Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help Resolving Anti-Virus Notification


  • This topic is locked This topic is locked
20 replies to this topic

#1 dr.tikitimes

dr.tikitimes

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 22 January 2012 - 03:54 PM

I am trying fo resolve an issue with a friend's PC.
Avast! Free gives the following errors when opening various webpages.
I cannot create this problem on other computers.
Windows 7 32bit
System is current with Windows Updates and Anti-Virus updates.

Avast! Warning:
Malicious URL Blocked
avast! Network Shield has blocked a harmful site.

Object http:/...?msnhomepagehistory.aspx?sid=C6CBB31F7C
Infection: URLMal
Process: C:\Program Files\Internet Explorer\iexplore.exe

Infection Details

URL: http://www.bing.com/sck?cn
Process: file//C:\Users\Tom\AppData\Local\Google...
Infection: al

Here are SUPERAntispyware Paid version and HijackThis Logs:
Your Help Would Be Greatly Appreciated.
Thank-you in advance.






SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/21/2012 at 11:00 AM

Application Version : 5.0.1142

Core Rules Database Version : 8153
Trace Rules Database Version: 5965

Scan type : Complete Scan
Total Scan Time : 00:27:37

Operating System Information
Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 719
Memory threats detected : 0
Registry items scanned : 23842
Registry threats detected : 0
File items scanned : 36094
File threats detected : 4

Adware.Tracking Cookie
.atdmt.com [ C:\USERS\TOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\TOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\TOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\TOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]






Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:25:11 PM, on 1/21/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hp\Digital Imaging\bin\HpqSRmon.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchFilterHost.exe
K:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [iYogi Support Dock] "C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {62415890-4985-0825-2508-23487C2A845F} (IPCamera Class) - http://65.114.219.122:8150/cab/ipcamera.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SDiManage - Unknown owner - C:\Program Files\iYogi\SDiManage\IYogiMonitoringSvc.exe
O23 - Service: Support Dock Service (SupportDockService.exe) - iYogi Technical Services - C:\Program Files\iYogi Support Dock\Services\CommAgent\SupportDockService.exe

--
End of file - 8880 bytes


Note: HijackThis gave this Warning in the scanning process:

"Your Hosts file has invalid linebreaks and HijackThis is unable to fix this. ) items will not be displayed.
Click OK to continue the rest of the scan."

BC AdBot (Login to Remove)

 


#2 dr.tikitimes

dr.tikitimes
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 25 January 2012 - 06:51 PM

Did I do something wrong. I am new to this forum. Not bumping. Please advise.

#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 PM

Posted 28 January 2012 - 07:55 AM

Welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 dr.tikitimes

dr.tikitimes
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 30 January 2012 - 02:45 PM

Thank you for your patience with me. I am new to this and am trying to follow instrusctions.

