = AMDADDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 2/12/2011 1:05:47 PM | Computer Name = AMDADDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 2/13/2011 8:36:19 PM | Computer Name = AMDADDY | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 2/13/2011 8:40:47 PM | Computer Name = AMDADDY | Source = ipnathlp | ID = 30005
Description = The DHCP allocator has detected a DHCP server with IP address 192.168.0.1
on
the same network as the interface with IP address 192.168.0.198. The allocator has
disabled itself on the interface in order to avoid confusing DHCP clients.

Error - 2/13/2011 8:51:04 PM | Computer Name = AMDADDY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.97.1099.0 Update Source: %%851 Update Stage:
%%853 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6502.0&avdelta=1.97.1099.0&asdelta=1.97.1099.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.6502.0 Error code: 0x80072ee2 Error description: The
operation timed out

Error - 2/13/2011 8:51:04 PM | Computer Name = AMDADDY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.97.1099.0 Update Source: %%851 Update Stage:
%%853 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6502.0&avdelta=1.97.1099.0&asdelta=1.97.1099.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.6502.0 Error code: 0x80072ee2 Error description: The
operation timed out

Error - 2/13/2011 8:51:04 PM | Computer Name = AMDADDY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.97.1099.0 Update Source: %%851 Update Stage:
%%853 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6502.0&avdelta=1.97.1099.0&asdelta=1.97.1099.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.6502.0 Error code: 0x80072ee2 Error description: The
operation timed out

Error - 2/13/2011 8:51:04 PM | Computer Name = AMDADDY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.97.1099.0 Update Source: %%851 Update Stage:
%%853 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6502.0&avdelta=1.97.1099.0&asdelta=1.97.1099.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.6502.0 Error code: 0x80072ee2 Error description: The
operation timed out

Error - 2/14/2011 11:01:21 PM | Computer Name = AMDADDY | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 2/15/2011 12:54:11 AM | Computer Name = AMDADDY | Source = ipnathlp | ID = 30005
Description = The DHCP allocator has detected a DHCP server with IP address 192.168.0.1
on
the same network as the interface with IP address 192.168.0.198. The allocator has
disabled itself on the interface in order to avoid confusing DHCP clients.

Error - 2/15/2011 9:29:03 PM | Computer Name = AMDADDY | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 2/15/2011 9:31:36 PM | Computer Name = AMDADDY | Source = ipnathlp | ID = 30005
Description = The DHCP allocator has detected a DHCP server with IP address 192.168.0.1
on
the same network as the interface with IP address 192.168.0.198. The allocator has
disabled itself on the interface in order to avoid confusing DHCP clients.


< End of report >

#4 Glint

Glint
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 16 February 2011 - 02:08 AM

My original post was too long, so I had to break it up into several parts. This is the second part 2 of 3.

Here is my GMER log:
gmer.log:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-15 22:59:37
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-12 ST3250823AS rev.3.03
Running: hv79pom5.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pwldrpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB6C7A728]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xB6C817EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xB6C816A2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xB6C81CA8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xB6C81BBE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xB6C81276]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB6C7A7D8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xB6C8177E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xB6C811B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xB6C81218]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB6C7A870]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xB6C818C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB6C81D76]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xB6C81880]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xB6C81A04]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB6C8E82E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xB6C8E652]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xB6C8E78C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 23E8 80501C20 4 Bytes JMP A0B6C817
PAGE ntkrnlpa.exe!ZwLoadDriver 8057969A 7 Bytes JMP B6C8E790 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805A0816 7 Bytes JMP B6C8E656 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1DB4 5 Bytes JMP B6C8A1EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8C2C 5 Bytes JMP B6C8BC88 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C74CC 7 Bytes JMP B6C8E832 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xBA241A0C]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB921C360, 0x24CB9D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[120] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[120] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[120] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[120] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[120] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[120] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[120] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[120] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[120] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[120] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[120] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[120] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[120] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[120] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[120] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[160] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[160] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[160] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[160] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[160] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[160] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[160] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[160] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[160] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[160] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[160] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[160] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[160] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[160] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[160] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[176] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[176] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[176] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[176] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[176] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[176] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[176] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[176] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[176] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[176] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[176] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[176] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[176] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[176] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[176] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe[224] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe[224] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe[224] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe[224] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe[224] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe[224] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe[224] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[728] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[728] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[728] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[728] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[728] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[728] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[728] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[728] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[728] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[728] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[772] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[772] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[772] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[772] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[772] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[772] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[772] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[772] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[772] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[772] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[772] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[772] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[772] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[784] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[784] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[784] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[784] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[784] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[784] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[784] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[784] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[784] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[784] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[784] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[784] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[784] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[944] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[944] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[944] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[944] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[944] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1136] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1136] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1136] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1136] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1136] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1164] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1164] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1164] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1164] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1164] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1164] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1164] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1164] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1164] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1164] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1164] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1164] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1164] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1164] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1164] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1364] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1364] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1364] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1364] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1364] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Backup\Utilities\Spyware removal\GMER\hv79pom5.exe[1592] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Backup\Utilities\Spyware removal\GMER\hv79pom5.exe[1592] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1688] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\WINDOWS\Explorer.EXE[1820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1820] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1820] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1820] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1820] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1820] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1820] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1820] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1820] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1820] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1820] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1820] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1820] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1820] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[1892] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[1892] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[1892] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[1892] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[1892] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[1892] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[1892] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[1892] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[1892] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[1892] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[1892] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[1892] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[1892] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[1892] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[1892] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1900] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1900] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1900] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1900] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1900] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1900] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1900] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1900] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1900] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1900] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1900] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1900] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1900] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1900] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe[1908] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe[1908] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe[1908] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe[1908] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe[1908] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe[1908] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe[1908] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe[1908] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe[1908] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe[1908] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe[1908] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe[1908] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe[1908] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe[1908] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe[1908] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1916] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1916] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1916] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1916] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1916] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1916] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1916] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1916] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1916] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1916] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1916] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1916] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1916] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1916] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1916] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1936] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1936] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1936] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1936] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1936] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1936] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1936] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1936] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1936] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1936] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1936] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1936] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1936] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1936] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1936] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1952] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1952] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1952] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1952] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1952] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1952] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1952] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5

#5 Glint

Glint
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 16 February 2011 - 02:10 AM

My original post was too long, so I had to break it up into several parts. This is part 3 of 3.

Here is the rest of GMER log:
Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1952] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1952] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1952] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1952] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1952] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1952] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1952] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1952] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1960] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1960] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1960] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1960] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1960] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1960] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1960] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1960] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1960] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1960] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1960] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1960] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1960] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1960] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1960] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1976] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1976] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1976] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1976] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1976] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1976] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1976] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1976] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1976] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1976] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1976] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1992] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1992] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1992] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1992] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1992] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1992] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1992] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1992] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1992] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1992] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1992] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1992] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1992] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1992] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1992] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2040] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2040] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2040] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2040] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2040] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2040] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2040] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2040] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2040] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2040] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2040] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2040] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[2076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[2076] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[2076] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[2076] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[2076] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[2076] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[2076] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[2076] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[2076] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[2076] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[2076] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[2076] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[2076] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[2076] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[2076] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\rundll32.exe[2084] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\rundll32.exe[2084] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\rundll32.exe[2084] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\rundll32.exe[2084] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\rundll32.exe[2084] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\rundll32.exe[2084] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\rundll32.exe[2084] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\rundll32.exe[2084] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\rundll32.exe[2084] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\rundll32.exe[2084] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\rundll32.exe[2084] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\rundll32.exe[2084] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\rundll32.exe[2084] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\rundll32.exe[2084] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\rundll32.exe[2084] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2380] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2380] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2380] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2380] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2380] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2380] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2380] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2380] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2380] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2380] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2380] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2380] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2380] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2380] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2408] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2408] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2408] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2408] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2408] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2408] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2408] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2408] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2408] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2408] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2408] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2408] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2408] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2408] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2408] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2784] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2784] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2784] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2784] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2784] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2784] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2784] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2784] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2784] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2784] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2820] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2820] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2820] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2820] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2820] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2820] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2820] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2820] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2820] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2820] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2820] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2820] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2820] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3052] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3052] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3052] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3052] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3052] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3052] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3052] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3052] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3052] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3052] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3052] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3052] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[3100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[3100] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[3100] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[3100] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[3100] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[3100] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[3100] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[3100] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[3100] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[3100] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[3100] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[3100] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[3100] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[3100] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[3100] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3160] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3160] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3160] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3160] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3160] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3160] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3160] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3160] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3160] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3160] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3160] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3160] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3160] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3160] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3160] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3172] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3172] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3172] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3172] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3172] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3172] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3172] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3172] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3172] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3172] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3172] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3172] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3172] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3172] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3232] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3232] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3232] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3232] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3232] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3232] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3232] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3232] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3232] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3232] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3232] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3232] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3232] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3232] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3276] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3276] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3276] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3276] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3276] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3276] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3276] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3276] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3276] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3276] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3276] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3276] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3276] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[3472] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[3472] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[3472] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[3472] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[3472] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[3472] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[3472] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[3472] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[3472] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[3472] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[3472] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[3472] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[3472] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[3472] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\nvsvc32.exe[3472] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3484] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3484] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3484] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3484] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3484] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3484] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3484] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3484] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3484] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3484] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3484] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3484] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3484] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3644] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3644] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3644] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3644] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3644] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3644] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3644] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3644] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3644] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3644] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3644] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3644] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3644] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3728] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3728] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3728] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3728] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3728] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3728] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3728] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3728] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3728] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3728] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3728] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3728] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3728] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3760] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3760] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3760] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3760] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3760] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3760] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3760] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3760] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3760] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3760] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3760] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3760] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3760] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3760] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3932] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3932] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3932] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3932] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3932] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3932] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3932] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3932] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3932] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3932] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3932] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3932] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3932] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3932] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3944] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3944] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3944] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3944] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3944] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3944] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3944] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3944] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3944] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3944] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3944] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3944] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3944] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3944] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3944] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[4076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[4076] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[4076] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[4076] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[4076] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[4076] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[4076] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[4076] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[4076] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[4076] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[4076] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[4076] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[4076] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[4076] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[4076] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[772] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00600002
IAT C:\WINDOWS\system32\services.exe[772] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00600000
IAT C:\WINDOWS\Explorer.EXE[1820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02772F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02772C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02772CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02772CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [012C2F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [012C2C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [012C2CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [012C2CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#6 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:02:18 PM

Posted 16 February 2011 - 08:45 AM

Hi-

Thanks for the logs. Could you also send me the ComboFix report (c:\ComboFix.txt) from 2/11.
Shannon

#7 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:02:18 PM

Posted 16 February 2011 - 11:55 AM

Hi-

Thank you again for the logs. If you do or did have a TDL4 infection, it is a backdoor trojan. A backdoor trojan allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide to continue with the cleanup -

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Next, please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.7.0) from Kaspersky's website.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.

