Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Adobe Patches Flash Player, Acrobat, Reader, Creative Cloud Desktop App, More

Featured Deal: Get 66% off ProtonVPN Plus Subscriptions Deal

Photo

Google searches redirected

Started by kenschurr , Feb 15 2011 04:08 PM

  • This topic is locked This topic is locked
3 replies to this topic

#1 kenschurr

kenschurr

  • Members
  • 2 posts
  • OFFLINE
    •  
  • Local time:11:07 AM

Posted 15 February 2011 - 04:08 PM

I have a viruw/malware that is preventing me from doing Google searches. Whenever I select a topic I am directed to http//D6E0.R, (yesturday it was http//317B.R)I am using Avira antivirus but it cannot find this virus. I have run RSIT and GMER and the files are listed below. Help is greatly appreciated, thank you.
Ken


info.txt logfile of random's system information tool 1.08 2011-02-15 15:57:11

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
-->MsiExec.exe /I{D6160F37-7638-4E56-9774-F3C88F30A4A9}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
-->VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
AAA Map'n'Go 7.0-->C:\WINDOWS\IsUninst.exe -fC:\AAAMNG7\Mng7Uninst.isu
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Acronis True Image Home-->MsiExec.exe /X{D1E0E859-F46D-4708-A41D-ED90C0C1822A}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
Ask Toolbar-->rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
AutoCAD LT 97-->C:\WINDOWS\acremen.exe ACLT-2454698:33482812
AutoCAD LT Learning Assistance-->C:\WINDOWS\uninst.exe -f"C:\Program Files\AutoCAD LT Learning Assistance\DeIsL1.isu"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
BadCopy Pro-->C:\PROGRA~1\Jufsoft\BadCopy\UNWISE.EXE C:\PROGRA~1\Jufsoft\BadCopy\INSTALL.LOG
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BP Diary-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\BpDiary\ST6UNST.LOG"
BroadJump Client Foundation-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Cars - Radiator Springs Adventures-->"C:\Program Files\THQ\Disney-PIXAR\Cars\Radiator Springs Adventures\Uninstall_Cars - Radiator Springs Adventures\Uninstall Cars - Radiator Springs Adventures.exe"
Cars-->C:\Program Files\THQ\Disney\Cars\_uninst\uninstaller.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Chinese Simplified Fonts Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-2447-0000-900000000003}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Consolas Font Family-->MsiExec.exe /I{6AE22174-4FFA-4572-B692-31F0C386ED38}
Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
day-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{41c785ee-4002-4cb0-98a2-a12d62d97dba}.sdb"
DesignPro 5.0 Media Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EDF1085A-73FF-4B3B-8726-2A403D400E48}
eBay Icon-->C:\Documents and Settings\Owner\Application Data\Desktopicon\uninst.exe
ECGViewer-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\Intel 32\IDriver.exe /M{3706D57E-2417-471B-B157-83126C7A9F4D}
FTP Commander-->C:\Program Files\FTP Commander\uninstall.exe
Garmin Communicator Plugin-->MsiExec.exe /X{15F4085A-BC98-4590-AFFD-03BBBE49524E}
Garmin USB Drivers-->MsiExec.exe /X{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}
Garmin WebUpdater-->MsiExec.exe /X{D17111CB-C992-42A9-9D56-C19395102AAA}
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Earth-->MsiExec.exe /X{4286E640-B5FB-11DF-AC4B-005056C00008}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Handy Backup-->MsiExec.exe /I{ECC7A630-E1CB-49D3-B089-EC18F106F905}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
HP DeskJet 895C Series (Remove only)-->C:\Program Files\HP DeskJet 895C Series\hpfiui.exe -c -vdivid=HPF -vpnum=15 -vproduct=895C -huninstall
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PhotoSmart Scanning Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\HP PhotoSmart\Uninst.isu" -c"C:\Program Files\HP PhotoSmart\S20 Scanner\Hpi_Uninst.dll
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
Ipswitch WS_FTP Home 2006-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11DE2361-9F73-47B3-B638-2F267927E307}\setup.exe" -l0x9
IsoBuster 2.4-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Jasc Paint Shop Photo Album 5-->MsiExec.exe /I{24960CD0-661D-4957-9D5F-D2905A30EDB1}
JascUpdate-->MsiExec.exe /I{4A6DDD86-DF01-4472-84BE-7A3D5719D1C9}
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Legacy 7.4-->"C:\Legacy\UNWISE.EXE" /U "C:\Legacy\Install.log"
Legacy Charting 7.4-->"C:\Legacy\LegacyCharting7\unins000.exe"
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LIVESTRONG USB-->MsiExec.exe /I{9AF6CF31-86AD-4336-B4CC-14CE9B5CC2E3}
Media Add-ons for Acronis True Image Home 2009-->MsiExec.exe /X{8B961557-75BB-4336-8167-90267ED34267}