Here are the requested logs:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-28 13:30:38
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\0000005e WDC_WD50 rev.12.0
Running: dvmnz0ov.exe; Driver: C:\Users\Tom\AppData\Local\Temp\uwldipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E81CFC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8ED05510]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E81F456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E81F4AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E81F5C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E81F3AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8E81F4FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E81F400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E81F572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E81CFE8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8ED055C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E81CDB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E81D00C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E81F9BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E81DAA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E81F486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E81F4D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E81F5EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E81F3D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E81F53E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E81F42E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E81F59C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8ED05658]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E81D96A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E81D030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E81D054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E81CE0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E81CF48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E81CF24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E81CF6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E81D078]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8ED197A2]
Code 8FD28BFC ZwTraceEvent
Code 8FD28BFB NtTraceEvent
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C93369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CCCD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82CD3D80 4 Bytes [C4, CF, 81, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82CD3DA8 4 Bytes [10, 55, D0, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82CD3E5C 8 Bytes [56, F4, 81, 8E, AE, F4, 81, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82CD3E68 4 Bytes JMP 81F5C482
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82CD3E84 4 Bytes [AC, F3, 81, 8E]
.text ...
.text ntkrnlpa.exe!NtTraceEvent 82D1C67A 3 Bytes JMP 8FD28C00
.text ntkrnlpa.exe!NtTraceEvent + 4 82D1C67E 1 Byte [0D]
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E60BE8 5 Bytes JMP 8ED1669C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E791D0 5 Bytes JMP 8ED18174 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E8E317 4 Bytes CALL 8E81E025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort + 2 82E93985 5 Bytes JMP 8FD28D40
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2 82EA7FC9 5 Bytes JMP 8FD28DE0
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82EA80E9 4 Bytes CALL 8E81E03B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!NtRequestPort + 2 82ED64F7 5 Bytes JMP 8FD28CA0
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82F31F30 7 Bytes JMP 8ED197A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFntCacheLookUp + 8B0E 964A01E5 5 Bytes JMP 8E81FF90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateRectRgn + 3819 964B42B2 5 Bytes JMP 8E8200D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetGammaTable + 4C63 964D54EF 5 Bytes JMP 8FD285C0
.text win32k.sys!EngMapFontFileFD + 650 964F6385 5 Bytes JMP 8FD28980
.text win32k.sys!EngMapFontFileFD + 38FE 964F9633 5 Bytes JMP 8FD288E0
.text win32k.sys!EngMapFontFileFD + 39BC 964F96F1 5 Bytes JMP 8FD28A20
.text win32k.sys!EngIsSemaphoreOwnedByCurrentThread + 1EF5 964FDD77 5 Bytes JMP 8E81FFBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2AB5 96507748 5 Bytes JMP 8E81FDE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 903F 9650DCD2 5 Bytes JMP 8FD28520
.text win32k.sys!EngUnmapFontFileFD + AC45 9650F8D8 5 Bytes JMP 8FD28660
.text win32k.sys!EngUnmapFontFileFD + 1EC65 965238F8 5 Bytes JMP 8FD28700
.text win32k.sys!EngBitBlt + 1BDF 9653C4A6 5 Bytes JMP 8FD283E0
.text win32k.sys!EngBitBlt + 2404 9653CCCB 5 Bytes JMP 8FD28480
.text win32k.sys!EngDeleteClip + 480C 96566C60 5 Bytes JMP 8FD28AC0
.text win32k.sys!EngEqualRgn + 414D 96574B97 5 Bytes JMP 8E81FD4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteRgn + 2198 96592B8F 5 Bytes JMP 8E81FD14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 3457 965CC240 5 Bytes JMP 8FD28840
.text win32k.sys!PATHOBJ_vGetBounds + 968D 965D2476 5 Bytes JMP 8FD287A0
.text win32k.sys!EngCTGetCurrentGamma + 3116 965DDBF9 5 Bytes JMP 8FD28B60
? C:\Users\Tom\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
.text kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\svchost.exe[216] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[512] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[512] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[512] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[512] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[512] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 000803FC
.text C:\Windows\system32\Dwm.exe[512] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[512] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[512] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[536] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[536] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[536] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[536] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00150A08
.text C:\Windows\Explorer.EXE[536] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 001503FC
.text C:\Windows\Explorer.EXE[536] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00150804
.text C:\Windows\Explorer.EXE[536] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 001501F8
.text C:\Windows\Explorer.EXE[536] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00150600
.text C:\Windows\system32\csrss.exe[624] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[912] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000703FC
.text C:\Windows\system32\wininit.exe[912] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000701F8
.text C:\Windows\system32\wininit.exe[912] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[912] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\wininit.exe[912] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\wininit.exe[912] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\wininit.exe[912] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\wininit.exe[912] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\csrss.exe[924] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[968] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[968] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[968] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[968] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[968] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[968] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[968] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[968] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00050600
.text C:\Windows\system32\services.exe[1012] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[1012] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[1012] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[1036] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[1036] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[1036] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[1036] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00140A08
.text C:\Windows\system32\lsass.exe[1036] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 001403FC
.text C:\Windows\system32\lsass.exe[1036] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00140804
.text C:\Windows\system32\lsass.exe[1036] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 001401F8
.text C:\Windows\system32\lsass.exe[1036] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00140600
.text C:\Windows\system32\lsm.exe[1044] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000A03FC
.text C:\Windows\system32\lsm.exe[1044] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000A01F8
.text C:\Windows\system32\lsm.exe[1044] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[1212] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 001603FC
.text C:\Windows\system32\nvvsvc.exe[1212] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 001601F8
.text C:\Windows\system32\nvvsvc.exe[1212] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[1212] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\nvvsvc.exe[1212] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\nvvsvc.exe[1212] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\nvvsvc.exe[1212] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\nvvsvc.exe[1212] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1256] user32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00210A08
.text C:\Windows\system32\svchost.exe[1256] user32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 002103FC
.text C:\Windows\system32\svchost.exe[1256] user32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00210804
.text C:\Windows\system32\svchost.exe[1256] user32.dll!SetWinEventHook 762324DC 5 Bytes JMP 002101F8
.text C:\Windows\system32\svchost.exe[1256] user32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00210600
.text C:\Windows\System32\svchost.exe[1308] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1308] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1308] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 002F0A08
.text C:\Windows\System32\svchost.exe[1308] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 002F03FC
.text C:\Windows\System32\svchost.exe[1308] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 002F0804
.text C:\Windows\System32\svchost.exe[1308] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 002F01F8
.text C:\Windows\System32\svchost.exe[1308] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 002F0600
.text C:\Windows\System32\svchost.exe[1380] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1380] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1380] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1380] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 008A0A08
.text C:\Windows\System32\svchost.exe[1380] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 008A03FC
.text C:\Windows\System32\svchost.exe[1380] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 008A0804
.text C:\Windows\System32\svchost.exe[1380] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 008A01F8
.text C:\Windows\System32\svchost.exe[1380] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 008A0600
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00BF0A08
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 00BF03FC
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00BF0804
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 00BF01F8
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00BF0600
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1588] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00890A08
.text C:\Windows\system32\svchost.exe[1588] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 008903FC
.text C:\Windows\system32\svchost.exe[1588] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00890804
.text C:\Windows\system32\svchost.exe[1588] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 008901F8
.text C:\Windows\system32\svchost.exe[1588] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00890600
.text C:\Program Files\Sandboxie\SbieSvc.exe[1644] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000903FC
.text C:\Program Files\Sandboxie\SbieSvc.exe[1644] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000901F8
.text C:\Program Files\Sandboxie\SbieSvc.exe[1644] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\Sandboxie\SbieSvc.exe[1644] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00130A08
.text C:\Program Files\Sandboxie\SbieSvc.exe[1644] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 001303FC
.text C:\Program Files\Sandboxie\SbieSvc.exe[1644] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00130804
.text C:\Program Files\Sandboxie\SbieSvc.exe[1644] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 001301F8
.text C:\Program Files\Sandboxie\SbieSvc.exe[1644] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00130600
.text C:\Windows\system32\nvvsvc.exe[1744] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 001603FC
.text C:\Windows\system32\nvvsvc.exe[1744] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 001601F8
.text C:\Windows\system32\nvvsvc.exe[1744] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[1744] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\nvvsvc.exe[1744] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\nvvsvc.exe[1744] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\nvvsvc.exe[1744] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\nvvsvc.exe[1744] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[1772] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1772] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1772] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1888] kernel32.dll!SetUnhandledExceptionFilter 75DDF4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1888] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\Hp\Digital Imaging\bin\HpqSRmon.exe[2032] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Hp\Digital Imaging\bin\HpqSRmon.exe[2032] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 001601F8
.text C:\Program Files\Hp\Digital Imaging\bin\HpqSRmon.exe[2032] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\Hp\Digital Imaging\bin\HpqSRmon.exe[2032] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00180A08
.text C:\Program Files\Hp\Digital Imaging\bin\HpqSRmon.exe[2032] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 001803FC
.text C:\Program Files\Hp\Digital Imaging\bin\HpqSRmon.exe[2032] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00180804
.text C:\Program Files\Hp\Digital Imaging\bin\HpqSRmon.exe[2032] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 001801F8
.text C:\Program Files\Hp\Digital Imaging\bin\HpqSRmon.exe[2032] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00180600
.text C:\Windows\RtHDVCpl.exe[2052] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 001603FC
.text C:\Windows\RtHDVCpl.exe[2052] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 001601F8
.text C:\Windows\RtHDVCpl.exe[2052] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[2052] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00200A08
.text C:\Windows\RtHDVCpl.exe[2052] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 002003FC
.text C:\Windows\RtHDVCpl.exe[2052] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00200804
.text C:\Windows\RtHDVCpl.exe[2052] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 002001F8
.text C:\Windows\RtHDVCpl.exe[2052] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00200600
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2060] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2060] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2060] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2060] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2060] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 001003FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2060] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00100804
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2060] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 001001F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2060] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00100600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2112] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe[2176] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 001603FC
.text C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe[2176] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 001601F8
.text C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe[2176] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe[2176] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00180A08
.text C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe[2176] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 001803FC
.text C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe[2176] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00180804
.text C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe[2176] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 001801F8
.text C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe[2176] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00180600
.text C:\Program Files\iTunes\iTunesHelper.exe[2188] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2188] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2188] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[2188] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00090A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2188] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 000903FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2188] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00090804
.text C:\Program Files\iTunes\iTunesHelper.exe[2188] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 000901F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2188] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00090600
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2444] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000A03FC
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2444] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000A01F8
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2444] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2444] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00130A08
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2444] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 001303FC
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2444] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00130804
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2444] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 001301F8
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2444] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00130600
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[2516] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 001603FC
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[2516] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 001601F8
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[2516] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[2516] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 002F0A08
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[2516] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 002F03FC
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[2516] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 002F0804
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[2516] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 002F01F8
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[2516] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 002F0600