    To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.

  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
Then, please run Malwarebytes' Anti-Malware (MBAM)
  • Click on the Update tab and click the Check for Updates button.
  • When the update is finished, click on the Scanner tab.
  • Select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
In your reply, please copy in the Security Check, the TDSSKiller, and the MBAM reports plus the ComboFix report, if you haven't already sent it. Also, let me know how your computer is doing now.
Shannon

#8 Glint

Glint
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 16 February 2011 - 03:43 PM

Hi Shannon,

Thanks again for your help. I'm home for lunch so I only have time to send you the ComboFix log. I'll do and send the rest when I get home this evening.

ComboFix 11-02-09.05 - Administrator 02/10/2011 19:54:09.4.1 - x86 MINIMAL
Running from: c:\backup\Utilities\Spyware removal\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\Application Data\61BC7F4A6A6F282185F3AF455855D4DD
c:\documents and settings\NetworkService\Application Data\61BC7F4A6A6F282185F3AF455855D4DD\cafbine70mps.exe
c:\documents and settings\NetworkService\Application Data\61BC7F4A6A6F282185F3AF455855D4DD\enemies-names.txt
c:\documents and settings\NetworkService\Application Data\61BC7F4A6A6F282185F3AF455855D4DD\local.ini
c:\documents and settings\NetworkService\Application Data\61BC7F4A6A6F282185F3AF455855D4DD\lsrslt.ini
c:\documents and settings\NetworkService\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-01-11 to 2011-02-11 )))))))))))))))))))))))))))))))
.

2011-02-11 03:05 . 2010-05-26 18:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-02-11 02:41 . 2011-02-11 02:41 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\61BC7F4A6A6F282185F3AF455855D4DD
2011-02-11 02:39 . 2011-02-11 02:39 -------- d-----w- C:\Adobe
2011-02-11 02:33 . 2011-02-11 02:33 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-02-11 02:32 . 2011-02-11 02:37 -------- d-----w- c:\documents and settings\NetworkService\Application Data\HPAppData
2011-02-11 02:21 . 2011-02-11 02:21 59904 --sha-r- c:\windows\system32\dmview7.dll
2011-02-11 02:06 . 2011-02-11 02:06 -------- d-----w- c:\program files\Sophos
2011-02-11 02:03 . 2011-02-11 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-02-10 03:34 . 2011-02-03 01:10 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{728A2DFC-C854-45CE-A32C-13728E0B7734}\mpengine.dll
2011-02-10 03:30 . 2011-02-10 03:30 -------- d-----w- c:\documents and settings\Default User\Application Data\Apple Computer
2011-02-10 03:30 . 2011-02-10 03:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-02-09 01:55 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2011-02-09 01:55 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2011-02-08 09:24 . 2011-02-08 09:24 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer
2011-02-06 19:52 . 2011-02-10 03:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-06 18:59 . 2011-02-06 18:59 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-05 23:37 . 2011-02-10 03:30 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-04 02:39 . 2011-02-06 22:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-02-03 17:04 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-03 17:04 . 2011-02-06 18:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-03 17:04 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-15 16:54 . 2011-01-15 16:54 -------- d-----w- C:\BJPrinter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 01:11 . 2010-11-19 06:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2005-12-09 09:29 81920 ----a-w- c:\windows\system32\isign32.dll
.

------- Sigcheck -------

Cryptography Services Error !!
.
((((((((((((((((((((((((((((( SnapShot@2011-02-09_03.48.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-03-31 12:00 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
- 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2005-12-09 09:33 . 2011-02-11 02:40 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-12-09 09:33 . 2010-05-01 00:59 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-12-09 09:33 . 2010-05-01 00:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-12-09 09:33 . 2011-02-11 02:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-03-05 03:51 . 2011-02-11 02:40 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2010-03-05 03:51 . 2010-05-01 00:59 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-02-11 02:39 . 2011-02-11 02:40 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-12-09 09:33 . 2010-05-01 00:59 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-02-06 17:14 . 2011-02-10 03:31 2567528 c:\windows\system32\Restore\rstrlog.dat
+ 2011-02-11 02:39 . 2011-02-11 02:41 1163264 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CPIN4TY7\svvmidlev700[1].exe
+ 2011-02-11 02:41 . 2011-02-11 02:41 1041920 c:\windows\system32\config\systemprofile\Application Data\61BC7F4A6A6F282185F3AF455855D4DD\cafbine70mps.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-02 198160]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-21 131072]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-09 47904]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD5240]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD5658]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD5951]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD9436]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMO_V2_CDU680]
2007-10-03 01:56 316664 ----a-w- c:\program files\Franklin\CDU680DORA\Bin\RDVCHG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-04-19 20:26 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB5351]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB7479]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB8204]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB9085]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\winaw32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\bookworm adventures deluxe\\BookwormAdventures.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"c:\\Program Files\\Boxee\\BOXEE.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Real\\realplayer\\realplay.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 lcwopfwi;lcwopfwi; [x]
R2 gupdate1ca4306ce17a000;Google Update Service (gupdate1ca4306ce17a000);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-02 133104]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 cmusbser;%CMUSBSER%;c:\windows\system32\DRIVERS\cmusbser.sys [2006-12-14 87040]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\13.tmp [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-05-21 34576]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2007-08-16 99200]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-03-03 128008]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-26 18816]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-02 02:19]

2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-02 02:19]

2007-09-22 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 22:52]

2011-02-11 c:\windows\Tasks\User_Feed_Synchronization-{B32BDC43-908E-4273-AC79-C3687751E0A5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
.
- - - - ORPHANS REMOVED - - - -

BHO-{31c8dcc1-ec21-6caa-b880-4eb27c574ea7} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-10 20:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250823AS rev.3.03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-1d

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8BCE27AF]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8bce89b0]; MOV EAX, [0x8bce8a2c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8BD24AB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000006f[0x8BD2D9E8]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E37D5] -> [0x8BD72D98]
\Driver\atapi[0x8BD25820] -> IRP_MJ_CREATE -> 0x8BCE27AF
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP4T0L0-12 -> \??\IDE#DiskST3250823AS_____________________________3.03____#5&ec4428c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8BCE25F5
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\13.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,05,36,34,15,5e,cb,48,94,78,6b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,05,36,34,15,5e,cb,48,94,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(192)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(252)
c:\windows\system32\WININET.dll
.
Completion time: 2011-02-10 21:02:57
ComboFix-quarantined-files.txt 2011-02-11 05:02
ComboFix2.txt 2011-02-10 05:38
ComboFix3.txt 2011-02-10 02:40
ComboFix4.txt 2011-02-09 03:55

Pre-Run: 16,166,510,592 bytes free
Post-Run: 16,225,116,160 bytes free

- - End Of File - - 140BC42173C0E7C838BA057B02A64FDB

#9 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:02:18 PM

Posted 16 February 2011 - 09:12 PM

Hi-

Please send me the other three ComboFixlogs. You can find them under C:\Qoobox.
Shannon

#10 Glint

Glint
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 17 February 2011 - 08:36 AM

Hi again Shannon,

TDSSKiller didn't find anything. This is interesting because I wasn't able to go to the d/l site (Kaspersky's website) from the possibly infected computer.

here are the latest logs including the old ComboFix logs:

checkup.txt:
Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Free Antivirus
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
CCleaner
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader X (10.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````