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Flight Simulator X Service Pack 1-->C:\WINDOWS\system32\msiexec.exe /qb /l*vx "%TEMP%\FlightSimPatchUninstall.log" /uninstall {92635E02-4C29-4A8F-AA82-7B8B95C823D3} /package {9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X Service Pack 2-->MsiExec.exe /X{4847BBB9-EADD-4C92-90BF-4223B0892FF6}
Microsoft Flight Simulator X-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\Intel 32\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X-->MsiExec.exe /X{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Office 2000 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Outlook 2003-->MsiExec.exe /I{90E00409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Picture It! 2000-->MsiExec.exe /I{E78FC917-C21B-11D2-99FE-00105A98B681}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{4815BD99-96A4-49FE-A885-DCF06E9E4E78}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8}
Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{F1DC7648-8623-442F-92B7-E118DF61872E}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
MSI Live Update 3-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Live Update 3\Uninst.isu"
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSN Toolbar Setup-->MsiExec.exe /X{EB5142E6-7759-4A61-B52E-136686FF19FE}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OLYMPUS CAMEDIA Master 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06230E02-2B7E-11D2-92D0-0040051BD005}\setup.exe" -uninst
OneTouch Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D521C206-C457-4AE3-A0E0-072D37E2A580}\Setup.exe" -l0x9
Pdf995-->C:\Program Files\pdf995\setup.exe uninstall
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Quicken 2010-->MsiExec.exe /X{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Safe Returner version 1.27.9-->"C:\Program Files\Safe Returner\unins000.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2482017)-->"C:\WINDOWS\ie8updates\KB2482017-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe"
Serif WebPlus X4 Bonus Content Pack-->MsiExec.exe /X{55485AA6-B3C8-4FEF-9A1E-09B7DE3DB589}
Serif WebPlus X4 Resources-->MsiExec.exe /I{96CFF0DB-C3C3-44B8-930C-1121EC68A3BF}
Serif WebPlus X4-->MsiExec.exe /I{9ADA45A0-8043-470A-8E8B-02EA7D95F896}
SimCity 4 Deluxe-->C:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
SoftV92 Data Fax Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F00
Spyware Doctor with AntiVirus 8.0-->C:\Program Files\PC Tools Security\unins000.exe /LOG
Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{C965F01C-76EA-4BD7-973E-46236AE312D7}
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
Thomas & Friends - The Great Festival Adventure-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\The Great Festival Adventure\Uninst.isu"
Thomas & Friends - Trouble on the Tracks-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Thomas & Friends - Trouble on the Tracks\Uninst.isu"
Thomas New Line-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12230A4C-6902-4001-B606-48C6FC98B42A}\Setup.exe" -l0x9 -uninst
Thomas Saves the Day-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDE5437B-7DC2-4BB4-BECA-B5E7633259D0}\setup.exe" -l0x9 -uninst
Time Zone Data Update Tool for Microsoft Office Outlook-->MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
TWC Customer Controls-->MsiExec.exe /I{F8722041-B63A-47FB-82A8-5F0977E1CF45}
UniChrome Pro IGP Display Driver and Utilities-->C:\PROGRA~1\S3\S3\s3setvga.exe -s -fC:\PROGRA~1\S3\S3\S3.uns
Unlocker 1.8.9-->C:\Program Files\Unlocker\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB2362765)-->"C:\WINDOWS\ie8updates\KB2362765-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
URGE-->MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
USB SM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77015BA0-BE4B-11D5-9268-006097A63005}\setup.exe" /UnInstall -L0x9
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Vinyl Audio Codecs Driver Setup Program-->RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -y-f"C:\PROGRA~1\VIAudioi\SBASetup\Uninst.isu"
VIA/S3G Display Driver-->VTsetvga.exe -s -rRundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\uc03i.inf
VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Visioneer PaperPort Viewer 5.0-->c:\ppviewer\UnInstlv.exe C:\WINDOWS\uninst.exe -fc:\ppviewer\DeIsL1.isu
VMN Toolbar-->C:\Program Files\vmntoolbar\uninstall.exe -uninstall -prompt
WebIQ Technology Engine-->C:\WINDOWS\system32\WebIQEngineSetup.exe u
Windows 7 Upgrade Advisor-->MsiExec.exe /I{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\grmnusb_8E661E05CC789A6D1B8ABAA087CF60EDD72AC35D\grmnusb.inf
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Resource Kit Tools - SubInAcl.exe-->MsiExec.exe /X{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}