.text C:\Windows\system32\NOTEPAD.EXE[2552] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2564] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2564] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2564] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2564] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2564] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 000F03FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2564] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 000F0804
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2564] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 000F01F8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2564] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\ctfmon.exe[2640] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2668] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2668] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2668] USER32.dll!UnhookWindowsHookEx 7622ADF9 3 Bytes JMP 00230A08
.text C:\Windows\system32\svchost.exe[2668] USER32.dll!UnhookWindowsHookEx + 4 7622ADFD 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[2668] USER32.dll!UnhookWinEvent 7622B750 3 Bytes JMP 002303FC
.text C:\Windows\system32\svchost.exe[2668] USER32.dll!UnhookWinEvent + 4 7622B754 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[2668] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00230804
.text C:\Windows\system32\svchost.exe[2668] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 002301F8
.text C:\Windows\system32\svchost.exe[2668] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00230600
.text C:\Windows\System32\spoolsv.exe[2748] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[2748] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[2748] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[2748] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00100A08
.text C:\Windows\System32\spoolsv.exe[2748] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 001003FC
.text C:\Windows\System32\spoolsv.exe[2748] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00100804
.text C:\Windows\System32\spoolsv.exe[2748] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 001001F8
.text C:\Windows\System32\spoolsv.exe[2748] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\wbem\wmiprvse.exe[2800] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\wbem\wmiprvse.exe[2800] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\wbem\wmiprvse.exe[2800] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[2800] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 000A0A08
.text C:\Windows\system32\wbem\wmiprvse.exe[2800] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 000A03FC
.text C:\Windows\system32\wbem\wmiprvse.exe[2800] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 000A0804
.text C:\Windows\system32\wbem\wmiprvse.exe[2800] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 000A01F8
.text C:\Windows\system32\wbem\wmiprvse.exe[2800] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 000A0600
.text C:\Program Files\iYogi\SDiManage\Monitor.Event.Agent.exe[2816] KERNEL32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[2840] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[2840] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[2840] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[2840] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 000E0A08
.text C:\Windows\system32\taskhost.exe[2840] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 000E03FC
.text C:\Windows\system32\taskhost.exe[2840] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 000E0804
.text C:\Windows\system32\taskhost.exe[2840] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 000E01F8
.text C:\Windows\system32\taskhost.exe[2840] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 000E0600
.text C:\Windows\system32\svchost.exe[2936] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2936] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2936] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2936] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00180A08
.text C:\Windows\system32\svchost.exe[2936] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 001803FC
.text C:\Windows\system32\svchost.exe[2936] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00180804
.text C:\Windows\system32\svchost.exe[2936] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[2936] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00180600
.text C:\Windows\System32\svchost.exe[3060] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[3060] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[3060] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3060] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00180A08
.text C:\Windows\System32\svchost.exe[3060] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 001803FC
.text C:\Windows\System32\svchost.exe[3060] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00180804
.text C:\Windows\System32\svchost.exe[3060] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 001801F8
.text C:\Windows\System32\svchost.exe[3060] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00180600
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[3108] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[3108] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[3108] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[3108] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[3108] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 000F03FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[3108] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 000F0804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[3108] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 000F01F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[3108] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[3136] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[3136] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[3136] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[3136] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[3136] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 002003FC
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[3136] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00200804
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[3136] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 002001F8
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[3136] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00200600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3156] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3156] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3156] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3156] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3156] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 002003FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3156] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00200804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3156] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 002001F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[3156] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00200600
.text C:\Windows\system32\AERTSrv.exe[3204] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 001603FC
.text C:\Windows\system32\AERTSrv.exe[3204] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 001601F8
.text C:\Windows\system32\AERTSrv.exe[3204] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[3228] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[3228] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[3228] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[3228] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[3228] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 002003FC
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[3228] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00200804
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[3228] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 002001F8
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[3228] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00200600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3248] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3248] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3248] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3248] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3248] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3248] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3248] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3248] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00090600
.text C:\Program Files\Bonjour\mDNSResponder.exe[3304] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[3304] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[3304] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3304] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[3304] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 001003FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[3304] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00100804
.text C:\Program Files\Bonjour\mDNSResponder.exe[3304] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 001001F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[3304] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[3352] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3352] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3352] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3352] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00A60A08
.text C:\Windows\system32\svchost.exe[3352] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 00A603FC
.text C:\Windows\system32\svchost.exe[3352] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00A60804
.text C:\Windows\system32\svchost.exe[3352] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 00A601F8
.text C:\Windows\system32\svchost.exe[3352] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00A60600
.text C:\Windows\system32\svchost.exe[3416] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3416] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3416] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3440] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3440] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3440] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3440] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00190A08
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3440] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 001903FC
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3440] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00190804
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3440] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 001901F8
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3440] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00190600
.text C:\Windows\System32\svchost.exe[3484] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000A03FC
.text C:\Windows\System32\svchost.exe[3484] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000A01F8
.text C:\Windows\System32\svchost.exe[3484] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3516] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[3516] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[3516] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\iYogi\SDiManage\IYogiMonitoringSvc.exe[3592] KERNEL32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3684] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3684] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3684] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\iYogi Support Dock\Services\CommAgent\SupportDockService.exe[3708] KERNEL32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3892] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3892] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3892] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3892] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3892] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3892] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 000F0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3892] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3892] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 000F0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 000F0600
.text C:\Program Files\iPod\bin\iPodService.exe[4332] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Program Files\iPod\bin\iPodService.exe[4332] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Program Files\iPod\bin\iPodService.exe[4332] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[4332] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\iPod\bin\iPodService.exe[4332] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 001003FC
.text C:\Program Files\iPod\bin\iPodService.exe[4332] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00100804
.text C:\Program Files\iPod\bin\iPodService.exe[4332] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 001001F8
.text C:\Program Files\iPod\bin\iPodService.exe[4332] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00100600
.text C:\Windows\System32\svchost.exe[4440] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[4440] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[4440] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[4440] user32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00250A08
.text C:\Windows\System32\svchost.exe[4440] user32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 002503FC
.text C:\Windows\System32\svchost.exe[4440] user32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00250804
.text C:\Windows\System32\svchost.exe[4440] user32.dll!SetWinEventHook 762324DC 5 Bytes JMP 002501F8
.text C:\Windows\System32\svchost.exe[4440] user32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00250600
.text C:\Program Files\iYogi\SDiManage\Monitor.GetSnmpInfo.Agent.exe[4724] KERNEL32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\AUDIODG.EXE[4768] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[4784] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\WUDFHost.exe[4784] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\WUDFHost.exe[4784] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[4784] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\WUDFHost.exe[4784] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\WUDFHost.exe[4784] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\WUDFHost.exe[4784] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\WUDFHost.exe[4784] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\DllHost.exe[5168] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\DllHost.exe[5168] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\DllHost.exe[5168] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\DllHost.exe[5168] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\DllHost.exe[5168] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\DllHost.exe[5168] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\DllHost.exe[5168] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\DllHost.exe[5168] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5276] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5276] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5276] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5276] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00110A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5276] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 001103FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5276] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00110804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5276] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 001101F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5276] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00110600
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5596] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 001703FC
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5596] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 001701F8
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5596] kernel32.dll!SetUnhandledExceptionFilter 75DDF4FB 5 Bytes JMP 5E5750B8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5596] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5596] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00320A08
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5596] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 003203FC
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5596] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00320804
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5596] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 003201F8
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5596] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00320600
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5596] ole32.dll!OleLoadFromStream 76FA6143 5 Bytes JMP 5F03EAC8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Windows\system32\SearchIndexer.exe[5620] ntdll.dll!LdrUnloadDll 7740C86E 5 Bytes JMP 000A03FC
.text C:\Windows\system32\SearchIndexer.exe[5620] ntdll.dll!LdrLoadDll 7741223E 5 Bytes JMP 000A01F8
.text C:\Windows\system32\SearchIndexer.exe[5620] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[5620] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00240A08
.text C:\Windows\system32\SearchIndexer.exe[5620] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 002403FC
.text C:\Windows\system32\SearchIndexer.exe[5620] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00240804
.text C:\Windows\system32\SearchIndexer.exe[5620] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 002401F8
.text C:\Windows\system32\SearchIndexer.exe[5620] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00240600
.text C:\Windows\system32\NOTEPAD.EXE[5676] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]
.text K:\Wright\dvmnz0ov.exe[6176] kernel32.dll!GetBinaryTypeW + 70 75DF69F4 1 Byte [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74162437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74145600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741456BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [741624B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74158514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74154CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7415506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74155144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74156671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7415826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [741587BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7415901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7415E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74154BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5596] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7540FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5596] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7540FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5596] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7540FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7540FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5596] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7540FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5596] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7540FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5596] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7540FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device volmgr.sys (Volume Manager Driver/Microsoft Corporation)
Device USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Files - GMER 1.0.15 ----