TDSSKiller log:
2011/02/16 17:31:42.0656 0756 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/16 17:31:43.0187 0756 ================================================================================
2011/02/16 17:31:43.0187 0756 SystemInfo:
2011/02/16 17:31:43.0187 0756
2011/02/16 17:31:43.0187 0756 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/16 17:31:43.0187 0756 Product type: Workstation
2011/02/16 17:31:43.0187 0756 ComputerName: AMDADDY
2011/02/16 17:31:43.0187 0756 UserName: Owner
2011/02/16 17:31:43.0187 0756 Windows directory: C:\WINDOWS
2011/02/16 17:31:43.0187 0756 System windows directory: C:\WINDOWS
2011/02/16 17:31:43.0187 0756 Processor architecture: Intel x86
2011/02/16 17:31:43.0187 0756 Number of processors: 1
2011/02/16 17:31:43.0187 0756 Page size: 0x1000
2011/02/16 17:31:43.0187 0756 Boot type: Normal boot
2011/02/16 17:31:43.0187 0756 ================================================================================
2011/02/16 17:31:43.0515 0756 Initialize success
2011/02/16 17:31:58.0484 3248 ================================================================================
2011/02/16 17:31:58.0484 3248 Scan started
2011/02/16 17:31:58.0484 3248 Mode: Manual;
2011/02/16 17:31:58.0484 3248 ================================================================================
2011/02/16 17:31:58.0937 3248 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/02/16 17:31:59.0031 3248 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/16 17:31:59.0078 3248 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/16 17:31:59.0140 3248 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/16 17:31:59.0203 3248 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/16 17:31:59.0421 3248 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
2011/02/16 17:31:59.0500 3248 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/02/16 17:31:59.0515 3248 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/02/16 17:31:59.0546 3248 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/02/16 17:31:59.0578 3248 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/02/16 17:31:59.0609 3248 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/02/16 17:31:59.0656 3248 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/16 17:31:59.0687 3248 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/16 17:31:59.0765 3248 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/16 17:31:59.0812 3248 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/16 17:31:59.0859 3248 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/16 17:32:00.0015 3248 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/16 17:32:00.0093 3248 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/16 17:32:00.0156 3248 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/16 17:32:00.0187 3248 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/16 17:32:00.0218 3248 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/16 17:32:00.0328 3248 cmusbser (631155ce46b7da2aac47eedf7ee42ebe) C:\WINDOWS\system32\DRIVERS\cmusbser.sys
2011/02/16 17:32:00.0437 3248 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/16 17:32:00.0484 3248 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/16 17:32:00.0531 3248 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/16 17:32:00.0562 3248 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/16 17:32:00.0593 3248 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/16 17:32:00.0671 3248 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/16 17:32:00.0734 3248 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/16 17:32:00.0765 3248 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/16 17:32:00.0812 3248 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/02/16 17:32:00.0859 3248 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/16 17:32:00.0875 3248 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/16 17:32:00.0906 3248 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/16 17:32:00.0953 3248 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/16 17:32:00.0984 3248 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/16 17:32:01.0000 3248 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/02/16 17:32:01.0078 3248 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/02/16 17:32:01.0140 3248 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/16 17:32:01.0171 3248 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:\WINDOWS\system32\drivers\grmnusb.sys
2011/02/16 17:32:01.0203 3248 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/16 17:32:01.0296 3248 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/16 17:32:01.0390 3248 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/16 17:32:01.0437 3248 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/16 17:32:01.0531 3248 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/16 17:32:01.0562 3248 IPFilter (9ea02e03ed52d25551a6e46cf3b94b01) C:\WINDOWS\system32\DRIVERS\IPFilter.sys
2011/02/16 17:32:01.0593 3248 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/16 17:32:01.0671 3248 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/16 17:32:01.0703 3248 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/16 17:32:01.0765 3248 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/16 17:32:01.0843 3248 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/16 17:32:01.0875 3248 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/16 17:32:01.0937 3248 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/16 17:32:01.0968 3248 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/16 17:32:02.0000 3248 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/16 17:32:02.0062 3248 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/16 17:32:02.0156 3248 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/02/16 17:32:02.0250 3248 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/02/16 17:32:02.0453 3248 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/02/16 17:32:02.0515 3248 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/02/16 17:32:02.0718 3248 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/02/16 17:32:02.0875 3248 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\WINDOWS\system32\4.tmp
2011/02/16 17:32:02.0906 3248 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/16 17:32:02.0968 3248 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/16 17:32:03.0031 3248 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/16 17:32:03.0062 3248 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/16 17:32:03.0093 3248 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/16 17:32:03.0125 3248 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/02/16 17:32:03.0312 3248 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/16 17:32:03.0390 3248 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/16 17:32:03.0421 3248 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/16 17:32:03.0453 3248 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/16 17:32:03.0484 3248 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/16 17:32:03.0500 3248 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/16 17:32:03.0546 3248 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/16 17:32:03.0593 3248 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/16 17:32:03.0625 3248 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2011/02/16 17:32:03.0703 3248 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/16 17:32:03.0734 3248 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/16 17:32:03.0812 3248 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/16 17:32:03.0843 3248 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/16 17:32:03.0875 3248 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/16 17:32:03.0890 3248 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/16 17:32:03.0921 3248 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/16 17:32:03.0984 3248 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/16 17:32:04.0062 3248 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/16 17:32:04.0093 3248 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/16 17:32:04.0140 3248 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/02/16 17:32:04.0203 3248 NPF (8a785b2a89e872b5e26a601f8bf01619) C:\WINDOWS\system32\drivers\npf.sys
2011/02/16 17:32:04.0250 3248 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/16 17:32:04.0281 3248 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/16 17:32:04.0312 3248 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/16 17:32:04.0468 3248 nv (34c114da0a5e03219444e46f122ff5a3) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/16 17:32:04.0593 3248 nvax (fb8595ef3ceb81f0da3f6f211b2df932) C:\WINDOWS\system32\drivers\nvax.sys
2011/02/16 17:32:04.0625 3248 NVENETFD (720cc533eecb65553bd86b139ca04433) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/02/16 17:32:04.0656 3248 nvnetbus (5f9f545cc5904dd8765f84ee1d056406) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/02/16 17:32:04.0703 3248 nvnforce (d2315cd3053fc3b4250dc2dbd0ac49e4) C:\WINDOWS\system32\drivers\nvapu.sys
2011/02/16 17:32:04.0750 3248 NWADI (67fb86eeb94059177642050718d57460) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
2011/02/16 17:32:04.0781 3248 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/16 17:32:04.0812 3248 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/16 17:32:04.0859 3248 NWUSBModem (4e651808b35656ac88a4dcdaf6cc1169) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
2011/02/16 17:32:04.0890 3248 NWUSBPort (4e651808b35656ac88a4dcdaf6cc1169) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
2011/02/16 17:32:04.0937 3248 NWUSBPort2 (4e651808b35656ac88a4dcdaf6cc1169) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
2011/02/16 17:32:05.0000 3248 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/16 17:32:05.0078 3248 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/16 17:32:05.0093 3248 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/16 17:32:05.0140 3248 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/16 17:32:05.0203 3248 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/16 17:32:05.0265 3248 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/16 17:32:05.0468 3248 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys
2011/02/16 17:32:05.0531 3248 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/02/16 17:32:05.0578 3248 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/16 17:32:05.0609 3248 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/16 17:32:05.0656 3248 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/16 17:32:05.0671 3248 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/16 17:32:05.0734 3248 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/16 17:32:05.0843 3248 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/16 17:32:05.0890 3248 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/16 17:32:05.0937 3248 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/16 17:32:05.0953 3248 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/16 17:32:05.0984 3248 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/16 17:32:06.0000 3248 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/16 17:32:06.0046 3248 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/16 17:32:06.0140 3248 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/02/16 17:32:06.0171 3248 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/02/16 17:32:06.0218 3248 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/16 17:32:06.0281 3248 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/16 17:32:06.0312 3248 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/16 17:32:06.0343 3248 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/16 17:32:06.0406 3248 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/16 17:32:06.0468 3248 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/02/16 17:32:06.0531 3248 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/16 17:32:06.0546 3248 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/16 17:32:06.0625 3248 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/16 17:32:06.0671 3248 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/02/16 17:32:06.0718 3248 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/16 17:32:06.0734 3248 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/16 17:32:06.0765 3248 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/16 17:32:06.0890 3248 SymEvent (afdcf8008d0ffe23f42071c1540f35e7) C:\Program Files\Symantec\SYMEVENT.SYS
2011/02/16 17:32:06.0984 3248 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/16 17:32:07.0062 3248 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/16 17:32:07.0093 3248 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/16 17:32:07.0125 3248 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/16 17:32:07.0156 3248 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/16 17:32:07.0250 3248 TotRec7 (fcfe17ff1452c963e6b2bb9917cb11e5) C:\WINDOWS\system32\drivers\TotRec7.sys
2011/02/16 17:32:07.0281 3248 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/16 17:32:07.0375 3248 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/16 17:32:07.0453 3248 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/16 17:32:07.0546 3248 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/16 17:32:07.0593 3248 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/16 17:32:07.0656 3248 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/16 17:32:07.0734 3248 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/16 17:32:07.0750 3248 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/02/16 17:32:07.0781 3248 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/16 17:32:07.0812 3248 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/16 17:32:07.0875 3248 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/16 17:32:07.0937 3248 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/02/16 17:32:08.0000 3248 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/16 17:32:08.0062 3248 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/16 17:32:08.0140 3248 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/16 17:32:08.0187 3248 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/02/16 17:32:08.0234 3248 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/16 17:32:08.0343 3248 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/02/16 17:32:08.0437 3248 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/16 17:32:08.0500 3248 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/16 17:32:08.0531 3248 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/16 17:32:08.0687 3248 ================================================================================
2011/02/16 17:32:08.0687 3248 Scan finished
2011/02/16 17:32:08.0687 3248 ================================================================================
2011/02/16 17:32:58.0375 3796 ================================================================================
2011/02/16 17:32:58.0375 3796 Scan started
2011/02/16 17:32:58.0375 3796 Mode: Manual;
2011/02/16 17:32:58.0375 3796 ================================================================================
2011/02/16 17:32:58.0828 3796 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/02/16 17:32:58.0937 3796 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/16 17:32:58.0968 3796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/16 17:32:59.0015 3796 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/16 17:32:59.0093 3796 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/16 17:32:59.0312 3796 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
2011/02/16 17:32:59.0375 3796 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/02/16 17:32:59.0406 3796 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/02/16 17:32:59.0437 3796 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/02/16 17:32:59.0468 3796 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/02/16 17:32:59.0500 3796 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/02/16 17:32:59.0546 3796 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/16 17:32:59.0578 3796 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/16 17:32:59.0656 3796 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/16 17:32:59.0703 3796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/16 17:32:59.0765 3796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/16 17:32:59.0890 3796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/16 17:32:59.0953 3796 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/16 17:33:00.0031 3796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/16 17:33:00.0062 3796 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/16 17:33:00.0078 3796 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/16 17:33:00.0187 3796 cmusbser (631155ce46b7da2aac47eedf7ee42ebe) C:\WINDOWS\system32\DRIVERS\cmusbser.sys
2011/02/16 17:33:00.0281 3796 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/16 17:33:00.0328 3796 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/16 17:33:00.0359 3796 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/16 17:33:00.0390 3796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/16 17:33:00.0437 3796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/16 17:33:00.0484 3796 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/16 17:33:00.0546 3796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/16 17:33:00.0578 3796 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/16 17:33:00.0687 3796 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/02/16 17:33:00.0718 3796 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/16 17:33:00.0734 3796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/16 17:33:00.0765 3796 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/16 17:33:00.0796 3796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/16 17:33:00.0828 3796 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/16 17:33:00.0843 3796 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/02/16 17:33:00.0906 3796 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/02/16 17:33:00.0937 3796 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/16 17:33:00.0968 3796 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:\WINDOWS\system32\drivers\grmnusb.sys
2011/02/16 17:33:01.0000 3796 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/16 17:33:01.0078 3796 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/16 17:33:01.0125 3796 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/16 17:33:01.0156 3796 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/16 17:33:01.0234 3796 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/16 17:33:01.0265 3796 IPFilter (9ea02e03ed52d25551a6e46cf3b94b01) C:\WINDOWS\system32\DRIVERS\IPFilter.sys
2011/02/16 17:33:01.0296 3796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/16 17:33:01.0375 3796 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/16 17:33:01.0406 3796 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/16 17:33:01.0468 3796 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/16 17:33:01.0531 3796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/16 17:33:01.0578 3796 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/16 17:33:01.0640 3796 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/16 17:33:01.0671 3796 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/16 17:33:01.0703 3796 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/16 17:33:01.0750 3796 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/16 17:33:01.0843 3796 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/02/16 17:33:01.0921 3796 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/02/16 17:33:02.0062 3796 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/02/16 17:33:02.0125 3796 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/02/16 17:33:02.0343 3796 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/02/16 17:33:02.0437 3796 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\WINDOWS\system32\4.tmp
2011/02/16 17:33:02.0484 3796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/16 17:33:02.0546 3796 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/16 17:33:02.0609 3796 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/16 17:33:02.0625 3796 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/16 17:33:02.0671 3796 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/16 17:33:02.0687 3796 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/02/16 17:33:02.0890 3796 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/16 17:33:02.0968 3796 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/16 17:33:03.0000 3796 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/16 17:33:03.0031 3796 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/16 17:33:03.0046 3796 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/16 17:33:03.0062 3796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/16 17:33:03.0109 3796 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/16 17:33:03.0156 3796 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/16 17:33:03.0187 3796 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2011/02/16 17:33:03.0265 3796 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/16 17:33:03.0296 3796 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/16 17:33:03.0328 3796 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/16 17:33:03.0359 3796 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/16 17:33:03.0390 3796 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/16 17:33:03.0406 3796 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/16 17:33:03.0437 3796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/16 17:33:03.0500 3796 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/16 17:33:03.0531 3796 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/16 17:33:03.0546 3796 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/16 17:33:03.0593 3796 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/02/16 17:33:03.0656 3796 NPF (8a785b2a89e872b5e26a601f8bf01619) C:\WINDOWS\system32\drivers\npf.sys
2011/02/16 17:33:03.0687 3796 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/16 17:33:03.0734 3796 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/16 17:33:03.0750 3796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/16 17:33:03.0906 3796 nv (34c114da0a5e03219444e46f122ff5a3) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/16 17:33:03.0968 3796 nvax (fb8595ef3ceb81f0da3f6f211b2df932) C:\WINDOWS\system32\drivers\nvax.sys
2011/02/16 17:33:03.0984 3796 NVENETFD (720cc533eecb65553bd86b139ca04433) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/02/16 17:33:04.0015 3796 nvnetbus (5f9f545cc5904dd8765f84ee1d056406) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/02/16 17:33:04.0046 3796 nvnforce (d2315cd3053fc3b4250dc2dbd0ac49e4) C:\WINDOWS\system32\drivers\nvapu.sys
2011/02/16 17:33:04.0093 3796 NWADI (67fb86eeb94059177642050718d57460) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
2011/02/16 17:33:04.0125 3796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/16 17:33:04.0156 3796 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/16 17:33:04.0187 3796 NWUSBModem (4e651808b35656ac88a4dcdaf6cc1169) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
2011/02/16 17:33:04.0234 3796 NWUSBPort (4e651808b35656ac88a4dcdaf6cc1169) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
2011/02/16 17:33:04.0281 3796 NWUSBPort2 (4e651808b35656ac88a4dcdaf6cc1169) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
2011/02/16 17:33:04.0343 3796 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/16 17:33:04.0375 3796 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/16 17:33:04.0390 3796 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/16 17:33:04.0453 3796 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/16 17:33:04.0531 3796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/16 17:33:04.0562 3796 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/16 17:33:04.0718 3796 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys
2011/02/16 17:33:04.0781 3796 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/02/16 17:33:04.0828 3796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/16 17:33:04.0843 3796 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/16 17:33:04.0890 3796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/16 17:33:04.0906 3796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/16 17:33:04.0968 3796 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/16 17:33:05.0078 3796 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/16 17:33:05.0140 3796 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/16 17:33:05.0187 3796 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/16 17:33:05.0203 3796 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/16 17:33:05.0218 3796 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/16 17:33:05.0250 3796 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/16 17:33:05.0281 3796 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/16 17:33:05.0375 3796 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/02/16 17:33:05.0406 3796 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/02/16 17:33:05.0500 3796 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/16 17:33:05.0531 3796 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/16 17:33:05.0546 3796 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/16 17:33:05.0593 3796 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/16 17:33:05.0640 3796 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/16 17:33:05.0703 3796 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/02/16 17:33:05.0750 3796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/16 17:33:05.0781 3796 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/16 17:33:05.0859 3796 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/16 17:33:05.0906 3796 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/02/16 17:33:05.0953 3796 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/16 17:33:05.0968 3796 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/16 17:33:06.0000 3796 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/16 17:33:06.0125 3796 SymEvent (afdcf8008d0ffe23f42071c1540f35e7) C:\Program Files\Symantec\SYMEVENT.SYS
2011/02/16 17:33:06.0265 3796 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/16 17:33:06.0359 3796 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/16 17:33:06.0375 3796 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/16 17:33:06.0406 3796 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/16 17:33:06.0437 3796 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/16 17:33:06.0531 3796 TotRec7 (fcfe17ff1452c963e6b2bb9917cb11e5) C:\WINDOWS\system32\drivers\TotRec7.sys
2011/02/16 17:33:06.0562 3796 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/16 17:33:06.0656 3796 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/16 17:33:06.0718 3796 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/16 17:33:06.0796 3796 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/16 17:33:06.0843 3796 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/16 17:33:06.0875 3796 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/16 17:33:06.0937 3796 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/16 17:33:06.0968 3796 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/02/16 17:33:07.0046 3796 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/16 17:33:07.0062 3796 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/16 17:33:07.0125 3796 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/16 17:33:07.0187 3796 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/02/16 17:33:07.0250 3796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/16 17:33:07.0312 3796 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/16 17:33:07.0390 3796 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/16 17:33:07.0437 3796 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/02/16 17:33:07.0484 3796 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/16 17:33:07.0593 3796 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/02/16 17:33:07.0656 3796 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/16 17:33:07.0718 3796 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/16 17:33:07.0765 3796 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/16 17:33:07.0890 3796 ================================================================================
2011/02/16 17:33:07.0890 3796 Scan finished
2011/02/16 17:33:07.0890 3796 ================================================================================
2011/02/16 17:33:10.0968 3068 Deinitialize success