======Security center information======

AV: Spyware Doctor with AntiVirus
AV: AntiVir Desktop

======System event log======

Computer Name: OWNER-A84A2538A
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 406514
Source Name: Cdrom
Time Written: 20101130152644.000000-300
Event Type: error
User:

Computer Name: OWNER-A84A2538A
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 406513
Source Name: Cdrom
Time Written: 20101130152641.000000-300
Event Type: error
User:

Computer Name: OWNER-A84A2538A
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 406512
Source Name: Cdrom
Time Written: 20101130152637.000000-300
Event Type: error
User:

Computer Name: OWNER-A84A2538A
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 406511
Source Name: Cdrom
Time Written: 20101130152634.000000-300
Event Type: error
User:

Computer Name: OWNER-A84A2538A
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 406510
Source Name: Cdrom
Time Written: 20101130152627.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: OWNER-A84A2538A
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved


Record Number: 44300
Source Name: crypt32
Time Written: 20110214180724.000000-300
Event Type: error
User:

Computer Name: OWNER-A84A2538A
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 44299
Source Name: crypt32
Time Written: 20110214175723.000000-300
Event Type: error
User:

Computer Name: OWNER-A84A2538A
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 44298
Source Name: crypt32
Time Written: 20110214174722.000000-300
Event Type: error
User:

Computer Name: OWNER-A84A2538A
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved


Record Number: 44297
Source Name: crypt32
Time Written: 20110214173721.000000-300
Event Type: error
User:

Computer Name: OWNER-A84A2538A
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 44296
Source Name: crypt32
Time Written: 20110214172719.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\Microsoft SQL Server\100\Tools\Binn;C:\Program Files\Microsoft SQL Server\100\DTS\Binn;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Program Files\Common Files\Acronis\SnapAPI;C:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Acronis\SnapAPI\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by Owner at 2011-02-15 15:56:51
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 85 GB (56%) free of 153 GB
Total RAM: 1535 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:57:06 PM, on 2/15/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\mstbsvc.exe
C:\Program Files\Novosoft\Handy Backup\BackupNetworkCoordinator.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100470.exe -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.freeonlinegames.com/game/karate-kamil.html"
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B7676E2-FDE8-4828-B6ED-B8FAE491F9B0}: NameServer = 93.188.163.125,93.188.160.75
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.125,93.188.160.75
O17 - HKLM\System\CS1\Services\Tcpip\..\{3B7676E2-FDE8-4828-B6ED-B8FAE491F9B0}: NameServer = 93.188.163.125,93.188.160.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.125,93.188.160.75
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9b5faf472115c) (gupdate1c9b5faf472115c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Novosoft Backup Network Coordinator (NovosoftBackupNetworkCoordinator) - Novosoft LLC - C:\Program Files\Novosoft\Handy Backup\BackupNetworkCoordinator.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: SNDSrvc - Acronis - (no file)
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O24 - Desktop Component 0: (no name) - http://adisney.go.com/disneypictures/cars/us/wallpapers/mcqueen_1024x768.jpg

--
End of file - 8773 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A87E45F-537A-40B4-B812-E2544C21A09F}]
SpywareBlock Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}]
VMN Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2011-02-14 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-15 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} -

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2005-03-23 217088]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-04-18 5562368]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-04-18 86016]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2009-10-19 377320]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
"ISTray"=C:\Program Files\PC Tools Security\pctsGui.exe [2010-12-01 1589208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-02-14 39408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100470.exe [2008-11-04 460216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2009-10-19 377320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2009-10-19 960640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-12-16 2402512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_McciTrayApp]
C:\Program Files\ATT-SST\McciTrayApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
C:\PROGRA~1\AVG\AVG9\avgtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-01-10 281768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [2007-10-30 16200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CyberDefender Registry Cleaner]
C:\Program Files\CyberDefender\Registry Cleaner\CDregclean.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup]
C:\Program Files\Novosoft\Handy Backup\hbagent.exe [2010-11-22 4782312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-10-19 4355576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe [2010-03-08 15872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NPFMntor"=2
"SAVScan"=3
"gusvc"=3
"GEARSecurity"=2
"ccSetMgr"=2
"ccPwdSvc"=3
"ccEvtMgr"=2
"avg8wd"=2
"AntiVirService"=2
"AntiVirScheduler"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=145
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe"="C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe:*:Enabled:Microsoft Flight Simulator®"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java™ Platform SE binary"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Documents and Settings\Owner\Local Settings\Temp\usmt\migwiz.exe"="C:\Documents and Settings\Owner\Local Settings\Temp\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"