File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\r26 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG1 9216 bytes
File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
File C:\## aswSnx private storage\snx_rhive{904efb49-49cd-11e1-8a7a-001aa05c9fb6}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{904efb49-49cd-11e1-8a7a-001aa05c9fb6}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{904efb49-49cd-11e1-8a7a-001aa05c9fb6}.TMContainer00000000000000000002.regtrans-ms 524288 bytes

---- EOF - GMER 1.0.15 ----



OTL logfile created on: 1/28/2012 1:33:00 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tom\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.50 Gb Available Physical Memory | 25.69% Memory free
7.94 Gb Paging File | 6.23 Gb Available in Paging File | 78.47% Paging File free
Paging file location(s): C:\pagefile.sys 6144 12288 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.72 Gb Total Space | 411.88 Gb Free Space | 90.38% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.77 Gb Free Space | 57.66% Space Free | Partition Type: NTFS
Drive J: | 5.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 1.91 Gb Total Space | 1.90 Gb Free Space | 99.48% Space Free | Partition Type: FAT

Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/28 13:31:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Downloads\OTL (1).exe
PRC - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/08 18:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/03 17:04:06 | 000,047,104 | ---- | M] (Induslogic) -- C:\Program Files\iYogi\SDiManage\Monitor.GetSnmpInfo.Agent.exe
PRC - [2011/11/03 17:03:58 | 000,028,400 | ---- | M] () -- C:\Program Files\iYogi\SDiManage\Monitor.Event.Agent.exe
PRC - [2011/11/03 17:03:50 | 000,017,408 | ---- | M] () -- C:\Program Files\iYogi\SDiManage\IYogiMonitoringSvc.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/30 03:37:58 | 001,574,128 | ---- | M] () -- C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe
PRC - [2011/06/13 08:07:10 | 000,073,728 | ---- | M] (iYogi Technical Services) -- C:\Program Files\iYogi Support Dock\Services\CommAgent\SupportDockService.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/12 08:35:54 | 000,405,736 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2011/01/12 08:35:52 | 000,069,864 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010/11/20 06:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/04/21 13:54:49 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2009/11/12 02:49:10 | 000,660,664 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/11/17 16:06:24 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2008/01/17 06:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/28 10:32:33 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/01/28 10:32:33 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/01/16 21:21:19 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/01/16 21:21:19 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/01/05 03:48:44 | 000,411,120 | ---- | M] () -- C:\Users\Tom\AppData\Local\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll
MOD - [2012/01/05 03:48:43 | 003,767,792 | ---- | M] () -- C:\Users\Tom\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
MOD - [2012/01/05 03:47:19 | 000,122,880 | ---- | M] () -- C:\Users\Tom\AppData\Local\Google\Chrome\Application\16.0.912.75\avutil-51.dll
MOD - [2012/01/05 03:47:18 | 000,222,208 | ---- | M] () -- C:\Users\Tom\AppData\Local\Google\Chrome\Application\16.0.912.75\avformat-53.dll
MOD - [2012/01/05 03:47:17 | 001,746,432 | ---- | M] () -- C:\Users\Tom\AppData\Local\Google\Chrome\Application\16.0.912.75\avcodec-53.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/30 03:37:58 | 001,574,128 | ---- | M] () -- C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/03 17:03:50 | 000,017,408 | ---- | M] () [Auto | Running] -- C:\Program Files\iYogi\SDiManage\IYogiMonitoringSvc.exe -- (SDiManage)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/13 08:07:10 | 000,073,728 | ---- | M] (iYogi Technical Services) [Auto | Running] -- C:\Program Files\iYogi Support Dock\Services\CommAgent\SupportDockService.exe -- (SupportDockService.exe)
SRV - [2011/01/12 08:35:52 | 000,069,864 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/04/21 13:54:49 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/04/19 11:11:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/11/12 02:49:10 | 000,660,664 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/08 22:01:54 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/02/11 15:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2011/01/12 08:35:48 | 000,125,672 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/11/20 06:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 06:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 06:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 03:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 03:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/12 11:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/07/10 04:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/04/21 13:54:50 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/04/21 13:54:45 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010/04/21 13:54:42 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/04/21 13:54:32 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/10/07 07:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2009/10/07 02:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/07/13 17:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 16:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 16:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 E1 23 08 66 14 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tom\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tom\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/18 20:01:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/18 20:01:54 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tom\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Tom\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Tom\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: avast! WebRep = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Gmail = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/02/05 14:04:18 | 000,001,992 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 69.10.57.34 google.com
O1 - Hosts: 69.10.57.34 google.com.au
O1 - Hosts: 69.10.57.34 www.google.com.au
O1 - Hosts: 69.10.57.34 google.be
O1 - Hosts: 69.10.57.34 www.google.be
O1 - Hosts: 69.10.57.34 google.com.br
O1 - Hosts: 69.10.57.34 www.google.com.br
O1 - Hosts: 69.10.57.34 google.ca
O1 - Hosts: 69.10.57.34 www.google.ca
O1 - Hosts: 69.10.57.34 google.ch
O1 - Hosts: 69.10.57.34 www.google.ch
O1 - Hosts: 69.10.57.34 google.de
O1 - Hosts: 69.10.57.34 www.google.de
O1 - Hosts: 69.10.57.34 google.dk
O1 - Hosts: 69.10.57.34 www.google.dk
O1 - Hosts: 69.10.57.34 google.fr
O1 - Hosts: 69.10.57.34 www.google.fr
O1 - Hosts: 69.10.57.34 google.ie
O1 - Hosts: 69.10.57.34 www.google.ie
O1 - Hosts: 69.10.57.34 google.it
O1 - Hosts: 69.10.57.34 www.google.it
O1 - Hosts: 69.10.57.34 google.co.jp
O1 - Hosts: 69.10.57.34 www.google.co.jp
O1 - Hosts: 69.10.57.34 google.nl
O1 - Hosts: 69.10.57.34 www.google.nl
O1 - Hosts: 21 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [iYogi Support Dock] C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {62415890-4985-0825-2508-23487C2A845F} http://65.114.219.122:8150/cab/ipcamera.cab (IPCamera Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (HPDDClientExec Class)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 63.147.8.7 63.147.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54100609-3E8D-4F88-95B9-5D28BABF4F9B}: DhcpNameServer = 63.147.8.7 63.147.8.8
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/12/11 14:03:59 | 000,000,277 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2a7d3f1a-4a46-11df-95ec-001aa05c9fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{2a7d3f1a-4a46-11df-95ec-001aa05c9fb6}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- [2006/12/07 12:45:13 | 001,095,224 | R--- | M] ()
O33 - MountPoints2\{2a7d3f2d-4a46-11df-95ec-001aa05c9fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{2a7d3f2d-4a46-11df-95ec-001aa05c9fb6}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- [2006/12/07 12:45:13 | 001,095,224 | R--- | M] ()
O33 - MountPoints2\{7949fce2-444d-11e1-aa89-001aa05c9fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{7949fce2-444d-11e1-aa89-001aa05c9fb6}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- [2006/12/07 12:45:13 | 001,095,224 | R--- | M] ()
O33 - MountPoints2\{81d9df64-ce7d-11e0-8c16-001aa05c9fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{81d9df64-ce7d-11e0-8c16-001aa05c9fb6}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- [2006/12/07 12:45:13 | 001,095,224 | R--- | M] ()
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- [2006/12/07 12:45:13 | 001,095,224 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: Bing Bar - hkey= - key= - File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - File not found
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: MSC - hkey= - key= - File not found
MsConfig - StartUpReg: OpAgent - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/28 13:03:52 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\Wright
[2012/01/24 12:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/01/24 12:55:46 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/01/24 12:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/01/23 09:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/23 09:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/21 15:44:30 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\Doug
[2012/01/16 21:21:09 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\SUPERAntiSpyware.com
[2012/01/16 18:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/16 18:51:15 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/14 11:08:17 | 000,000,000 | ---D | C] -- C:\Users\Tom\.zenmap
[2012/01/11 16:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2012/01/11 16:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Nmap
[2012/01/11 16:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\iYogi
[2012/01/11 16:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\iYogi
[2012/01/11 16:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iYogi Support Dock
[2012/01/11 16:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\iYogi Support Dock
[2012/01/11 16:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/01/11 16:16:59 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/01/11 16:16:59 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/01/11 16:16:55 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/01/11 16:16:54 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/01/11 16:16:53 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/01/11 16:16:52 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/01/11 16:16:40 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/01/11 16:16:39 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/01/11 16:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/11 14:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartPCScan
[2012/01/11 14:16:13 | 006,010,096 | ---- | C] (iYogi) -- C:\Users\Tom\Desktop\PCDiagnostics.exe
[2012/01/06 13:37:19 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\StnCnyn12-30-11_files
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/28 13:14:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/28 13:04:21 | 000,000,000 | ---- | M] () -- C:\Users\Tom\defogger_reenable
[2012/01/28 13:04:05 | 000,626,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/28 13:04:05 | 000,107,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/28 12:57:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3873616759-2705347667-1621335210-1000UA.job
[2012/01/28 11:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task adf4e81a-7887-4abe-aa56-0b13edb7a386.job
[2012/01/28 10:40:58 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/28 10:40:58 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/28 10:32:21 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/28 10:32:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/28 10:31:59 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/01/28 10:31:49 | 1559,093,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/28 08:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 173d68dc-fda7-40c9-a9f0-aea1181dd8d5.job
[2012/01/28 07:57:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3873616759-2705347667-1621335210-1000Core.job
[2012/01/24 12:55:54 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/24 11:56:04 | 000,077,891 | ---- | M] () -- C:\Users\Tom\Documents\Capture1.PNG
[2012/01/24 11:18:04 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2012/01/23 09:21:49 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/16 21:20:27 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/01/16 18:51:17 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/14 16:09:04 | 000,412,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/14 15:21:15 | 000,001,107 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/01/11 16:21:42 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\iYogi Support Dock.lnk
[2012/01/11 16:17:01 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/11 16:16:52 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/11 15:42:48 | 000,000,104 | ---- | M] () -- C:\Windows\2012-01-11_15-42-48.aptctreport
[2012/01/11 15:34:10 | 000,002,302 | ---- | M] () -- C:\Windows\__nsc.bmp
[2012/01/11 15:34:10 | 000,002,175 | ---- | M] () -- C:\Windows\__rr.gif
[2012/01/11 15:34:10 | 000,002,175 | ---- | M] () -- C:\Windows\__jr.gif
[2012/01/11 15:34:10 | 000,002,148 | ---- | M] () -- C:\Windows\__pr.gif
[2012/01/11 15:34:10 | 000,002,049 | ---- | M] () -- C:\Windows\__ir.gif
[2012/01/11 15:34:10 | 000,002,013 | ---- | M] () -- C:\Windows\__br.gif
[2012/01/11 15:34:10 | 000,001,969 | ---- | M] () -- C:\Windows\__sr.gif
[2012/01/11 15:34:10 | 000,001,960 | ---- | M] () -- C:\Windows\__mr.gif
[2012/01/11 15:34:10 | 000,001,845 | ---- | M] () -- C:\Windows\__tr.gif
[2012/01/11 15:34:10 | 000,001,641 | ---- | M] () -- C:\Windows\__ar.gif
[2012/01/11 15:34:10 | 000,001,546 | ---- | M] () -- C:\Windows\__fr.gif
[2012/01/11 08:33:17 | 006,010,096 | ---- | M] (iYogi) -- C:\Users\Tom\Desktop\PCDiagnostics.exe
[2012/01/06 13:37:19 | 000,052,522 | ---- | M] () -- C:\Users\Tom\Documents\StnCnyn12-30-11.htm
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/28 13:04:21 | 000,000,000 | ---- | C] () -- C:\Users\Tom\defogger_reenable
[2012/01/24 12:55:54 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/24 11:56:03 | 000,077,891 | ---- | C] () -- C:\Users\Tom\Documents\Capture1.PNG
[2012/01/24 11:18:04 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012/01/23 09:21:49 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/16 21:21:12 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task adf4e81a-7887-4abe-aa56-0b13edb7a386.job
[2012/01/16 21:21:11 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 173d68dc-fda7-40c9-a9f0-aea1181dd8d5.job
[2012/01/16 21:20:27 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/01/16 18:51:17 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/11 16:21:41 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\iYogi Support Dock.lnk
[2012/01/11 16:17:01 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/11 15:42:48 | 000,000,104 | ---- | C] () -- C:\Windows\2012-01-11_15-42-48.aptctreport
[2012/01/11 15:34:10 | 000,002,302 | ---- | C] () -- C:\Windows\__nsc.bmp
[2012/01/11 15:34:10 | 000,002,175 | ---- | C] () -- C:\Windows\__rr.gif
[2012/01/11 15:34:10 | 000,002,175 | ---- | C] () -- C:\Windows\__jr.gif
[2012/01/11 15:34:10 | 000,002,148 | ---- | C] () -- C:\Windows\__pr.gif
[2012/01/11 15:34:10 | 000,002,049 | ---- | C] () -- C:\Windows\__ir.gif
[2012/01/11 15:34:10 | 000,002,013 | ---- | C] () -- C:\Windows\__br.gif
[2012/01/11 15:34:10 | 000,001,969 | ---- | C] () -- C:\Windows\__sr.gif
[2012/01/11 15:34:10 | 000,001,960 | ---- | C] () -- C:\Windows\__mr.gif
[2012/01/11 15:34:10 | 000,001,845 | ---- | C] () -- C:\Windows\__tr.gif
[2012/01/11 15:34:10 | 000,001,641 | ---- | C] () -- C:\Windows\__ar.gif
[2012/01/11 15:34:10 | 000,001,546 | ---- | C] () -- C:\Windows\__fr.gif
[2012/01/06 13:37:19 | 000,052,522 | ---- | C] () -- C:\Users\Tom\Documents\StnCnyn12-30-11.htm
[2011/06/04 17:14:59 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/06/01 13:55:46 | 000,038,428 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/05/31 09:23:19 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/05/31 09:22:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/20 16:18:56 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/02/19 15:03:12 | 000,001,664 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/02/11 15:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/04/18 19:56:06 | 000,221,427 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/04/18 19:56:06 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2009/10/07 07:24:22 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/10/07 00:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 00:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 000,412,096 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,626,844 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,107,160 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/03/18 13:47:32 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Acronis
[2011/10/05 07:55:27 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Artweaver
[2010/10/18 10:41:21 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Barnes & Noble
[2011/03/18 13:29:24 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Canneverbe Limited
[2010/08/09 13:56:51 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\DriverCure
[2010/06/04 05:48:18 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Foxit Software
[2011/08/24 13:41:16 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Hyoco
[2010/07/04 10:41:45 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Leadertech
[2010/04/21 12:48:13 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Nuance
[2010/04/21 12:52:50 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\ScanSoft
[2010/04/21 12:52:53 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Zeon
[2011/11/12 07:09:42 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/28 08:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 173d68dc-fda7-40c9-a9f0-aea1181dd8d5.job
[2012/01/28 11:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task adf4e81a-7887-4abe-aa56-0b13edb7a386.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 15:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/11/20 06:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2010/04/17 13:31:30 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 15:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/01/28 10:31:49 | 1559,093,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/28 10:31:53 | 2147,483,647 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2009/07/13 19:15:26 | 000,090,624 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\HPZPPWN7.DLL
[2009/07/13 19:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
[2010/11/20 06:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\winprint.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.sys /90 >
[2011/11/23 22:25:27 | 002,342,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32k.sys