Malwarebytes log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5779

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/16/2011 9:02:51 PM
mbam-log-2011-02-16 (21-02-51).txt

Scan type: Full scan (C:\|T:\|)
Objects scanned: 674133
Time elapsed: 3 hour(s), 11 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#11 Glint

Glint
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 17 February 2011 - 08:38 AM

ComboFix 11-02-08.02 - Owner 02/08/2011 17:43:18.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1541 [GMT -8:00]
Running from: c:\backup\Utilities\Spyware removal\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\driver
c:\windows\nvDrv.sy
c:\windows\system32\ealregsnapshot1.reg

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRIVER


((((((((((((((((((((((((( Files Created from 2011-01-09 to 2011-02-09 )))))))))))))))))))))))))))))))
.

2011-02-09 01:55 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2011-02-09 01:55 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2011-02-08 12:58 . 2011-02-08 12:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2011-02-08 12:57 . 2011-02-08 12:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-02-08 09:26 . 2011-02-08 09:26 -------- d-----w- c:\documents and settings\Default User\Application Data\Apple Computer
2011-02-08 09:24 . 2011-02-08 09:24 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer
2011-02-06 19:52 . 2011-02-06 22:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-06 18:59 . 2011-02-06 18:59 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-06 18:59 . 2011-02-06 18:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-02-06 18:57 . 2011-02-06 18:57 -------- d-----w- c:\documents and settings\Owner\Application Data\iaexcqxhv
2011-02-06 00:58 . 2011-02-03 01:10 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45461C34-3E56-4C76-85B5-4FF9256211CF}\mpengine.dll
2011-02-05 23:37 . 2011-02-06 18:59 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-04 02:39 . 2011-02-06 22:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-02-03 17:04 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-03 17:04 . 2011-02-06 18:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-03 17:04 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-15 16:54 . 2011-01-15 16:54 -------- d-----w- C:\BJPrinter
2011-01-14 21:14 . 2011-01-28 21:17 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 01:11 . 2010-11-19 06:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2005-12-09 09:29 81920 ----a-w- c:\windows\system32\isign32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2008-08-01 1103216]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-02 198160]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-21 131072]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-09 47904]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD5240]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD5658]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD5951]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD9436]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMO_V2_CDU680]
2007-10-03 01:56 316664 ----a-w- c:\program files\Franklin\CDU680DORA\Bin\RDVCHG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-04-19 20:26 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB5351]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB7479]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB8204]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB9085]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\winaw32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\bookworm adventures deluxe\\BookwormAdventures.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"c:\\Program Files\\Boxee\\BOXEE.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Real\\realplayer\\realplay.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/11/2009 8:22 PM 24652]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [8/19/2008 2:47 PM 128008]
S0 lcwopfwi;lcwopfwi; [x]
S2 gupdate1ca4306ce17a000;Google Update Service (gupdate1ca4306ce17a000);c:\program files\Google\Update\GoogleUpdate.exe [10/1/2009 6:19 PM 133104]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [11/6/2007 2:37 PM 87040]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [5/21/2008 3:57 PM 34576]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [8/16/2007 2:24 PM 99200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-02 02:19]

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-02 02:19]

2007-09-22 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 22:52]

2011-02-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]

2011-02-08 c:\windows\Tasks\User_Feed_Synchronization-{B32BDC43-908E-4273-AC79-C3687751E0A5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: pge.com\ra
.
- - - - ORPHANS REMOVED - - - -

BHO-{31c8dcc1-ec21-6caa-b880-4eb27c574ea7} - (no file)
SharedTaskScheduler-{7d5da5e2-44fd-4082-92f6-17399738d3df} - (no file)
SSODL-fotipares-{7d5da5e2-44fd-4082-92f6-17399738d3df} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-08 19:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,05,36,34,15,5e,cb,48,94,78,6b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,05,36,34,15,5e,cb,48,94,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1936)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-02-08 19:55:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-09 03:55

Pre-Run: 6,235,582,464 bytes free
Post-Run: 6,698,614,784 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - D5BA26C1106C409B488C57A52A38582D


ComboFix 11-02-09.02 - Owner 02/09/2011 18:23:18.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1540 [GMT -8:00]
Running from: c:\backup\Utilities\Spyware removal\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-01-10 to 2011-02-10 )))))))))))))))))))))))))))))))
.

2011-02-09 04:03 . 2011-02-03 01:10 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1AB12130-3E1A-46BB-8A85-E9A39063CD34}\mpengine.dll
2011-02-09 01:55 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2011-02-09 01:55 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2011-02-08 12:58 . 2011-02-08 12:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2011-02-08 12:57 . 2011-02-08 12:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-02-08 09:26 . 2011-02-08 09:26 -------- d-----w- c:\documents and settings\Default User\Application Data\Apple Computer
2011-02-08 09:24 . 2011-02-08 09:24 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer
2011-02-06 19:52 . 2011-02-06 22:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-06 18:59 . 2011-02-06 18:59 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-06 18:59 . 2011-02-06 18:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-02-06 18:57 . 2011-02-06 18:57 -------- d-----w- c:\documents and settings\Owner\Application Data\iaexcqxhv
2011-02-05 23:37 . 2011-02-06 18:59 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-04 02:39 . 2011-02-06 22:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-02-03 17:04 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-03 17:04 . 2011-02-06 18:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-03 17:04 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-15 16:54 . 2011-01-15 16:54 -------- d-----w- C:\BJPrinter
2011-01-14 21:14 . 2011-01-28 21:17 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 01:11 . 2010-11-19 06:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2005-12-09 09:29 81920 ----a-w- c:\windows\system32\isign32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2008-08-01 1103216]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-02 198160]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-21 131072]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-09 47904]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD5240]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD5658]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD5951]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD9436]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMO_V2_CDU680]
2007-10-03 01:56 316664 ----a-w- c:\program files\Franklin\CDU680DORA\Bin\RDVCHG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-04-19 20:26 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB5351]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB7479]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB8204]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB9085]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\winaw32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\bookworm adventures deluxe\\BookwormAdventures.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"c:\\Program Files\\Boxee\\BOXEE.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Real\\realplayer\\realplay.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/11/2009 8:22 PM 24652]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [8/19/2008 2:47 PM 128008]
S0 lcwopfwi;lcwopfwi; [x]
S2 gupdate1ca4306ce17a000;Google Update Service (gupdate1ca4306ce17a000);c:\program files\Google\Update\GoogleUpdate.exe [10/1/2009 6:19 PM 133104]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [11/6/2007 2:37 PM 87040]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [5/21/2008 3:57 PM 34576]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [8/16/2007 2:24 PM 99200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-02 02:19]