======File associations======

.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2011-02-15 15:56:51 ----D---- C:\rsit
2011-02-14 13:15:33 ----D---- C:\Program Files\Trend Micro
2011-02-14 13:04:30 ----A---- C:\WINDOWS\system32\drivers\pctEFA.sys
2011-02-14 13:04:30 ----A---- C:\WINDOWS\system32\drivers\pctDS.sys
2011-02-14 13:04:29 ----A---- C:\WINDOWS\system32\drivers\pctgntdi.sys
2011-02-14 13:04:25 ----A---- C:\WINDOWS\system32\drivers\PCTCore.sys
2011-02-14 13:04:25 ----A---- C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2011-02-14 13:04:02 ----A---- C:\WINDOWS\system32\drivers\pctplsg.sys
2011-02-14 13:03:32 ----D---- C:\Program Files\Common Files\PC Tools
2011-02-14 13:03:32 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2011-02-14 13:03:31 ----D---- C:\Program Files\PC Tools Security
2011-02-14 13:03:31 ----D---- C:\Documents and Settings\Owner\Application Data\PC Tools
2011-02-14 11:07:11 ----A---- C:\WINDOWS\reimage.ini
2011-02-14 10:56:48 ----D---- C:\Documents and Settings\All Users\Application Data\SafeReturner
2011-02-14 10:55:54 ----D---- C:\Program Files\Safe Returner
2011-02-13 14:22:14 ----D---- C:\Documents and Settings\Owner\Application Data\Avira
2011-02-13 12:15:01 ----HD---- C:\WINDOWS\PIF
2011-02-13 11:34:38 ----ASH---- C:\pagefile.sys
2011-02-13 11:27:29 ----A---- C:\WINNT32U.DLL
2011-02-13 11:27:29 ----A---- C:\WINNT32A.DLL
2011-02-13 11:27:29 ----A---- C:\WINNT32.EXE
2011-02-13 11:07:35 ----AH---- C:\BOOT.BAK
2011-02-13 11:07:20 ----RSHD---- C:\cmdcons
2011-02-13 11:07:20 ----A---- C:\WINDOWS\UPGRADE.TXT
2011-02-13 11:07:18 ----D---- C:\WINDOWS\setup.pss
2011-02-10 14:25:28 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2011-02-10 14:25:26 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2011-02-10 14:25:26 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2011-02-10 14:25:26 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-02-10 14:25:26 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2011-02-10 14:25:25 ----D---- C:\Program Files\Avira
2011-02-10 14:25:25 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2011-02-07 10:25:23 ----D---- C:\Documents and Settings\All Users\Application Data\SBT
2011-02-07 10:25:11 ----D---- C:\Program Files\Snapshot Viewer
2011-01-26 13:35:58 ----D---- C:\Program Files\Johnson Health Tech