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\* >
[2009/07/13 22:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/03/15 08:55:17 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/03/15 08:55:17 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/03/15 08:55:17 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/03/15 08:55:17 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/03/15 08:55:17 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/03/15 08:55:17 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/03/15 08:55:17 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/03/15 08:55:17 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/03/15 08:55:17 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/03/15 08:55:17 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

< End of report >

Again thanks for the support.

#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 PM

Posted 30 January 2012 - 06:06 PM

Hello, dr.tikitimes.

You did everything correct and I do see an infected HOSTS file. That will redirect you if you go to google. Is the homepage set to google? The redirect could be why AVast is blocking the new site. It's easy to fix.



Step 1

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
    O13 - gopher Prefix: missing
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    MsConfig - StartUpReg: Bing Bar - hkey= - key= - File not found
    MsConfig - StartUpReg: Google Update - hkey= - key= - File not found
    MsConfig - StartUpReg: MSC - hkey= - key= - File not found
    MsConfig - StartUpReg: OpAgent - hkey= - key= - File not found
    MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
    :commands
    [RESETHOSTS]
    [EMPTYTEMP]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 2


I see you have SuperANtiSpyware (SAS) and Malwarebytes' ANti-Malware (MBAM). MAke sure you only have ONE of these running in real time protection mode. If both are, they'll conflict. For now, it appears you're set up fine as I only saw SAS running in the process list. Please update SAS's definitions then run a scan and post the resulting log here.

ALso, after a reboot, let me know if you are getting those warnings from Avast.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 dr.tikitimes

dr.tikitimes
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 31 January 2012 - 12:25 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/31/2012 at 11:07 AM

Application Version : 5.0.1142

Core Rules Database Version :
8183
Trace Rules Database Version: 5995

Scan type : Complete Scan
Total Scan Time : 00:25:48

Operating System Information
Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned :
747
Memory threats detected : 0
Registry items scanned :
23071
Registry threats detected : 0
File items scanned :
34789
File threats detected : 0

#7 dr.tikitimes

dr.tikitimes
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 31 January 2012 - 01:08 PM

Still having same warnings from Avast!

Oddly I have Avast!,Chrome,IE9,SAS etc.. on many computers and it only happens on this particular machine.

Attached Files



#8 dr.tikitimes

dr.tikitimes
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 31 January 2012 - 03:17 PM

Sorry, my bad.
I followed your instructions again (explicitly) and now the problem does not occur with Avast! Still have some problems with Windows 7.
But that may be a residual of malware removal/damage. Would you sugget a Windows repair installation?
I am very greatful for your help and patience.