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-02 02:19]

2007-09-22 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 22:52]

2011-02-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]

2011-02-10 c:\windows\Tasks\User_Feed_Synchronization-{B32BDC43-908E-4273-AC79-C3687751E0A5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: pge.com\ra
.
- - - - ORPHANS REMOVED - - - -

BHO-{31c8dcc1-ec21-6caa-b880-4eb27c574ea7} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-09 18:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250823AS rev.3.03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-1d

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8BD107AF]<<
c:\docume~1\Owner\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8bd169b0]; MOV EAX, [0x8bd16a2c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8BDD8AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\0000006d[0x8BE439E8]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x8BDC7D98]
\Driver\atapi[0x8BDD89C0] -> IRP_MJ_CREATE -> 0x8BD107AF
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP4T0L0-12 -> \??\IDE#DiskST3250823AS_____________________________3.03____#5&ec4428c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8BD105F5
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,05,36,34,15,5e,cb,48,94,78,6b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,05,36,34,15,5e,cb,48,94,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\WININET.dll
.
Completion time: 2011-02-09 18:40:07
ComboFix-quarantined-files.txt 2011-02-10 02:40
ComboFix2.txt 2011-02-09 03:55

Pre-Run: 6,638,395,392 bytes free
Post-Run: 6,686,953,472 bytes free

- - End Of File - - 227B138DBBDFA4FBED546A39070B5EFC


ComboFix 11-02-09.03 - Owner 02/09/2011 21:20:58.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1542 [GMT -8:00]
Running from: c:\backup\Utilities\Spyware removal\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-01-10 to 2011-02-10 )))))))))))))))))))))))))))))))
.

2011-02-10 04:59 . 2011-02-10 05:09 -------- d-----w- C:\32788R22FWJFW
2011-02-10 03:34 . 2011-02-03 01:10 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{728A2DFC-C854-45CE-A32C-13728E0B7734}\mpengine.dll
2011-02-10 03:30 . 2011-02-10 03:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2011-02-10 03:30 . 2011-02-10 03:30 -------- d-----w- c:\documents and settings\Default User\Application Data\Apple Computer
2011-02-10 03:30 . 2011-02-10 03:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-02-09 01:55 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2011-02-09 01:55 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2011-02-08 12:57 . 2011-02-10 03:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-02-08 09:24 . 2011-02-08 09:24 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer
2011-02-06 19:52 . 2011-02-10 03:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-06 18:59 . 2011-02-06 18:59 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-06 18:57 . 2011-02-06 18:57 -------- d-----w- c:\documents and settings\Owner\Application Data\iaexcqxhv
2011-02-05 23:37 . 2011-02-10 03:30 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-04 02:39 . 2011-02-06 22:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-02-03 17:04 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-03 17:04 . 2011-02-06 18:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-03 17:04 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-15 16:54 . 2011-01-15 16:54 -------- d-----w- C:\BJPrinter
2011-01-14 21:14 . 2011-01-28 21:17 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 01:11 . 2010-11-19 06:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2005-12-09 09:29 81920 ----a-w- c:\windows\system32\isign32.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-02-09_03.48.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-06 17:14 . 2011-02-10 03:31 2567528 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2008-08-01 1103216]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-02 198160]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-21 131072]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-09 47904]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD5240]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD5658]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD5951]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD9436]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMO_V2_CDU680]
2007-10-03 01:56 316664 ----a-w- c:\program files\Franklin\CDU680DORA\Bin\RDVCHG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-04-19 20:26 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB5351]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB7479]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB8204]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB9085]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\winaw32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\bookworm adventures deluxe\\BookwormAdventures.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"c:\\Program Files\\Boxee\\BOXEE.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Real\\realplayer\\realplay.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/11/2009 8:22 PM 24652]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [8/19/2008 2:47 PM 128008]
S0 lcwopfwi;lcwopfwi; [x]
S2 gupdate1ca4306ce17a000;Google Update Service (gupdate1ca4306ce17a000);c:\program files\Google\Update\GoogleUpdate.exe [10/1/2009 6:19 PM 133104]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [11/6/2007 2:37 PM 87040]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [5/21/2008 3:57 PM 34576]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [8/16/2007 2:24 PM 99200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-02 02:19]

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-02 02:19]

2007-09-22 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 22:52]

2011-02-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]

2011-02-10 c:\windows\Tasks\User_Feed_Synchronization-{B32BDC43-908E-4273-AC79-C3687751E0A5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: pge.com\ra
.
- - - - ORPHANS REMOVED - - - -

BHO-{31c8dcc1-ec21-6caa-b880-4eb27c574ea7} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-09 21:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250823AS rev.3.03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-1d

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8BD107AF]<<
c:\docume~1\Owner\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8bd169b0]; MOV EAX, [0x8bd16a2c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8BDD8AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\0000006d[0x8BE439E8]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x8BDC7D98]
\Driver\atapi[0x8BDD89C0] -> IRP_MJ_CREATE -> 0x8BD107AF
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP4T0L0-12 -> \??\IDE#DiskST3250823AS_____________________________3.03____#5&ec4428c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8BD105F5
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,05,36,34,15,5e,cb,48,94,78,6b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,05,36,34,15,5e,cb,48,94,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\WININET.dll
.
Completion time: 2011-02-09 21:37:58
ComboFix-quarantined-files.txt 2011-02-10 05:37
ComboFix2.txt 2011-02-10 02:40
ComboFix3.txt 2011-02-09 03:55

Pre-Run: 3,645,374,464 bytes free
Post-Run: 3,688,968,192 bytes free

- - End Of File - - 149596003AB030E123E80A20512CF2B8

#12 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:02:18 PM

Posted 17 February 2011 - 01:31 PM

Hi-

On each of the ComboFix reports, it says it has killed the same bootkit infection. A bootkit infection which TDSSKiller didn't find. We need to find out what ComboFix says now.

First, delete your current version of ComboFix (c:\backup\Utilities\Spyware removal\ComboFix.exe).

Next, download Combofix from either of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofix

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable your Anti-virusl


Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please copy the "C:\ComboFix.txt" into your reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Then, please download MBRCheck by clicking here and save it to your desktop.
  • Be sure to disable your security programs.
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
  • A window will open on your desktop.
  • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter.
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
  • Please post the contents of that file in your next reply.

In your reply, copy in the ComboFix report and the MBRCheck report Let me know how your computer is doing now.
Shannon

#13 Glint

Glint
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 17 February 2011 - 09:14 PM

Hi Shannon,

Once again, thank you for your help.

My computer seems to be working fine, but I'm optimistically cautious.

Here is the ComboFix log:
ComboFix 11-02-17.01 - Owner 02/17/2011 17:50:00.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1302 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.

((((((((((((((((((((((((( Files Created from 2011-01-18 to 2011-02-18 )))))))))))))))))))))))))))))))
.

