Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Content was blocked because it was not signed by a valid security certificate.


  • This topic is locked This topic is locked
17 replies to this topic

#1 MungoStJohn

MungoStJohn

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 24 September 2012 - 07:09 PM

Hi,

I have a Toshiba laptop running XP.

When I click on the Mail icon from aol.com homepage, the log-in screen displays and I get a security certificate error with IE8. "Content was blocked because it was not signed by a valid security certificate."

I get this message when doing the same thing using Chrome:
This webpage is not available
[u]The webpage at https://at.atwola.com/adiframe/3.0/5113.1/221794/0/-1/size=1300x800;noperf=1;alias=93312388;kvpagetype=0;kveditags=0;kvmood=0;kvpatcheditags=0;kvag=0;kvinc=0;kvmar=0;kvch=0;kvseg=0;kvugc=0;kvui=fba8dab406a011e29d8041de23c66351;kvmn=93312388;extmirroring=0;target=_blank;aduho=-240;grp=530777328 might be temporarily down or it may have moved permanently to a new web address.
Error 501 (net::ERR_INSECURE_RESPONSE): Unknown error.

This is the only website that I have this problem.

I have no problem doing this from my desktop on the same LAN.

I am afraid something has hijacked my computer.
Can you help?

Thanks.

Edited by MungoStJohn, 24 September 2012 - 07:09 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 PM

Posted 29 September 2012 - 07:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/469750 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 MungoStJohn

MungoStJohn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 29 September 2012 - 11:35 PM

This is what I had attempted before posting here. I ran three scans and found no infections (Malwarebytes, Kaspersky Rescue Disk 10, and Avast).

I attempted to run DDS twice and both times it froze my computer. The windows were still displayed on the screen but the keyboard and mouse were unresponsive and so was alt-cntl-del. I had to power off the laptop to reboot.