#9 dr.tikitimes

dr.tikitimes
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 31 January 2012 - 03:52 PM

OTL logfile created on: 1/31/2012 1:11:03 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tom\Documents
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 58.18% Memory free
7.94 Gb Paging File | 6.79 Gb Available in Paging File | 85.51% Paging File free
Paging file location(s): C:\pagefile.sys 6144 12288 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.72 Gb Total Space | 413.68 Gb Free Space | 90.77% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.77 Gb Free Space | 57.66% Space Free | Partition Type: NTFS

Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\Users\Tom\My Documents\OTL.exe
PRC - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/08 18:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/03 17:03:58 | 000,028,400 | ---- | M] () -- C:\Program Files\iYogi\SDiManage\Monitor.Event.Agent.exe
PRC - [2011/11/03 17:03:50 | 000,017,408 | ---- | M] () -- C:\Program Files\iYogi\SDiManage\IYogiMonitoringSvc.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/30 03:37:58 | 001,574,128 | ---- | M] () -- C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe
PRC - [2011/06/13 08:07:10 | 000,073,728 | ---- | M] (iYogi Technical Services) -- C:\Program Files\iYogi Support Dock\Services\CommAgent\SupportDockService.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/12 08:35:54 | 000,405,736 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2011/01/12 08:35:52 | 000,069,864 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010/11/20 06:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/04/21 13:54:49 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2009/11/12 02:49:10 | 000,660,664 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/11/17 16:06:24 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2008/01/17 06:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/31 13:06:12 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/01/31 13:06:12 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/01/16 21:21:19 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/01/16 21:21:19 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/30 03:37:58 | 001,574,128 | ---- | M] () -- C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/03 17:03:50 | 000,017,408 | ---- | M] () [Auto | Running] -- C:\Program Files\iYogi\SDiManage\IYogiMonitoringSvc.exe -- (SDiManage)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/13 08:07:10 | 000,073,728 | ---- | M] (iYogi Technical Services) [Auto | Running] -- C:\Program Files\iYogi Support Dock\Services\CommAgent\SupportDockService.exe -- (SupportDockService.exe)
SRV - [2011/01/12 08:35:52 | 000,069,864 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/04/21 13:54:49 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/04/19 11:11:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/11/12 02:49:10 | 000,660,664 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/08 22:01:54 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/02/11 15:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2011/01/12 08:35:48 | 000,125,672 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/11/20 06:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 06:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 06:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 03:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 03:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/12 11:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/07/10 04:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/04/21 13:54:50 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/04/21 13:54:45 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010/04/21 13:54:42 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/04/21 13:54:32 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/10/07 07:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2009/10/07 02:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/07/13 17:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 16:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 16:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3873616759-2705347667-1621335210-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-3873616759-2705347667-1621335210-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3873616759-2705347667-1621335210-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3873616759-2705347667-1621335210-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3873616759-2705347667-1621335210-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3873616759-2705347667-1621335210-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 E1 23 08 66 14 CB 01 [binary data]
IE - HKU\S-1-5-21-3873616759-2705347667-1621335210-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3873616759-2705347667-1621335210-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tom\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tom\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/18 20:01:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/18 20:01:54 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tom\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Tom\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Tom\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: avast! WebRep = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Gmail = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/31 13:03:07 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [iYogi Support Dock] C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-3873616759-2705347667-1621335210-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-3873616759-2705347667-1621335210-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-3873616759-2705347667-1621335210-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {62415890-4985-0825-2508-23487C2A845F} http://65.114.219.122:8150/cab/ipcamera.cab (IPCamera Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (HPDDClientExec Class)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 63.147.8.7 63.147.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54100609-3E8D-4F88-95B9-5D28BABF4F9B}: DhcpNameServer = 63.147.8.7 63.147.8.8
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2a7d3f1a-4a46-11df-95ec-001aa05c9fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{2a7d3f1a-4a46-11df-95ec-001aa05c9fb6}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{2a7d3f2d-4a46-11df-95ec-001aa05c9fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{2a7d3f2d-4a46-11df-95ec-001aa05c9fb6}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{7949fce2-444d-11e1-aa89-001aa05c9fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{7949fce2-444d-11e1-aa89-001aa05c9fb6}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{81d9df64-ce7d-11e0-8c16-001aa05c9fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{81d9df64-ce7d-11e0-8c16-001aa05c9fb6}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/31 13:03:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/31 12:55:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Tom\Documents\OTL.exe
[2012/01/28 13:03:52 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\Wright
[2012/01/24 20:40:05 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/01/24 20:40:03 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/01/24 12:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/01/24 12:55:46 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/01/24 12:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/01/23 09:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/23 09:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/21 15:44:30 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\Doug
[2012/01/16 21:21:09 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\SUPERAntiSpyware.com
[2012/01/16 18:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/16 18:51:15 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/14 11:08:17 | 000,000,000 | ---D | C] -- C:\Users\Tom\.zenmap
[2012/01/11 16:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2012/01/11 16:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Nmap
[2012/01/11 16:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\iYogi
[2012/01/11 16:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\iYogi
[2012/01/11 16:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iYogi Support Dock
[2012/01/11 16:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\iYogi Support Dock
[2012/01/11 16:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/01/11 16:16:59 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/01/11 16:16:59 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/01/11 16:16:55 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/01/11 16:16:54 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/01/11 16:16:53 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/01/11 16:16:52 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/01/11 16:16:40 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/01/11 16:16:39 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/01/11 16:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/11 14:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartPCScan
[2012/01/11 14:16:13 | 006,010,096 | ---- | C] (iYogi) -- C:\Users\Tom\Desktop\PCDiagnostics.exe
[2012/01/11 13:05:08 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/11 13:05:06 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/11 13:05:05 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/01/06 13:37:19 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\StnCnyn12-30-11_files

========== Files - Modified Within 30 Days ==========

[2012/01/31 13:14:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/31 13:13:08 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/31 13:13:08 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/31 13:10:12 | 000,626,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/31 13:10:12 | 000,107,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/31 13:05:50 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/31 13:05:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/01/31 13:05:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/31 13:05:38 | 1559,093,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/31 13:03:07 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/31 12:57:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3873616759-2705347667-1621335210-1000UA.job
[2012/01/31 12:54:00 | 000,584,931 | ---- | M] () -- C:\Users\Tom\Documents\OTL.7z
[2012/01/31 12:21:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Documents\OTL.exe
[2012/01/31 11:09:10 | 000,035,305 | ---- | M] () -- C:\Users\Tom\Documents\Capture1-31-12.PNG
[2012/01/28 13:04:21 | 000,000,000 | ---- | M] () -- C:\Users\Tom\defogger_reenable
[2012/01/28 07:57:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3873616759-2705347667-1621335210-1000Core.job
[2012/01/24 12:55:54 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/24 11:56:04 | 000,077,891 | ---- | M] () -- C:\Users\Tom\Documents\Capture1.PNG
[2012/01/24 11:18:04 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2012/01/23 09:21:49 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/17 12:15:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/01/16 21:20:27 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/01/16 18:51:17 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/14 16:09:04 | 000,412,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/14 15:21:15 | 000,001,107 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/01/11 16:21:42 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\iYogi Support Dock.lnk
[2012/01/11 16:17:01 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/11 16:16:52 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/11 15:42:48 | 000,000,104 | ---- | M] () -- C:\Windows\2012-01-11_15-42-48.aptctreport
[2012/01/11 15:34:10 | 000,002,302 | ---- | M] () -- C:\Windows\__nsc.bmp
[2012/01/11 15:34:10 | 000,002,175 | ---- | M] () -- C:\Windows\__rr.gif
[2012/01/11 15:34:10 | 000,002,175 | ---- | M] () -- C:\Windows\__jr.gif
[2012/01/11 15:34:10 | 000,002,148 | ---- | M] () -- C:\Windows\__pr.gif
[2012/01/11 15:34:10 | 000,002,049 | ---- | M] () -- C:\Windows\__ir.gif
[2012/01/11 15:34:10 | 000,002,013 | ---- | M] () -- C:\Windows\__br.gif
[2012/01/11 15:34:10 | 000,001,969 | ---- | M] () -- C:\Windows\__sr.gif
[2012/01/11 15:34:10 | 000,001,960 | ---- | M] () -- C:\Windows\__mr.gif
[2012/01/11 15:34:10 | 000,001,845 | ---- | M] () -- C:\Windows\__tr.gif
[2012/01/11 15:34:10 | 000,001,641 | ---- | M] () -- C:\Windows\__ar.gif
[2012/01/11 15:34:10 | 000,001,546 | ---- | M] () -- C:\Windows\__fr.gif
[2012/01/11 08:33:17 | 006,010,096 | ---- | M] (iYogi) -- C:\Users\Tom\Desktop\PCDiagnostics.exe
[2012/01/06 13:37:19 | 000,052,522 | ---- | M] () -- C:\Users\Tom\Documents\StnCnyn12-30-11.htm