2011-02-18 01:26 . 2011-02-03 01:10 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A8CE72A3-2A39-4041-A3FF-971A6252EFB3}\mpengine.dll
2011-02-14 01:20 . 2011-02-03 01:10 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-11 23:55 . 2011-02-11 23:55 -------- d-----w- c:\program files\CleanUp!
2011-02-11 22:56 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-11 22:56 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-11 22:56 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-11 22:56 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-11 22:56 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-11 22:56 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-11 22:56 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-11 22:56 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-11 22:56 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-11 22:56 . 2011-02-11 22:56 -------- d-----w- c:\program files\Alwil Software
2011-02-11 22:56 . 2011-02-11 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-02-11 17:19 . 2011-02-11 17:01 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-02-11 17:02 . 2011-02-11 16:55 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-11 17:01 . 2011-02-11 17:01 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-11 16:31 . 2011-02-11 16:31 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sunbelt Software
2011-02-11 16:00 . 2011-02-11 16:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-02-11 15:59 . 2011-02-11 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-02-11 15:59 . 2011-02-11 15:59 -------- d-----w- c:\program files\Lavasoft
2011-02-11 06:02 . 2010-05-26 18:39 6144 ------w- c:\windows\system32\4.tmp
2011-02-11 06:02 . 2010-05-26 18:39 6144 ------w- c:\windows\system32\3.tmp
2011-02-11 06:02 . 2010-05-26 18:39 6144 ------w- c:\windows\system32\2.tmp
2011-02-11 02:41 . 2011-02-12 04:48 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\61BC7F4A6A6F282185F3AF455855D4DD
2011-02-11 02:39 . 2011-02-11 02:39 -------- d-----w- C:\Adobe
2011-02-11 02:33 . 2011-02-11 02:33 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-02-11 02:32 . 2011-02-11 02:37 -------- d-----w- c:\documents and settings\NetworkService\Application Data\HPAppData
2011-02-11 02:06 . 2011-02-11 02:06 -------- d-----w- c:\program files\Sophos
2011-02-11 02:03 . 2011-02-11 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-02-10 03:30 . 2011-02-10 03:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2011-02-10 03:30 . 2011-02-10 03:30 -------- d-----w- c:\documents and settings\Default User\Application Data\Apple Computer
2011-02-10 03:30 . 2011-02-10 03:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-02-09 01:55 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2011-02-09 01:55 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2011-02-08 12:57 . 2011-02-10 03:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-02-08 09:24 . 2011-02-08 09:24 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer
2011-02-06 19:52 . 2011-02-10 03:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-06 18:59 . 2011-02-06 18:59 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-06 18:57 . 2011-02-06 18:57 -------- d-----w- c:\documents and settings\Owner\Application Data\iaexcqxhv
2011-02-05 23:37 . 2011-02-10 03:30 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-04 02:39 . 2011-02-06 22:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-02-03 17:04 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-03 17:04 . 2011-02-06 18:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-03 17:04 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 01:11 . 2010-11-19 06:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-21 14:44 . 2003-03-31 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2003-03-31 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2003-03-31 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2003-03-31 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2003-03-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2003-03-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2003-03-31 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2005-12-09 09:43 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2003-03-31 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2003-03-31 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2003-03-31 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2002-08-29 01:04 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((( SnapShot@2011-02-09_03.48.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 08:02 . 2009-07-12 08:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 08:05 . 2009-07-12 08:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 08:05 . 2009-07-12 08:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2008-07-29 14:07 . 2008-07-29 14:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 14:07 . 2008-07-29 14:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
+ 2010-03-13 17:32 . 2010-07-05 13:15 17272 c:\windows\system32\spmsg.dll
- 2010-03-13 17:32 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
- 2003-03-31 12:00 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll
+ 2003-03-31 12:00 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll
+ 2006-11-08 04:03 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll
- 2006-11-08 04:03 . 2010-11-06 00:26 55296 c:\windows\system32\msfeedsbs.dll
+ 2003-03-31 12:00 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll
- 2003-03-31 12:00 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll
+ 2011-02-11 17:02 . 2011-02-11 16:55 64512 c:\windows\system32\DRVSTORE\lbd_69523D0F7F903BDB477CD80CFD35086362532B23\Lbd.sys
- 2005-12-09 01:26 . 2008-04-13 18:40 57600 c:\windows\system32\drivers\redbook.sys
+ 2005-12-09 01:26 . 2008-04-13 19:40 57600 c:\windows\system32\drivers\redbook.sys
+ 2009-08-20 04:10 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-08-20 04:10 . 2010-11-06 00:26 12800 c:\windows\system32\dllcache\xpshims.dll
- 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2003-03-31 12:00 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2005-12-09 01:26 . 2008-04-13 19:40 57600 c:\windows\system32\dllcache\redbook.sys
- 2006-05-10 05:25 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-05-10 05:25 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-06-29 16:12 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-06-29 16:12 . 2010-11-06 00:26 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2006-10-17 19:05 . 2010-11-06 00:26 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2006-10-17 19:05 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2006-05-10 05:25 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-05-10 05:25 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2005-12-09 09:33 . 2010-05-01 00:59 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-12-09 09:33 . 2011-02-12 04:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-12-09 09:33 . 2010-05-01 00:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-12-09 09:33 . 2011-02-12 04:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-03-05 03:51 . 2011-02-12 04:48 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2010-03-05 03:51 . 2010-05-01 00:59 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-02-12 04:49 . 2011-02-12 04:48 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-12-09 09:33 . 2010-05-01 00:59 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-12-09 10:45 . 2010-12-16 11:07 23040 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2005-12-09 10:45 . 2011-02-12 19:50 23040 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-12-09 10:45 . 2010-12-16 11:07 61440 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2005-12-09 10:45 . 2011-02-12 19:50 61440 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2005-12-09 10:45 . 2010-12-16 11:07 27136 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2005-12-09 10:45 . 2011-02-12 19:50 27136 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2005-12-09 10:45 . 2011-02-12 19:50 11264 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-12-09 10:45 . 2010-12-16 11:07 11264 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-12-09 10:45 . 2010-12-16 11:07 86016 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2005-12-09 10:45 . 2011-02-12 19:50 86016 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2005-12-09 10:45 . 2011-02-12 19:50 12288 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2005-12-09 10:45 . 2010-12-16 11:07 12288 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-11-19 11:13 . 2011-01-06 01:21 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-11-19 11:13 . 2011-02-15 11:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\ViewerPS.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\reader_sl.exe
+ 2010-11-10 20:49 . 2010-11-10 20:49 84896 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlr.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\eula.exe
+ 2010-11-10 20:49 . 2010-11-10 20:49 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrotextextractor.exe
+ 2010-11-10 20:49 . 2010-11-10 20:49 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32Info.exe
+ 2010-11-10 20:49 . 2010-11-10 20:49 62376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acroiehelpershim.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroIEHelper.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\Acrofx32.dll
+ 2011-02-12 19:49 . 2010-11-06 00:26 12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-02-12 19:49 . 2010-11-06 00:26 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-02-12 19:49 . 2010-11-06 00:26 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-02-12 19:49 . 2010-11-06 00:26 43520 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-02-12 19:49 . 2010-11-06 00:26 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
- 2005-12-09 10:45 . 2010-12-16 11:07 4096 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2005-12-09 10:45 . 2011-02-12 19:50 4096 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-07-29 16:05 . 2008-07-29 16:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 11:54 . 2008-07-29 11:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 08:05 . 2009-07-12 08:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
- 2003-03-31 12:00 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll
+ 2003-03-31 12:00 . 2010-12-20 23:59 206848 c:\windows\system32\occache.dll
- 2003-03-31 12:00 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll
+ 2003-03-31 12:00 . 2010-12-20 23:59 611840 c:\windows\system32\mstime.dll
- 2006-11-08 04:03 . 2010-11-06 00:26 602112 c:\windows\system32\msfeeds.dll
+ 2006-11-08 04:03 . 2010-12-20 23:59 602112 c:\windows\system32\msfeeds.dll
+ 2003-03-31 12:00 . 2010-12-20 23:59 184320 c:\windows\system32\iepeers.dll
- 2003-03-31 12:00 . 2010-11-06 00:26 184320 c:\windows\system32\iepeers.dll
+ 2003-03-31 12:00 . 2010-12-20 23:59 387584 c:\windows\system32\iedkcs32.dll
- 2003-03-31 12:00 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll
+ 2003-03-31 12:00 . 2010-12-20 12:55 173568 c:\windows\system32\ie4uinit.exe
- 2003-03-31 12:00 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe
- 2005-12-09 01:23 . 2010-12-16 11:23 227208 c:\windows\system32\FNTCACHE.DAT
+ 2005-12-09 01:23 . 2011-02-12 19:53 227208 c:\windows\system32\FNTCACHE.DAT
- 2006-05-10 05:25 . 2010-11-06 00:26 916480 c:\windows\system32\dllcache\wininet.dll
+ 2006-05-10 05:25 . 2010-12-20 23:59 916480 c:\windows\system32\dllcache\wininet.dll
- 2006-10-17 19:04 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-10-17 19:04 . 2010-12-20 23:59 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-08-19 04:55 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll
+ 2006-05-10 05:25 . 2010-12-20 23:59 611840 c:\windows\system32\dllcache\mstime.dll
- 2006-05-10 05:25 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-06-29 16:12 . 2010-11-06 00:26 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-06-29 16:12 . 2010-12-20 23:59 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2009-08-19 04:55 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-08-19 04:55 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-06-25 08:25 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-08-20 04:10 . 2010-12-20 23:59 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-08-20 04:10 . 2010-11-06 00:26 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2006-05-10 05:25 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-05-10 05:25 . 2010-12-20 23:59 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-11-19 07:41 . 2010-11-06 00:26 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-11-19 07:41 . 2010-12-20 23:59 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2006-11-07 10:27 . 2010-12-20 23:59 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-11-07 10:27 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-07 10:26 . 2010-12-20 12:55 173568 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-11-07 10:26 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-09-01 11:51 . 2011-01-07 14:09 290048 c:\windows\system32\dllcache\atmfd.dll
- 2010-09-01 11:51 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2011-02-11 15:59 . 2011-02-11 15:59 236032 c:\windows\Installer\7a8fc6.msi
+ 2011-02-11 22:56 . 2011-02-11 22:56 219648 c:\windows\Installer\141b7f2.msi
+ 2005-12-09 10:45 . 2011-02-12 19:50 409600 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2005-12-09 10:45 . 2010-12-16 11:07 409600 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-12-09 10:45 . 2011-02-12 19:50 286720 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2005-12-09 10:45 . 2010-12-16 11:07 286720 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2005-12-09 10:45 . 2011-02-12 19:50 249856 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2005-12-09 10:45 . 2010-12-16 11:07 249856 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2005-12-09 10:45 . 2010-12-16 11:07 794624 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2005-12-09 10:45 . 2011-02-12 19:50 794624 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2005-12-09 10:45 . 2010-12-16 11:07 135168 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2005-12-09 10:45 . 2011-02-12 19:50 135168 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2005-12-09 10:45 . 2010-12-16 11:07 593920 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2005-12-09 10:45 . 2011-02-12 19:50 593920 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-11-10 20:49 . 2010-11-10 20:49 390552 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\pdfshell.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 101288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlrShim.exe
+ 2010-11-10 20:49 . 2010-11-10 20:49 135568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\nppdf32.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 681872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\JP2KLib.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AiodLite.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroPDF.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 294808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrobroker.exe
+ 2010-11-10 20:49 . 2010-11-10 20:49 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\a3dutils.dll
+ 2011-02-12 19:49 . 2010-11-06 00:26 916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-02-12 19:49 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-02-12 19:49 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-02-12 19:49 . 2010-11-06 00:26 206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-02-12 19:49 . 2010-11-06 00:26 611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-02-12 19:49 . 2010-11-06 00:26 602112 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-02-12 19:49 . 2010-11-06 00:26 247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-02-12 19:49 . 2010-11-06 00:26 184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-02-12 19:49 . 2010-11-06 00:26 743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-02-12 19:49 . 2010-11-06 00:26 387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-02-12 19:49 . 2010-11-03 12:26 173568 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
+ 2009-07-12 08:02 . 2009-07-12 08:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
- 2003-03-31 12:00 . 2010-11-06 00:26 1210880 c:\windows\system32\urlmon.dll
+ 2003-03-31 12:00 . 2010-12-20 23:59 1210880 c:\windows\system32\urlmon.dll
- 2003-03-31 12:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2003-03-31 12:00 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
+ 2011-02-06 17:14 . 2011-02-10 03:31 2567528 c:\windows\system32\Restore\rstrlog.dat
+ 2003-03-31 12:00 . 2010-12-20 23:59 5961216 c:\windows\system32\mshtml.dll
- 2006-10-17 18:57 . 2010-11-06 00:26 1991680 c:\windows\system32\iertutil.dll
+ 2006-10-17 18:57 . 2010-12-20 23:59 1991680 c:\windows\system32\iertutil.dll
+ 2009-04-17 12:26 . 2010-12-31 13:10 1854976 c:\windows\system32\dllcache\win32k.sys
+ 2006-05-10 05:25 . 2010-12-20 23:59 1210880 c:\windows\system32\dllcache\urlmon.dll
- 2006-05-10 05:25 . 2010-11-06 00:26 1210880 c:\windows\system32\dllcache\urlmon.dll
- 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2008-06-17 19:02 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2009-08-19 04:55 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-08-19 04:55 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-08 02:02 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-08-19 04:55 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-05-19 15:06 . 2010-12-20 23:59 5961216 c:\windows\system32\dllcache\mshtml.dll
- 2009-06-29 16:12 . 2010-11-06 00:26 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2009-06-29 16:12 . 2010-12-20 23:59 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-01-18 00:06 . 2011-01-18 00:06 5518848 c:\windows\Installer\914857.msp
+ 2011-02-12 19:47 . 2011-02-12 19:47 2283008 c:\windows\Installer\914841.msi
+ 2011-02-11 15:59 . 2011-02-11 15:59 1867776 c:\windows\Installer\7a8fd0.msi
+ 2010-11-10 20:49 . 2010-11-10 20:49 2207632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\rt3d.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 6222744 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\authplay.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 5503368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AGM.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 1216416 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AdobeCollabSync.exe
+ 2010-11-10 20:49 . 2010-11-10 20:49 1289624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.exe
+ 2011-02-12 19:49 . 2010-11-06 00:26 1210880 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
+ 2011-02-12 19:49 . 2010-11-06 00:26 5959168 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
+ 2011-02-12 19:49 . 2010-11-06 00:26 1991680 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
+ 2009-08-19 04:55 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-08-19 04:55 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-08 02:02 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-08-19 04:55 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-03-07 06:36 . 2011-02-12 19:49 37443528 c:\windows\system32\MRT.exe
+ 2006-11-08 04:03 . 2010-12-21 13:29 11080704 c:\windows\system32\ieframe.dll
- 2006-11-08 04:03 . 2010-11-06 00:26 11080704 c:\windows\system32\ieframe.dll
+ 2009-07-19 13:32 . 2010-12-21 13:29 11080704 c:\windows\system32\dllcache\ieframe.dll
- 2009-07-19 13:32 . 2010-11-06 00:26 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2011-01-30 20:44 . 2011-01-30 20:44 12425728 c:\windows\Installer\914842.msp
+ 2011-02-15 11:00 . 2011-02-15 11:00 20308992 c:\windows\Installer\1b9679c.msp
+ 2010-11-10 20:49 . 2010-11-10 20:49 23724952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.dll
+ 2011-02-12 19:49 . 2010-11-06 00:26 11080704 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2008-08-01 1103216]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-02 198160]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-21 131072]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-09 47904]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD5240]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD5658]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD5951]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD9436]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMO_V2_CDU680]
2007-10-03 01:56 316664 ----a-w- c:\program files\Franklin\CDU680DORA\Bin\RDVCHG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-04-19 20:26 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB5351]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB7479]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB8204]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB9085]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\winaw32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\bookworm adventures deluxe\\BookwormAdventures.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"c:\\Program Files\\Boxee\\BOXEE.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Real\\realplayer\\realplay.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/11/2011 9:02 AM 64512]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/11/2011 2:56 PM 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/11/2011 2:56 PM 17744]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/11/2009 8:22 PM 24652]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [8/19/2008 2:47 PM 128008]
S0 lcwopfwi;lcwopfwi; [x]
S1 MpKsla8d6b2dd;MpKsla8d6b2dd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0168AC8-F027-4029-BDB5-225D8E79AB83}\MpKsla8d6b2dd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0168AC8-F027-4029-BDB5-225D8E79AB83}\MpKsla8d6b2dd.sys [?]
S2 gupdate1ca4306ce17a000;Google Update Service (gupdate1ca4306ce17a000);c:\program files\Google\Update\GoogleUpdate.exe [10/1/2009 6:19 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 1:05 AM 1405384]
S3 0b87;0b87;\??\c:\windows\system32\0b87.sys --> c:\windows\system32\0b87.sys [?]
S3 1fbA;1fbA;\??\c:\windows\system32\1fbA.sys --> c:\windows\system32\1fbA.sys [?]
S3 2148;2148;\??\c:\windows\system32\2148.sys --> c:\windows\system32\2148.sys [?]
S3 264E;264E;\??\c:\windows\system32\264E.sys --> c:\windows\system32\264E.sys [?]
S3 2b118;2b118;\??\c:\windows\system32\2b118.sys --> c:\windows\system32\2b118.sys [?]
S3 360C;360C;\??\c:\windows\system32\360C.sys --> c:\windows\system32\360C.sys [?]
S3 4a713;4a713;\??\c:\windows\system32\4a713.sys --> c:\windows\system32\4a713.sys [?]
S3 5df17;5df17;\??\c:\windows\system32\5df17.sys --> c:\windows\system32\5df17.sys [?]
S3 64914;64914;\??\c:\windows\system32\64914.sys --> c:\windows\system32\64914.sys [?]
S3 7d412;7d412;\??\c:\windows\system32\7d412.sys --> c:\windows\system32\7d412.sys [?]
S3 b5aB;b5aB;\??\c:\windows\system32\b5aB.sys --> c:\windows\system32\b5aB.sys [?]
S3 c0910;c0910;\??\c:\windows\system32\c0910.sys --> c:\windows\system32\c0910.sys [?]
S3 ccfF;ccfF;\??\c:\windows\system32\ccfF.sys --> c:\windows\system32\ccfF.sys [?]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [11/6/2007 2:37 PM 87040]
S3 e8d6;e8d6;\??\c:\windows\system32\e8d6.sys --> c:\windows\system32\e8d6.sys [?]
S3 f2a16;f2a16;\??\c:\windows\system32\f2a16.sys --> c:\windows\system32\f2a16.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/3/2010 1:05 AM 15232]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\4.tmp [2/10/2011 10:02 PM 6144]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [5/21/2008 3:57 PM 34576]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [8/16/2007 2:24 PM 99200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-02-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 16:55]