======List of files/folders modified in the last 1 months======

2011-02-15 15:56:58 ----D---- C:\WINDOWS\Temp
2011-02-15 15:56:55 ----D---- C:\WINDOWS\Prefetch
2011-02-15 15:56:48 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-02-15 15:45:19 ----SHD---- C:\WINDOWS\Installer
2011-02-15 15:43:12 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-15 15:42:39 ----SD---- C:\WINDOWS\Tasks
2011-02-15 15:41:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-15 14:49:35 ----D---- C:\WINDOWS\system32
2011-02-14 14:48:03 ----D---- C:\WINDOWS\system32\NtmsData
2011-02-14 13:28:15 ----D---- C:\WINDOWS\Registration
2011-02-14 13:15:33 ----RD---- C:\Program Files
2011-02-14 13:15:33 ----HD---- C:\Config.Msi
2011-02-14 13:10:46 ----SHD---- C:\System Volume Information
2011-02-14 13:04:30 ----D---- C:\WINDOWS\system32\drivers
2011-02-14 13:04:02 ----D---- C:\WINDOWS\WinSxS
2011-02-14 13:03:32 ----D---- C:\Program Files\Common Files
2011-02-14 12:52:47 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2011-02-14 12:52:39 ----D---- C:\Program Files\Google
2011-02-14 11:47:52 ----AH---- C:\boot.ini
2011-02-14 11:47:52 ----AC---- C:\WINDOWS\win.ini
2011-02-14 11:47:52 ----AC---- C:\WINDOWS\system.ini
2011-02-14 11:39:45 ----D---- C:\WINDOWS
2011-02-14 11:01:54 ----D---- C:\WINDOWS\Debug
2011-02-13 12:01:38 ----D---- C:\WINDOWS\network diagnostic
2011-02-12 11:19:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-02-12 11:16:58 ----HD---- C:\WINDOWS\inf
2011-02-10 13:35:07 ----D---- C:\Documents and Settings\All Users\Application Data\AVG10
2011-02-09 10:08:03 ----D---- C:\Program Files\Internet Explorer
2011-02-09 10:02:29 ----AC---- C:\WINDOWS\system32\MRT.exe
2011-02-09 10:01:57 ----D---- C:\WINDOWS\ie8updates
2011-02-09 10:01:50 ----HD---- C:\WINDOWS\$hf_mig$
2011-02-08 13:30:43 ----D---- C:\Documents and Settings\Owner\Application Data\GARMIN
2011-02-07 10:27:35 ----AC---- C:\WINDOWS\ODBC.INI
2011-02-07 10:26:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-02-07 10:25:41 ----D---- C:\Program Files\Microsoft Office
2011-02-07 10:25:12 ----D---- C:\Program Files\Common Files\System
2011-02-07 10:24:25 ----D---- C:\WINDOWS\system
2011-02-07 10:24:25 ----D---- C:\WINDOWS\msapps
2011-02-07 10:24:25 ----D---- C:\Program Files\microsoft frontpage
2011-01-31 10:40:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-01-26 14:23:09 ----D---- C:\WINDOWS\Microsoft.NET
2011-01-26 14:23:08 ----RSD---- C:\WINDOWS\assembly
2011-01-26 13:34:11 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-01-26 13:30:04 ----D---- C:\WINDOWS\system32\en-US
2011-01-26 13:29:57 ----D---- C:\Program Files\Microsoft.NET
2011-01-21 09:44:37 ----A---- C:\WINDOWS\system32\shimgvw.dll
2011-01-21 09:44:37 ----A---- C:\WINDOWS\system32\shell32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-13 46464]
R0 iomdisk;Iomega Devices Disk Filter Services; C:\WINDOWS\System32\DRIVERS\iomdisk.sys [2002-07-31 30258]
R0 PCTCore;PCTools KDS; C:\WINDOWS\system32\drivers\PCTCore.sys [2010-11-25 239168]
R0 pctDS;PC Tools Data Store; C:\WINDOWS\system32\drivers\pctDS.sys [2010-07-16 338880]
R0 pctEFA;PC Tools Extended File Attributes; C:\WINDOWS\system32\drivers\pctEFA.sys [2010-07-16 656320]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\Drivers\PxHelp20.sys [2008-04-10 44944]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2010-06-01 156928]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251); C:\WINDOWS\system32\DRIVERS\tdrpm251.sys [2010-06-01 902432]
R0 timounter;Acronis Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2010-06-01 570016]
R0 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\viamraid.sys [2004-07-06 60672]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-01-10 135096]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-25 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-07-25 28672]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-01-10 61960]
R2 Stltrk2k;Stltrk2k; C:\WINDOWS\system32\drivers\Stltrk2k.sys [2002-01-24 13545]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-09-12 44704]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-10-04 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-10-04 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-10-04 21744]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-04-18 3455360]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-03-15 20352]
R3 SymEvent;SymEvent; C:\WINDOWS\system32\drivers\SymEvent.sys [2006-01-31 123248]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\USBSCAN.SYS [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2006-10-09 203648]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-25 101504]
S2 HPFECP15;HPFECP15; C:\WINDOWS\System32\drivers\HPFECP15.SYS [1998-09-04 52800]
S3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
S3 cpuz134;cpuz134; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys []
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSICPL;MSICPL; \??\C:\Documents and Settings\Owner\Desktop\install4\MSICPL.sys []
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 RegKernelHelp;RegKernelHelp; \??\C:\Program Files\Safe Returner\RegKernelHelp.sys []
S3 SaiH040C;SaiH040C; C:\WINDOWS\system32\DRIVERS\SaiH040C.sys [2005-07-07 173568]
S3 SaiU040C;SaiU040C; C:\WINDOWS\system32\DRIVERS\SaiU040C.sys [2005-07-07 26496]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2004-06-28 42752]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2005-04-05 11512]
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2005-04-05 173208]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2005-04-05 36984]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20060322.078\symidsco.sys []
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2005-04-05 47192]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2006-04-13 252416]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2009-10-19 619016]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-01-10 267944]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-25 876032]
R2 Iomega App Services;Iomega App Services; C:\PROGRA~1\Iomega\System32\AppServices.exe [2002-07-31 73728]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2009-01-26 303104]
R2 mstbsvc;MSN Toolbar Setup; C:\Program Files\MSN\Toolbar\3.0.1125.0\mstbsvc.exe [2009-02-09 104784]
R2 NovosoftBackupNetworkCoordinator;Novosoft Backup Network Coordinator; C:\Program Files\Novosoft\Handy Backup\BackupNetworkCoordinator.exe [2010-11-22 31976]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-04-18 127043]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\PC Tools Security\pctsSvc.exe [2010-11-19 1150936]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c9b5faf472115c;Google Update Service (gupdate1c9b5faf472115c); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-05 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-14 194104]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-10 40999448]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [2008-07-15 394608]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 Iomega Activity Disk2;Iomega Activity Disk2; []
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]