I was able to run GMER. Here is the log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-30 00:14:46
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1032GSX rev.AS021G
Running: golibxez.exe; Driver: C:\DOCUME~1\JD\LOCALS~1\Temp\pwldrpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAA332708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAA4057C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xAA33311C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAA374401]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAA33DF28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAA33DF74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAA33E0F6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAA373DB5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAA33DE96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAA33DFB8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAA33DEDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xAA333310]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAA33E0B0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xAA333A9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAA332756]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAA374AC7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAA374D7D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAA3370E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAA374932]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAA37479D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAA4058AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAA3323BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAA3327A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAA337456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAA334464]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAA33DF52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAA33DF96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAA33E11A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAA374111]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAA33DEBC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAA336C5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAA33E03A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAA33DF06]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAA336E8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAA33E0D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAA405A2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAA374618]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAA334330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAA37446A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xAA333EDA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAA41130E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAA373428]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAA3327F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAA332840]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xAA33391C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAA332448]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAA3325F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAA374BCE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAA33259E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xAA333BFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xAA333D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAA332668]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xAA333632]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xAA333794]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAA33288E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xAA333160]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAA41D966]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 3C2 804E4C1C 12 Bytes [F2, 27, 33, AA, 40, 28, 33, ...]
.text ntoskrnl.exe!ZwYieldExecution + 46A 804E4CC4 12 Bytes [FE, 3B, 33, AA, 5A, 3D, 33, ...]
PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP AA41C320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80576705 4 Bytes CALL AA334AF1 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B7F4 7 Bytes JMP AA41D96A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E0536 5 Bytes JMP AA41A806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP AA338A6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP AA33895E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP AA338918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C57B 5 Bytes JMP AA337FCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240EB 5 Bytes JMP AA3376E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A55 5 Bytes JMP AA338BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8314A0 5 Bytes JMP AA338DE0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839ED7 5 Bytes JMP AA33881E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851765 5 Bytes JMP AA3375AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC8A 5 Bytes JMP AA33808C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2F4 5 Bytes JMP AA337B40 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E37F 5 Bytes JMP AA337E06 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5F0 5 Bytes JMP AA337592 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649BF 5 Bytes JMP AA3389A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 35FB BF8731B9 5 Bytes JMP AA337C00 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4138 BF873CF6 5 Bytes JMP AA337DC0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890DF1 5 Bytes JMP AA3380A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF89439B 5 Bytes JMP AA338B20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF894E73 5 Bytes JMP AA338D3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3862 BF89C226 5 Bytes JMP AA337FB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DF7 BF89D7BB 5 Bytes JMP AA337756 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E8 BF8C1D00 5 Bytes JMP AA337866 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA191 5 Bytes JMP AA33793E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA411 5 Bytes JMP AA337A6A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B33 BF8EBDCC 5 Bytes JMP AA33748C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB47 BF8F4DE0 5 Bytes JMP AA337FE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A2F BF9142F4 5 Bytes JMP AA337682 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2603 BF914EC8 5 Bytes JMP AA337812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F7C BF917841 5 Bytes JMP AA337F20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1947 BF947973 5 Bytes JMP AA338C96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[196] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[196] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[196] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[244] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[244] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[244] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[244] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[244] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[244] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[244] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\spoolsv.exe[332] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[332] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[540] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[540] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[540] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[540] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[540] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[540] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[540] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[540] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[540] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[540] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[540] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[540] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[540] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[540] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[540] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[540] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[540] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[580] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Targus Comfort Mouse\ICO.EXE[644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Targus Comfort Mouse\ICO.EXE[644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Targus Comfort Mouse\ICO.EXE[644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Targus Comfort Mouse\ICO.EXE[644] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Targus Comfort Mouse\ICO.EXE[644] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Targus Comfort Mouse\ICO.EXE[644] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Targus Comfort Mouse\ICO.EXE[644] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Targus Comfort Mouse\ICO.EXE[644] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Targus Comfort Mouse\ICO.EXE[644] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Targus Comfort Mouse\ICO.EXE[644] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Targus Comfort Mouse\ICO.EXE[644] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Targus Comfort Mouse\ICO.EXE[644] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Targus Comfort Mouse\ICO.EXE[644] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Targus Comfort Mouse\ICO.EXE[644] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Targus Comfort Mouse\ICO.EXE[644] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Targus Comfort Mouse\ICO.EXE[644] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Targus Comfort