2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-02 02:19]

2011-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-02 02:19]

2007-09-22 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 22:52]

2011-02-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]

2011-02-17 c:\windows\Tasks\User_Feed_Synchronization-{B32BDC43-908E-4273-AC79-C3687751E0A5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: pge.com\ra
.
- - - - ORPHANS REMOVED - - - -

BHO-{31c8dcc1-ec21-6caa-b880-4eb27c574ea7} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-17 17:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,05,36,34,15,5e,cb,48,94,78,6b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,05,36,34,15,5e,cb,48,94,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4088)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-17 18:02:21
ComboFix-quarantined-files.txt 2011-02-18 02:02
ComboFix2.txt 2011-02-11 05:03
ComboFix3.txt 2011-02-10 05:38
ComboFix4.txt 2011-02-10 02:40
ComboFix5.txt 2011-02-18 01:46

Pre-Run: 12,324,880,384 bytes free
Post-Run: 12,750,049,280 bytes free

- - End Of File - - B5E429824B6E76A8DEB362B92C3B1501


Here is the MRBCheck log:
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000803c5

Kernel Drivers (total 131):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB9F11000 fltmgr.sys
0xB9EFF000 sr.sys
0xBA0F8000 Lbd.sys
0xBA108000 PxHelp20.sys
0xB9EE8000 KSecDD.sys
0xB9ED5000 WudfPf.sys
0xB9E48000 Ntfs.sys
0xB9E1B000 NDIS.sys
0xB9E01000 Mup.sys
0xB96D1000 \SystemRoot\system32\drivers\TotRec7.sys
0xB96AD000 \SystemRoot\system32\drivers\portcls.sys
0xBA288000 \SystemRoot\system32\drivers\drmk.sys
0xB968A000 \SystemRoot\system32\drivers\ks.sys
0xBA298000 \SystemRoot\System32\DRIVERS\processr.sys
0xBA440000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xB9666000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xBA448000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xBA2A8000 \SystemRoot\system32\drivers\nvax.sys
0xBA58C000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB9626000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB95F3000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xB9225000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB9211000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA450000 \SystemRoot\System32\DRIVERS\fdc.sys
0xBA2F8000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA590000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB91FD000 \SystemRoot\System32\DRIVERS\parport.sys
0xBA308000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xBA458000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xBA79A000 \SystemRoot\system32\drivers\msmpu401.sys
0xBA594000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xBA79B000 \SystemRoot\System32\DRIVERS\audstub.sys
0xBA318000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA598000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB91E6000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xBA138000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xB978B000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xBA460000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB91D5000 \SystemRoot\System32\DRIVERS\psched.sys
0xB977B000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xBA468000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xBA470000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB976B000 \SystemRoot\System32\DRIVERS\termdd.sys
0xBA478000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBA5F4000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB9177000 \SystemRoot\System32\DRIVERS\update.sys
0xB9DDD000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xB9143000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0xB975B000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xBA5F8000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xB973B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB907D000 \SystemRoot\system32\drivers\nvapu.sys
0xB8F98000 \SystemRoot\system32\drivers\nvmcp.sys
0xB8F87000 \SystemRoot\system32\drivers\nvarm.sys
0xBA208000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xBA398000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xB6E48000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xBA608000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7BB000 \SystemRoot\System32\Drivers\Null.SYS
0xBA60A000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3B0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3B8000 \SystemRoot\System32\drivers\vga.sys
0xBA60C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA60E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3C0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3C8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA578000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB6E15000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB6DBC000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xBA2C8000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xB6D6C000 \SystemRoot\System32\DRIVERS\netbt.sys
0xBA3D0000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB6D4A000 \SystemRoot\System32\drivers\afd.sys
0xBA2D8000 \SystemRoot\System32\DRIVERS\netbios.sys
0xB6D1F000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB6CAF000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA2E8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB6C89000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB974B000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB6C42000 \SystemRoot\System32\Drivers\aswSP.SYS
0xB90EF000 \SystemRoot\System32\Drivers\ASPI32.SYS
0xBA3E0000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xBA53C000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xB971B000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xBA400000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA548000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xBA408000 \SystemRoot\system32\DRIVERS\point32.sys
0xBA410000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xB650A000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0xBA178000 \SystemRoot\system32\drivers\usbaudio.sys
0xB64CA000 \SystemRoot\system32\DRIVERS\lvrs.sys
0xB64B2000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA61A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB6DAC000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA418000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA678000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF468000 \SystemRoot\System32\ATMFD.DLL
0xB6DB4000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB554D000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB53C2000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB6BFA000 \SystemRoot\system32\drivers\sysaudio.sys
0xB40E5000 \SystemRoot\system32\drivers\wdmaud.sys
0xB403D000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xBA5DA000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB3EE4000 \SystemRoot\System32\Drivers\HTTP.sys
0xB3E64000 \SystemRoot\System32\DRIVERS\srv.sys
0xB417A000 \SystemRoot\System32\DRIVERS\secdrv.sys
0xBA490000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xBA652000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xBA4B0000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 49):
0 System Idle Process
4 System
604 C:\WINDOWS\system32\smss.exe
704 csrss.exe
728 C:\WINDOWS\system32\winlogon.exe
772 C:\WINDOWS\system32\services.exe
784 C:\WINDOWS\system32\lsass.exe
944 C:\WINDOWS\system32\svchost.exe
1000 svchost.exe
1092 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1132 C:\WINDOWS\system32\svchost.exe
1168 C:\WINDOWS\system32\svchost.exe
1376 svchost.exe
1584 svchost.exe
1696 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1908 C:\Program Files\Microsoft IntelliType Pro\type32.exe
1916 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
1936 C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
1952 C:\WINDOWS\system32\rundll32.exe
1988 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
2024 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
124 C:\Program Files\iTunes\iTunesHelper.exe
216 C:\Program Files\Microsoft Security Client\msseces.exe
228 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
536 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
544 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
568 C:\WINDOWS\system32\ctfmon.exe
1048 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
2072 C:\WINDOWS\system32\spoolsv.exe
2076 C:\WINDOWS\system32\rundll32.exe
2672 svchost.exe
2704 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2732 C:\Program Files\Bonjour\mDNSResponder.exe
2988 C:\WINDOWS\system32\svchost.exe
3024 C:\WINDOWS\system32\svchost.exe
3252 C:\WINDOWS\system32\svchost.exe
3308 C:\WINDOWS\system32\nvsvc32.exe
3348 C:\WINDOWS\system32\svchost.exe
3392 C:\WINDOWS\system32\svchost.exe
3552 C:\Program Files\Viewpoint\Common\ViewpointService.exe
3668 C:\Program Files\Canon\CAL\CALMAIN.exe
448 C:\Program Files\iPod\bin\iPodService.exe
2900 alg.exe
3496 C:\WINDOWS\system32\svchost.exe
3052 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
2356 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
2300 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
4088 C:\WINDOWS\explorer.exe
3224 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\T: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3250823AS, Rev: 3.03
PhysicalDrive1 Model Number: ST31500341AS, Rev: CC1H