-----------------EOF-----------------

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-14 20:38:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600AAJB-00J3A0 rev.01.03E01
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwrdakoc.sys


---- System - GMER 1.0.15 ----

SSDT 89923FC0 ZwConnectPort
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9EEB6FA]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9EC9F68]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9ECA230]
SSDT BA734DFC ZwCreateThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB9EEC0B4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB9EEC43E]
SSDT BA734E1A ZwLoadKey
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9EEA938]
SSDT BA734DE8 ZwOpenProcess
SSDT BA734DED ZwOpenThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9EEC982]
SSDT BA734E24 ZwReplaceKey
SSDT BA734E1F ZwRestoreKey
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9EEBAB8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB9EC99D8]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 256C 80501DA4 4 Bytes CALL E70A90F6

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[296] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[296] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\spoolsv.exe[296] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[296] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A0, 71]
.text C:\WINDOWS\system32\spoolsv.exe[296] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[296] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [9D, 71]
.text C:\WINDOWS\system32\spoolsv.exe[296] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01F80001
.text C:\WINDOWS\explorer.exe[384] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\explorer.exe[384] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AE, 71]
.text C:\WINDOWS\explorer.exe[384] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\explorer.exe[384] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\WINDOWS\explorer.exe[384] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\explorer.exe[384] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A5, 71]
.text C:\WINDOWS\explorer.exe[384] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B70001
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00650001
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[680] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[680] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[680] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[680] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A4, 71]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[680] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[680] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A1, 71]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[680] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01370001
.text C:\Program Files\Bonjour\mDNSResponder.exe[724] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[724] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[724] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[724] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [9F, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[724] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[724] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [9C, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[724] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 007B0001
.text C:\WINDOWS\system32\csrss.exe[1040] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1040] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\csrss.exe[1040] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1040] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\csrss.exe[1040] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1040] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\csrss.exe[1040] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02D90001
.text C:\WINDOWS\System32\alg.exe[1044] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[1044] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AE, 71]
.text C:\WINDOWS\System32\alg.exe[1044] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[1044] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A0, 71]
.text C:\WINDOWS\System32\alg.exe[1044] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[1044] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [9D, 71]
.text C:\WINDOWS\System32\alg.exe[1044] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00650001
.text C:\WINDOWS\system32\winlogon.exe[1064] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1064] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\winlogon.exe[1064] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1064] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\winlogon.exe[1064] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1064] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01610001
.text C:\WINDOWS\system32\services.exe[1108] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1108] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\services.exe[1108] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1108] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\services.exe[1108] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1108] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FF0001
.text C:\WINDOWS\system32\lsass.exe[1120] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1120] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\lsass.exe[1120] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1120] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\lsass.exe[1120] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1120] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01200001
.text C:\PROGRA~1\Iomega\System32\AppServices.exe[1168] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Iomega\System32\AppServices.exe[1168] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\PROGRA~1\Iomega\System32\AppServices.exe[1168] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Iomega\System32\AppServices.exe[1168] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\PROGRA~1\Iomega\System32\AppServices.exe[1168] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Iomega\System32\AppServices.exe[1168] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\PROGRA~1\Iomega\System32\AppServices.exe[1168] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C20001
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[1260] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[1260] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AE, 71]
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[1260] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[1260] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[1260] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[1260] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A5, 71]
.text C:\Program Files\Microsoft Office\Office\WINWORD.EXE[1260] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BC0001
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E00001
.text C:\WINDOWS\system32\dllhost.exe[1348] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dllhost.exe[1348] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AE, 71]
.text C:\WINDOWS\system32\dllhost.exe[1348] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dllhost.exe[1348] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\WINDOWS\system32\dllhost.exe[1348] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dllhost.exe[1348] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\dllhost.exe[1348] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00650001
.text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FB0001
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [A4, 71]
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [9E, 71]
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [9B, 71]
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 026F0001