========== Files Created - No Company Name ==========

[2012/01/31 12:54:00 | 000,584,931 | ---- | C] () -- C:\Users\Tom\Documents\OTL.7z
[2012/01/31 11:09:09 | 000,035,305 | ---- | C] () -- C:\Users\Tom\Documents\Capture1-31-12.PNG
[2012/01/28 13:04:21 | 000,000,000 | ---- | C] () -- C:\Users\Tom\defogger_reenable
[2012/01/24 12:55:54 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/24 11:56:03 | 000,077,891 | ---- | C] () -- C:\Users\Tom\Documents\Capture1.PNG
[2012/01/24 11:18:04 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012/01/23 09:21:49 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/16 21:20:27 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/01/16 18:51:17 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/11 16:21:41 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\iYogi Support Dock.lnk
[2012/01/11 16:17:01 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/11 15:42:48 | 000,000,104 | ---- | C] () -- C:\Windows\2012-01-11_15-42-48.aptctreport
[2012/01/11 15:34:10 | 000,002,302 | ---- | C] () -- C:\Windows\__nsc.bmp
[2012/01/11 15:34:10 | 000,002,175 | ---- | C] () -- C:\Windows\__rr.gif
[2012/01/11 15:34:10 | 000,002,175 | ---- | C] () -- C:\Windows\__jr.gif
[2012/01/11 15:34:10 | 000,002,148 | ---- | C] () -- C:\Windows\__pr.gif
[2012/01/11 15:34:10 | 000,002,049 | ---- | C] () -- C:\Windows\__ir.gif
[2012/01/11 15:34:10 | 000,002,013 | ---- | C] () -- C:\Windows\__br.gif
[2012/01/11 15:34:10 | 000,001,969 | ---- | C] () -- C:\Windows\__sr.gif
[2012/01/11 15:34:10 | 000,001,960 | ---- | C] () -- C:\Windows\__mr.gif
[2012/01/11 15:34:10 | 000,001,845 | ---- | C] () -- C:\Windows\__tr.gif
[2012/01/11 15:34:10 | 000,001,641 | ---- | C] () -- C:\Windows\__ar.gif
[2012/01/11 15:34:10 | 000,001,546 | ---- | C] () -- C:\Windows\__fr.gif
[2012/01/06 13:37:19 | 000,052,522 | ---- | C] () -- C:\Users\Tom\Documents\StnCnyn12-30-11.htm
[2011/06/04 17:14:59 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/06/01 13:55:46 | 000,038,428 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/05/31 09:23:19 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/05/31 09:22:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/20 16:18:56 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/02/19 15:03:12 | 000,001,664 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/02/11 15:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/04/18 19:56:06 | 000,221,427 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/04/18 19:56:06 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2009/10/07 07:24:22 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/10/07 00:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 00:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 000,412,096 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,626,844 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,107,160 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 PM

Posted 01 February 2012 - 06:48 AM

Looking better. As for the repair install...it depends. What are the other issues you're having?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 dr.tikitimes

dr.tikitimes
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 03 February 2012 - 06:02 PM

Well no. I was able to restore links to Accessories/System Tools and a few other missing items. So I am satisfied with the system.
With your blessing I will ask for this topic to be closed.
I compliment your dedication and altruism in helping those of us who are lost a sea.
Thank-you and this forum.

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 PM

Posted 04 February 2012 - 07:50 AM

Hello, dr.tikitimes.

We still have work to do to finish the cleanup.



Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 30 32-bit version. Note that if you have 64-bit windows, the default is to use a 32-bit browser. If you modified your IE to use the 64-bit version, make sure to also download the 64-bit version.
  • Save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    Java 6 UPdate 26
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u29-windows-i586-s.exe to install the newest version. If you downloaded the 64-bit version, make sure to install that as well.




Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :Commands
    [EmptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 3

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 dr.tikitimes

dr.tikitimes
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 07 February 2012 - 12:55 PM

Latest OTL Log File.
Eset Online Scan Log will be on it's way.

OTL logfile created on: 2/4/2012 10:19:49 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tom\Documents\OTL
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 59.42% Memory free
7.94 Gb Paging File | 7.07 Gb Available in Paging File | 89.13% Paging File free
Paging file location(s): C:\pagefile.sys 6144 12288 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.72 Gb Total Space | 412.85 Gb Free Space | 90.59% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.77 Gb Free Space | 57.66% Space Free | Partition Type: NTFS

Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/31 12:21:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\My Documents\OTL\OTL.exe
PRC - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/03 17:04:06 | 000,047,104 | ---- | M] (Induslogic) -- C:\Program Files\iYogi\SDiManage\Monitor.GetSnmpInfo.Agent.exe
PRC - [2011/11/03 17:03:58 | 000,028,400 | ---- | M] () -- C:\Program Files\iYogi\SDiManage\Monitor.Event.Agent.exe
PRC - [2011/11/03 17:03:50 | 000,017,408 | ---- | M] () -- C:\Program Files\iYogi\SDiManage\IYogiMonitoringSvc.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/30 03:37:58 | 001,574,128 | ---- | M] () -- C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe
PRC - [2011/06/13 08:07:10 | 000,073,728 | ---- | M] (iYogi Technical Services) -- C:\Program Files\iYogi Support Dock\Services\CommAgent\SupportDockService.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/12 08:35:54 | 000,405,736 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2011/01/12 08:35:52 | 000,069,864 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010/11/20 06:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/04/21 13:54:49 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2009/11/12 02:49:10 | 000,660,664 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/11/17 16:06:24 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2008/01/17 06:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/30 03:37:58 | 001,574,128 | ---- | M] () -- C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/03 17:03:50 | 000,017,408 | ---- | M] () [Auto | Running] -- C:\Program Files\iYogi\SDiManage\IYogiMonitoringSvc.exe -- (SDiManage)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/13 08:07:10 | 000,073,728 | ---- | M] (iYogi Technical Services) [Auto | Running] -- C:\Program Files\iYogi Support Dock\Services\CommAgent\SupportDockService.exe -- (SupportDockService.exe)
SRV - [2011/01/12 08:35:52 | 000,069,864 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/04/21 13:54:49 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/04/19 11:11:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/11/12 02:49:10 | 000,660,664 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/08 22:01:54 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/02/11 15:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2011/01/12 08:35:48 | 000,125,672 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/11/20 06:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 06:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 06:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 03:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 03:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/12 11:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/07/10 04:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/04/21 13:54:50 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/04/21 13:54:45 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010/04/21 13:54:42 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/04/21 13:54:32 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/10/07 07:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2009/10/07 02:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/07/13 17:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 16:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 16:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3873616759-2705347667-1621335210-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-3873616759-2705347667-1621335210-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3873616759-2705347667-1621335210-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3873616759-2705347667-1621335210-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3873616759-2705347667-1621335210-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3873616759-2705347667-1621335210-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 E1 23 08 66 14 CB 01 [binary data]
IE - HKU\S-1-5-21-3873616759-2705347667-1621335210-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3873616759-2705347667-1621335210-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tom\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tom\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/18 20:01:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/18 20:01:54 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tom\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Tom\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Tom\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: avast! WebRep = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Gmail = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/31 13:03:07 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [iYogi Support Dock] C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-3873616759-2705347667-1621335210-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-3873616759-2705347667-1621335210-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-3873616759-2705347667-1621335210-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {62415890-4985-0825-2508-23487C2A845F} http://65.114.219.122:8150/cab/ipcamera.cab (IPCamera Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (HPDDClientExec Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 63.147.8.7 63.147.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54100609-3E8D-4F88-95B9-5D28BABF4F9B}: DhcpNameServer = 63.147.8.7 63.147.8.8
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2a7d3f1a-4a46-11df-95ec-001aa05c9fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{2a7d3f1a-4a46-11df-95ec-001aa05c9fb6}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{2a7d3f2d-4a46-11df-95ec-001aa05c9fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{2a7d3f2d-4a46-11df-95ec-001aa05c9fb6}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{7949fce2-444d-11e1-aa89-001aa05c9fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{7949fce2-444d-11e1-aa89-001aa05c9fb6}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{81d9df64-ce7d-11e0-8c16-001aa05c9fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{81d9df64-ce7d-11e0-8c16-001aa05c9fb6}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/04 09:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/04 09:46:42 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/02/04 09:46:42 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/02/04 09:46:42 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/01/31 13:57:48 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\OTL
[2012/01/31 13:03:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/24 20:40:05 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/01/24 20:40:03 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/01/24 12:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/01/24 12:55:46 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/01/24 12:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/01/23 09:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/23 09:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/16 21:21:09 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\SUPERAntiSpyware.com
[2012/01/16 18:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/16 18:51:15 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/14 11:08:17 | 000,000,000 | ---D | C] -- C:\Users\Tom\.zenmap
[2012/01/11 16:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2012/01/11 16:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Nmap
[2012/01/11 16:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\iYogi
[2012/01/11 16:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\iYogi
[2012/01/11 16:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iYogi Support Dock
[2012/01/11 16:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\iYogi Support Dock
[2012/01/11 16:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/01/11 16:16:59 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/01/11 16:16:59 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/01/11 16:16:55 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/01/11 16:16:54 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/01/11 16:16:53 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/01/11 16:16:52 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/01/11 16:16:40 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/01/11 16:16:39 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/01/11 16:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/11 14:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartPCScan
[2012/01/11 13:05:08 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/11 13:05:06 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/11 13:05:05 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll

========== Files - Modified Within 30 Days ==========

[2012/02/04 10:20:06 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/04 10:17:43 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/04 10:17:35 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/02/04 10:17:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/04 10:17:28 | 1559,093,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/04 10:16:30 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 10:16:30 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 10:16:05 | 000,626,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/04 10:16:05 | 000,107,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/04 09:57:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3873616759-2705347667-1621335210-1000UA.job
[2012/02/04 09:46:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/02/04 09:46:16 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/02/04 09:46:16 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/02/04 09:46:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/02/04 07:57:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3873616759-2705347667-1621335210-1000Core.job
[2012/01/31 23:28:36 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/31 22:56:40 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/31 13:03:07 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/28 13:04:21 | 000,000,000 | ---- | M] () -- C:\Users\Tom\defogger_reenable
[2012/01/27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/01/24 12:55:54 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/24 11:18:04 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2012/01/23 09:21:49 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/16 21:20:27 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/01/14 16:09:04 | 000,412,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/14 15:21:15 | 000,001,107 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/01/11 16:21:42 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\iYogi Support Dock.lnk
[2012/01/11 16:17:01 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/11 16:16:52 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/11 15:42:48 | 000,000,104 | ---- | M] () -- C:\Windows\2012-01-11_15-42-48.aptctreport
[2012/01/11 15:34:10 | 000,002,302 | ---- | M] () -- C:\Windows\__nsc.bmp
[2012/01/11 15:34:10 | 000,002,175 | ---- | M] () -- C:\Windows\__rr.gif
[2012/01/11 15:34:10 | 000,002,175 | ---- | M] () -- C:\Windows\__jr.gif
[2012/01/11 15:34:10 | 000,002,148 | ---- | M] () -- C:\Windows\__pr.gif
[2012/01/11 15:34:10 | 000,002,049 | ---- | M] () -- C:\Windows\__ir.gif
[2012/01/11 15:34:10 | 000,002,013 | ---- | M] () -- C:\Windows\__br.gif
[2012/01/11 15:34:10 | 000,001,969 | ---- | M] () -- C:\Windows\__sr.gif
[2012/01/11 15:34:10 | 000,001,960 | ---- | M] () -- C:\Windows\__mr.gif
[2012/01/11 15:34:10 | 000,001,845 | ---- | M] () -- C:\Windows\__tr.gif
[2012/01/11 15:34:10 | 000,001,641 | ---- | M] () -- C:\Windows\__ar.gif
[2012/01/11 15:34:10 | 000,001,546 | ---- | M] () -- C:\Windows\__fr.gif

========== Files Created - No Company Name ==========

[2012/01/28 13:04:21 | 000,000,000 | ---- | C] () -- C:\Users\Tom\defogger_reenable
[2012/01/24 12:55:54 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/24 11:18:04 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012/01/23 09:21:49 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/16 21:20:27 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/01/16 18:51:17 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/11 16:21:41 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\iYogi Support Dock.lnk
[2012/01/11 16:17:01 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/11 15:42:48 | 000,000,104 | ---- | C] () -- C:\Windows\2012-01-11_15-42-48.aptctreport
[2012/01/11 15:34:10 | 000,002,302 | ---- | C] () -- C:\Windows\__nsc.bmp
[2012/01/11 15:34:10 | 000,002,175 | ---- | C] () -- C:\Windows\__rr.gif
[2012/01/11 15:34:10 | 000,002,175 | ---- | C] () -- C:\Windows\__jr.gif
[2012/01/11 15:34:10 | 000,002,148 | ---- | C] () -- C:\Windows\__pr.gif
[2012/01/11 15:34:10 | 000,002,049 | ---- | C] () -- C:\Windows\__ir.gif
[2012/01/11 15:34:10 | 000,002,013 | ---- | C] () -- C:\Windows\__br.gif
[2012/01/11 15:34:10 | 000,001,969 | ---- | C] () -- C:\Windows\__sr.gif
[2012/01/11 15:34:10 | 000,001,960 | ---- | C] () -- C:\Windows\__mr.gif
[2012/01/11 15:34:10 | 000,001,845 | ---- | C] () -- C:\Windows\__tr.gif
[2012/01/11 15:34:10 | 000,001,641 | ---- | C] () -- C:\Windows\__ar.gif
[2012/01/11 15:34:10 | 000,001,546 | ---- | C] () -- C:\Windows\__fr.gif
[2011/06/04 17:14:59 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/06/01 13:55:46 | 000,038,428 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/05/31 09:23:19 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/05/31 09:22:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/20 16:18:56 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/02/19 15:03:12 | 000,001,664 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/02/11 15:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/04/18 19:56:06 | 000,221,427 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/04/18 19:56:06 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2009/10/07 07:24:22 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/10/07 00:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 00:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 000,412,096 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,626,844 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,107,160 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

#14 dr.tikitimes

dr.tikitimes
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 07 February 2012 - 03:30 PM

Eset online logfile:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f3b8cfc87699cc4aaf5355e1c0ee20ad
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-04 06:23:46
# local_time=2012-02-04 12:23:46 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 31182120 31182120 0 0
# compatibility_mode=5893 16776573 100 94 0 79919116 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=132954
# found=0
# cleaned=0
# scan_time=5502
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f3b8cfc87699cc4aaf5355e1c0ee20ad
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-06 11:22:56
# local_time=2012-02-06 05:22:56 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 31373089 31373089 0 0
# compatibility_mode=5893 16776573 100 94 0 80110085 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=132004
# found=0
# cleaned=0
# scan_time=5282
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f3b8cfc87699cc4aaf5355e1c0ee20ad
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-07 02:09:15
# local_time=2012-02-06 08:09:15 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 31378865 31378865 0 0
# compatibility_mode=5893 16776573 100 94 0 80115861 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=132012
# found=1
# cleaned=1
# scan_time=9484
C:\Users\Tom\Desktop\Programs\Sandbixie.Pro.rar a variant of Win32/Keygen.DD application (deleted - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f3b8cfc87699cc4aaf5355e1c0ee20ad
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-07 03:48:50
# local_time=2012-02-06 09:48:50 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 31392456 31392456 0 0
# compatibility_mode=5893 16776573 100 94 0 80125852 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=132028
# found=0
# cleaned=0
# scan_time=5469

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 PM

Posted 08 February 2012 - 06:58 AM

How is it running at this point? We're ready to clean up unless you have any other issues. I will warn you about KeyGens...I won't comment about the legality, but they often come from websites that have lots of infected files or are trojan viruses themselves and are a common way to infect machines.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users