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
1397 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#14 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:02:18 PM

Posted 18 February 2011 - 01:24 PM

Hi-

Let's clean up some problems-

1. Close any open browsers.

2. Open notepad and copy/paste the text in the codebox below into it:

DDS::
uInternet Settings,ProxyOverride = <local>
Driver::
0b87
1fbA
2148
264E
2b118
360C
4a713
5df17
64914
7d412
b5aB
c0910
ccfF
e8d6
f2a16

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Next, your Java runtimes are out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version here - Java Runtime Environment (JRE) Version 6
  • Scroll down to where it says "JDK 6 Update 24 (JRE) ...allows end-users to run Java applications".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586.exe to install the newest version.

I noticed that you have Viewpoint Manager installed which is considered to be foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

In your reply, please copy in the ComboFix report and update me on the status of your computer.

Thanks.
Shannon

#15 Glint

Glint
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 18 February 2011 - 07:58 PM

Hi again Shannon,

I had a couple of things happen when I applied the CFScript.txt to ComboFix that I hope didn’t affect the fix. One, Combo Fix asked to update, and I clicked yes. Two, I forgot to disable Adaware before starting, but I did manage to disable it before combo fix started doing anything.

I was wondering what the Viewpoint stuff was. Thanks for educating me. Viewpoint Media Player is all that was in “Add or Remove Programs”. It’s gone now.

As for how my computer is running:

After reboot, Avast usually gives me the following message “Suspicious files have been detected (using a heuristic method). This may be a sign of malware infection. Please allow the files to be submitted to our virus lab for analysis.” The files are C:\Documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\then a bunch of letters and numbers.” Shall I tell Avast to ignore these files, or delete them?

Until now, after rebooting, my computer hanged at the point of windows starting up the system tray programs, and all my installed programs weren’t showing up in the system tray. Most notably was Microsoft Security Essentials. It’s still slow, but it’s faster then before and Microsoft Essentials is showing up along with everything else. The search engine redirect and malware web pages loading issues seems to be gone, but it’s hard to tell with just a few minutes of testing.

During the course of trying to fix this computer, I have installed various anti-virus and malware programs. I am currently running two anti-virus programs, but I believe it’s best to go with just one. I'm running Avast & Microsoft Essentials, which of these two do you prefer, or do you suggest I go to something else like AGV free (when I was using AGV I didn’t have any issues, now I have lost confidence in Microsoft Essentials and am thinking of going back)? As you know, I am using one malware program, Ad-Aware with the occasional scan using Malwarebytes, shall I keep doing this?

Thanks again for all your help.

Here is the latest ComboFix log:
ComboFix 11-02-17.02 - Owner 02/18/2011 14:23:34.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1326 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_0B87
-------\Legacy_1FBA
-------\Legacy_2148
-------\Legacy_264E
-------\Legacy_2B118
-------\Legacy_360C
-------\Legacy_4A713
-------\Legacy_5DF17
-------\Legacy_64914
-------\Legacy_7D412
-------\Legacy_B5AB
-------\Legacy_C0910
-------\Legacy_CCFF
-------\Legacy_E8D6
-------\Legacy_F2A16
-------\Service_0b87
-------\Service_1fbA
-------\Service_2148
-------\Service_264E
-------\Service_2b118
-------\Service_360C
-------\Service_4a713
-------\Service_5df17
-------\Service_64914
-------\Service_7d412
-------\Service_b5aB
-------\Service_c0910
-------\Service_ccfF
-------\Service_e8d6
-------\Service_f2a16


((((((((((((((((((((((((( Files Created from 2011-01-18 to 2011-02-18 )))))))))))))))))))))))))))))))
.

2011-02-18 03:08 . 2011-02-03 01:10 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{902CD5B1-C794-4854-B2DE-5581342BCF86}\mpengine.dll
2011-02-14 01:20 . 2011-02-03 01:10 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-11 23:55 . 2011-02-11 23:55 -------- d-----w- c:\program files\CleanUp!
2011-02-11 22:56 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-11 22:56 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-11 22:56 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-11 22:56 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-11 22:56 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-11 22:56 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-11 22:56 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-11 22:56 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-11 22:56 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-11 22:56 . 2011-02-11 22:56 -------- d-----w- c:\program files\Alwil Software
2011-02-11 22:56 . 2011-02-11 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-02-11 17:19 . 2011-02-11 17:01 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-02-11 17:02 . 2011-02-11 16:55 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-11 17:01 . 2011-02-11 17:01 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-11 16:31 . 2011-02-11 16:31 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sunbelt Software
2011-02-11 16:00 . 2011-02-11 16:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-02-11 15:59 . 2011-02-11 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-02-11 15:59 . 2011-02-11 15:59 -------- d-----w- c:\program files\Lavasoft
2011-02-11 06:02 . 2010-05-26 18:39 6144 ------w- c:\windows\system32\4.tmp
2011-02-11 06:02 . 2010-05-26 18:39 6144 ------w- c:\windows\system32\3.tmp
2011-02-11 06:02 . 2010-05-26 18:39 6144 ------w- c:\windows\system32\2.tmp
2011-02-11 02:41 . 2011-02-12 04:48 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\61BC7F4A6A6F282185F3AF455855D4DD
2011-02-11 02:39 . 2011-02-11 02:39 -------- d-----w- C:\Adobe
2011-02-11 02:33 . 2011-02-11 02:33 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-02-11 02:32 . 2011-02-11 02:37 -------- d-----w- c:\documents and settings\NetworkService\Application Data\HPAppData
2011-02-11 02:06 . 2011-02-11 02:06 -------- d-----w- c:\program files\Sophos
2011-02-11 02:03 . 2011-02-11 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-02-10 03:30 . 2011-02-10 03:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2011-02-10 03:30 . 2011-02-10 03:30 -------- d-----w- c:\documents and settings\Default User\Application Data\Apple Computer
2011-02-10 03:30 . 2011-02-10 03:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-02-09 01:55 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2011-02-09 01:55 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2011-02-08 12:57 . 2011-02-10 03:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-02-08 09:24 . 2011-02-08 09:24 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer
2011-02-06 19:52 . 2011-02-10 03:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-06 18:59 . 2011-02-06 18:59 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-06 18:57 . 2011-02-06 18:57 -------- d-----w- c:\documents and settings\Owner\Application Data\iaexcqxhv
2011-02-05 23:37 . 2011-02-10 03:30 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-04 02:39 . 2011-02-06 22:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-02-03 17:04 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-03 17:04 . 2011-02-06 18:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-03 17:04 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 01:11 . 2010-11-19 06:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-21 14:44 . 2003-03-31 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2003-03-31 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2003-03-31 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2003-03-31 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2003-03-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2003-03-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2003-03-31 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2005-12-09 09:43 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2003-03-31 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2003-03-31 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2003-03-31 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2002-08-29 01:04 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2008-08-01 1103216]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-02 198160]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-21 131072]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-09 47904]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD5240]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD5658]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD5951]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD9436]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMO_V2_CDU680]
2007-10-03 01:56 316664 ----a-w- c:\program files\Franklin\CDU680DORA\Bin\RDVCHG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-04-19 20:26 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB5351]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB7479]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB8204]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB9085]
2003-03-31 12:00 50620 ----a-w- c:\windows\system32\command.com

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\winaw32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\bookworm adventures deluxe\\BookwormAdventures.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"c:\\Program Files\\Boxee\\BOXEE.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Real\\realplayer\\realplay.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/11/2011 9:02 AM 64512]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/11/2011 2:56 PM 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/11/2011 2:56 PM 17744]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 1:05 AM 1405384]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/11/2009 8:22 PM 24652]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [8/19/2008 2:47 PM 128008]
S0 lcwopfwi;lcwopfwi; [x]
S1 MpKsl74c79d30;MpKsl74c79d30;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{902CD5B1-C794-4854-B2DE-5581342BCF86}\MpKsl74c79d30.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{902CD5B1-C794-4854-B2DE-5581342BCF86}\MpKsl74c79d30.sys [?]
S1 MpKsla8d6b2dd;MpKsla8d6b2dd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0168AC8-F027-4029-BDB5-225D8E79AB83}\MpKsla8d6b2dd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0168AC8-F027-4029-BDB5-225D8E79AB83}\MpKsla8d6b2dd.sys [?]
S2 gupdate1ca4306ce17a000;Google Update Service (gupdate1ca4306ce17a000);c:\program files\Google\Update\GoogleUpdate.exe [10/1/2009 6:19 PM 133104]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [11/6/2007 2:37 PM 87040]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/3/2010 1:05 AM 15232]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\4.tmp [2/10/2011 10:02 PM 6144]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [5/21/2008 3:57 PM 34576]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [8/16/2007 2:24 PM 99200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-02-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 16:55]

2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-02 02:19]

2011-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-02 02:19]

2007-09-22 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 22:52]

2011-02-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]

2011-02-18 c:\windows\Tasks\User_Feed_Synchronization-{B32BDC43-908E-4273-AC79-C3687751E0A5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: pge.com\ra
.
- - - - ORPHANS REMOVED - - - -

BHO-{31c8dcc1-ec21-6caa-b880-4eb27c574ea7} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-18 14:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,05,36,34,15,5e,cb,48,94,78,6b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,05,36,34,15,5e,cb,48,94,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4836)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2011-02-18 14:44:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-18 22:44
ComboFix2.txt 2011-02-18 02:02
ComboFix3.txt 2011-02-11 05:03
ComboFix4.txt 2011-02-10 05:38
ComboFix5.txt 2011-02-18 22:20

Pre-Run: 12,640,768,000 bytes free
Post-Run: 12,667,650,048 bytes free

- - End Of File - - 7E5AF3151F9D16BCBA8B2CC503C75AAA

Edited by Glint, 18 February 2011 - 08:00 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users