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1472] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1472] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1472] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1472] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1472] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1472] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1472] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00570001
.text C:\Program Files\Java\jre6\bin\jqs.exe[1576] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1576] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1576] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1576] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [9F, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1576] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1576] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [9C, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1576] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 012C0001
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00650001
.text C:\Program Files\Common Files\Motive\McciCMService.exe[1748] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Motive\McciCMService.exe[1748] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\Common Files\Motive\McciCMService.exe[1748] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Motive\McciCMService.exe[1748] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\Program Files\Common Files\Motive\McciCMService.exe[1748] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Motive\McciCMService.exe[1748] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\Program Files\Common Files\Motive\McciCMService.exe[1748] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DE0001
.text C:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00780001
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[1792] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[1792] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[1792] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[1792] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[1792] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[1792] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[1792] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 014B0001
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1840] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1840] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1840] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1840] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1840] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1840] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1840] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DA0001
.text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CB0001
.text C:\Program Files\PC Tools Security\pctsGui.exe[1900] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044BB9D C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools GUI Application/PC Tools)
.text C:\WINDOWS\system32\ctfmon.exe[1920] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1920] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\ctfmon.exe[1920] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1920] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\ctfmon.exe[1920] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1920] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\ctfmon.exe[1920] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DD0001
.text C:\WINDOWS\Explorer.EXE[1992] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1992] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\Explorer.EXE[1992] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1992] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A4, 71]
.text C:\WINDOWS\Explorer.EXE[1992] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1992] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A1, 71]
.text C:\WINDOWS\Explorer.EXE[1992] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02BC0001
.text C:\Program Files\MSN\Toolbar\3.0.1125.0\mstbsvc.exe[2136] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN\Toolbar\3.0.1125.0\mstbsvc.exe[2136] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\MSN\Toolbar\3.0.1125.0\mstbsvc.exe[2136] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN\Toolbar\3.0.1125.0\mstbsvc.exe[2136] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\Program Files\MSN\Toolbar\3.0.1125.0\mstbsvc.exe[2136] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN\Toolbar\3.0.1125.0\mstbsvc.exe[2136] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\Program Files\MSN\Toolbar\3.0.1125.0\mstbsvc.exe[2136] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C50001
.text C:\Program Files\Novosoft\Handy Backup\BackupNetworkCoordinator.exe[2160] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Novosoft\Handy Backup\BackupNetworkCoordinator.exe[2160] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\Novosoft\Handy Backup\BackupNetworkCoordinator.exe[2160] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Novosoft\Handy Backup\BackupNetworkCoordinator.exe[2160] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [9F, 71]
.text C:\Program Files\Novosoft\Handy Backup\BackupNetworkCoordinator.exe[2160] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Novosoft\Handy Backup\BackupNetworkCoordinator.exe[2160] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [9C, 71]
.text C:\Program Files\Novosoft\Handy Backup\BackupNetworkCoordinator.exe[2160] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AE0001
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2320] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2320] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AE, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2320] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2320] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2320] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2320] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A5, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2320] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009D0001
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2320] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2320] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2320] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2320] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2320] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2320] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2320] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2320] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2320] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\nvsvc32.exe[2424] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2424] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\nvsvc32.exe[2424] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2424] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\nvsvc32.exe[2424] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2424] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\nvsvc32.exe[2424] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00780001
.text C:\WINDOWS\system32\HPZipm12.exe[2464] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\HPZipm12.exe[2464] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [A9, 71]
.text C:\WINDOWS\system32\HPZipm12.exe[2464] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\HPZipm12.exe[2464] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A3, 71]
.text C:\WINDOWS\system32\HPZipm12.exe[2464] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\HPZipm12.exe[2464] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A0, 71]
.text C:\WINDOWS\system32\HPZipm12.exe[2464] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B30001