Mouse\ICO.EXE[644] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[652] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[716] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[716] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[716] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[716] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[716] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[716] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[716] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[716] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[716] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[716] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[716] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[716] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[716] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[716] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[716] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[716] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[716] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\ctfmon.exe[732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[732] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[732] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[732] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[732] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[732] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[732] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[732] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[732] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[732] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[732] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[732] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[732] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[732] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[732] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[764] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[764] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[764] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[764] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[764] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[764] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[764] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[764] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\smss.exe[840] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[920] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[944] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1388] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[1500] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[1500] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[1500] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[1500] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[1500] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[1500] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[1500] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[1500] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[1500] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[1500] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[1500] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[1500] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[1500] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[1500] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[1500] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[1500] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[1500] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1508] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1508] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1544] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1544] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1676] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1676] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1676] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1676] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1676] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1676] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[1676] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1804] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1804] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1804] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1804] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1804] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\WINDOWS\system32\DVDRAMSV.exe[1948] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\DVDRAMSV.exe[1948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1948] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\DVDRAMSV.exe[1948] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1948] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\DVDRAMSV.exe[1948] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\DVDRAMSV.exe[1948] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\DVDRAMSV.exe[1948] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\DVDRAMSV.exe[1948] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\DVDRAMSV.exe[1948] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\DVDRAMSV.exe[1948] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\DVDRAMSV.exe[1948] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\DVDRAMSV.exe[1948] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\DVDRAMSV.exe[1948] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\DVDRAMSV.exe[1948] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\DVDRAMSV.exe[1948] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\DVDRAMSV.exe[1948] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2020] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2020] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2020] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2020] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2020] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[2040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[2040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[2040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[2040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[2040] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[2040] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[2040] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[2040] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[2040] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[2040] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[2040] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[2040] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[2040] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[2040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[2040] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[2040] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[2040] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\TODDSrv.exe[2236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\TODDSrv.exe[2236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\TODDSrv.exe[2236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\TODDSrv.exe[2236] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\TODDSrv.exe[2236] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\TODDSrv.exe[2236] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\TODDSrv.exe[2236] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\TODDSrv.exe[2236] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\TODDSrv.exe[2236] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\TODDSrv.exe[2236] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\TODDSrv.exe[2236] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\TODDSrv.exe[2236] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\TODDSrv.exe[2236] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\TODDSrv.exe[2236] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\TODDSrv.exe[2236] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\TODDSrv.exe[2236] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\TODDSrv.exe[2236] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe[2284] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe[2284] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe[2284] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe[2284] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe[2284] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe[2284] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe[2284] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe[2284] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe[2284] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe[2284] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe[2284] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe[2284] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe[2284] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe[2284] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe[2284] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe[2284] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe[2284] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\alg.exe[2420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[2420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2420] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[2420] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2420] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[2420] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[2420] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[2420] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[2420] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[2420] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[2420] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[2420] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[2420] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[2420] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[2420] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[2420] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[2420] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\Documents and Settings\JD\Desktop\golibxez.exe[2776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\JD\Desktop\golibxez.exe[2776] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Targus Comfort Mouse\Pelmiced.exe[2800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\Program Files\Targus Comfort Mouse\Pelmiced.exe[2800] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Targus Comfort Mouse\Pelmiced.exe[2800] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\Program Files\Targus Comfort Mouse\Pelmiced.exe[2800] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Targus Comfort Mouse\Pelmiced.exe[2800] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text C:\Program Files\Targus Comfort Mouse\Pelmiced.exe[2800] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text C:\Program Files\Targus Comfort Mouse\Pelmiced.exe[2800] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text C:\Program Files\Targus Comfort Mouse\Pelmiced.exe[2800] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text C:\Program Files\Targus Comfort Mouse\Pelmiced.exe[2800] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text C:\Program Files\Targus Comfort Mouse\Pelmiced.exe[2800] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F1014
.text C:\Program Files\Targus Comfort Mouse\Pelmiced.exe[2800] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F0804
.text C:\Program Files\Targus Comfort Mouse\Pelmiced.exe[2800] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0A08
.text C:\Program Files\Targus Comfort Mouse\Pelmiced.exe[2800] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F0C0C
.text C:\Program Files\Targus Comfort Mouse\Pelmiced.exe[2800] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0E10
.text C:\Program Files\Targus Comfort Mouse\Pelmiced.exe[2800] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F01F8
.text C:\Program Files\Targus Comfort Mouse\Pelmiced.exe[2800] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F03FC
.text C:\Program Files\Targus Comfort Mouse\Pelmiced.exe[2800] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F0600
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 78, 27, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 7B, 27, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 78, 27, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 79, 27, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90FD92