.text C:\WINDOWS\system32\PSIService.exe[2508] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\PSIService.exe[2508] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\PSIService.exe[2508] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\PSIService.exe[2508] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\PSIService.exe[2508] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\PSIService.exe[2508] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\PSIService.exe[2508] kernel32.dll!LoadLibraryExW + C4 7C801BB9 2 Bytes CALL 00810001
.text C:\WINDOWS\system32\PSIService.exe[2508] kernel32.dll!LoadLibraryExW + C7 7C801BBC 1 Byte [84]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2596] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2596] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2596] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2596] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2596] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2596] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2596] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00740001
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2636] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2636] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [A9, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2636] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2636] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A3, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2636] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2636] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A0, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2636] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 061C0001
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2636] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044BEE1 C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\WINDOWS\system32\svchost.exe[2928] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2928] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[2928] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2928] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\svchost.exe[2928] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2928] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\svchost.exe[2928] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F90001
.text C:\Program Files\Outlook Express\msimn.exe[3104] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Outlook Express\msimn.exe[3104] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\Outlook Express\msimn.exe[3104] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Outlook Express\msimn.exe[3104] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A4, 71]
.text C:\Program Files\Outlook Express\msimn.exe[3104] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Outlook Express\msimn.exe[3104] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A1, 71]
.text C:\Program Files\Outlook Express\msimn.exe[3104] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02460001
.text C:\PROGRA~1\WINZIP\winzip32.exe[3328] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WINZIP\winzip32.exe[3328] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AE, 71]
.text C:\PROGRA~1\WINZIP\winzip32.exe[3328] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WINZIP\winzip32.exe[3328] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\PROGRA~1\WINZIP\winzip32.exe[3328] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WINZIP\winzip32.exe[3328] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A5, 71]
.text C:\PROGRA~1\WINZIP\winzip32.exe[3328] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01150001
.text C:\WINDOWS\system32\msdtc.exe[3536] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msdtc.exe[3536] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AE, 71]
.text C:\WINDOWS\system32\msdtc.exe[3536] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msdtc.exe[3536] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A0, 71]
.text C:\WINDOWS\system32\msdtc.exe[3536] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msdtc.exe[3536] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [9D, 71]
.text C:\WINDOWS\system32\msdtc.exe[3536] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00860001
.text C:\Documents and Settings\Owner\My Computer\GMER\gmer.exe[3628] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\My Computer\GMER\gmer.exe[3628] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AE, 71]
.text C:\Documents and Settings\Owner\My Computer\GMER\gmer.exe[3628] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\My Computer\GMER\gmer.exe[3628] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Documents and Settings\Owner\My Computer\GMER\gmer.exe[3628] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\My Computer\GMER\gmer.exe[3628] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A5, 71]
.text C:\Documents and Settings\Owner\My Computer\GMER\gmer.exe[3628] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003B0001
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3900] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3900] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AE, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3900] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3900] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3900] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3900] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A5, 71]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3900] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009D0001
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3900] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3900] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B15 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3900] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD16D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3900] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3900] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3900] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3900] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3900] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3900] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3900] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3900] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3900] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3900] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBC8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3900] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E53B0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Ntfs \Ntfs SymEvent.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys (UM Injection Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Fastfat \Fat SymEvent.SYS (Symantec Event Library/Symantec Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{729CD5EE-CFD4-2598-E99D0DF7791A50E3}\{F8FFDD05-44DF-5042-E601749BEB85FEB7}\{D29FFC2E-79FD-DC28-524A63CA31F9404E}
Reg HKLM\SOFTWARE\Classes\CLSID\{729CD5EE-CFD4-2598-E99D0DF7791A50E3}\{F8FFDD05-44DF-5042-E601749BEB85FEB7}\{D29FFC2E-79FD-DC28-524A63CA31F9404E}@526BA65ZPQS4U365YNAELLJ5XA1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{A8A45CF7-6BE6-B2C1-72491EAB2E9A6B2B}\{B617CAED-A840-2A11-665EBDF0B9E06934}\{20694653-0A9D-BD70-6F24016076B199C3}
Reg HKLM\SOFTWARE\Classes\CLSID\{A8A45CF7-6BE6-B2C1-72491EAB2E9A6B2B}\{B617CAED-A840-2A11-665EBDF0B9E06934}\{20694653-0A9D-BD70-6F24016076B199C3}@SE4K5INHHR1EDZYY15BVZC6TKG1 0x01 0x00 0x01 0x00 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Owner\Local Settings\Temp\~DF8A98.tmp 512 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:07 PM

Posted 20 February 2011 - 01:55 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:07 PM

Posted 23 February 2011 - 08:57 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:07 PM

Posted 26 February 2011 - 01:13 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·