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 7A, 27, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 79, 27, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 7A, 27, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90FE03
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 78, 27, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90FF31
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 79, 27, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 7A, 27, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 7B, 27, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002901F8
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002903FC
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00661014
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00660804
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00660A08
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00660C0C
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00660E10
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006601F8
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006603FC
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00660600
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00670804
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00670A08
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00670600
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006701F8
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2992] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006703FC
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 14, 88, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 17, 88, 00] {SUB [EDI], DL; MOV [EAX], AL}
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 14, 88, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 15, 88, 00] {TEST AL, 0x15; MOV [EAX], AL}
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B915E2E
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 16, 88, 00] {TEST AL, 0x16; MOV [EAX], AL}
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 15, 88, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 16, 88, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B915E9F
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 14, 88, 00] {TEST AL, 0x14; MOV [EAX], AL}
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B915FCD
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 15, 88, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 16, 88, 00] {SUB [ESI], DL; MOV [EAX], AL}
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 17, 88, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 008A01F8
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 008A03FC
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00B31014
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00B30804
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00B30A08
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00B30C0C
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00B30E10
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00B301F8
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B303FC
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00B30600
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B40804
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00B40A08
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00B40600
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00B401F8
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00B403FC
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3092] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3092] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3092] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3092] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3092] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3092] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3092] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3092] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3092] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3092] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3092] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3092] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3092] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3092] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, E0, C8, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, E3, C8, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, E0, C8, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, E1, C8, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B919EFA
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, E2, C8, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, E1, C8, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, E2, C8, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B919F6B
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, E0, C8, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A099
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, E1, C8, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, E2, C8, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, E3, C8, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00CA01F8
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00CA03FC
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00F31014
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00F30804
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00F30A08
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00F30C0C
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00F30E10
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00F301F8
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00F303FC
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00F30600
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00F40804
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00F40A08
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00F40600
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00F401F8
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00F403FC
.text C:\WINDOWS\Explorer.EXE[3604] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[3604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[3604] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[3604] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[3604] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[3604] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[3604] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[3604] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[3604] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[3604] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[3604] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[3604] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[3604] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[3604] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[3604] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[3604] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[3604] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 5C, E7, 00] {SUB [EDI+0x0], BL}
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 5F, E7, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 5C, E7, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 5D, E7, 00] {TEST AL, 0x5d; OUT 0x0, EAX}
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91BD76
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 5E, E7, 00] {TEST AL, 0x5e; OUT 0x0, EAX}
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 5D, E7, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 5E, E7, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91BDE7
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 5C, E7, 00] {TEST AL, 0x5c; OUT 0x0, EAX}
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91BF15
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 5D, E7, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 5E, E7, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 5F, E7, 00]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00E901F8
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00E903FC
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 01121014
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 01120804
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 01120A08
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 01120C0C
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 01120E10
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 011201F8
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 011203FC
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 01120600
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01130804
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01130A08
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01130600
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 011301F8
.text C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3660] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 011303FC
.text C:\WINDOWS\system32\wscntfy.exe[3956] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3956] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[4052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[4052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[4052] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[4052] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[4052] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[4052] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[4052] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[4052] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[4052] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[4052] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[4052] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[4052] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[4052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[4052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[4052] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[4052] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[4052] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000d3aa5d46f
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000d3aa5d46f@000d3aa4decd 0x25 0x1F 0x27 0x95 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000d3aa5d46f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000d3aa5d46f@000d3aa4decd 0x25 0x1F 0x27 0x95 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{8D9E7148-6F5C-082A-6966-D1C6EB3CDD2D}\Implemented Categories\{B19CAC33-475D-11D2-9714-00C04F79E98B}
Reg HKLM\SOFTWARE\Classes\CLSID\{8D9E7148-6F5C-082A-6966-D1C6EB3CDD2D}\InprocServer32@ C:\WINDOWS\system32\csseqchk.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{8D9E7148-6F5C-082A-6966-D1C6EB3CDD2D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{8D9E7148-6F5C-082A-6966-D1C6EB3CDD2D}\ProgID@ ISCHindi.ISCHindi.1
Reg HKLM\SOFTWARE\Classes\CLSID\{8D9E7148-6F5C-082A-6966-D1C6EB3CDD2D}\VersionIndependentProgID@ ISCHindi.ISCHindi
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DF15095B-2C79-3886-7C82-938D01762F18}\InprocServer32@ C:\Program Files\Common Files\System\ado\msado15.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{DF15095B-2C79-3886-7C82-938D01762F18}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DF15095B-2C79-3886-7C82-938D01762F18}\ProgID@ ADODB.Connection.2.8
Reg HKLM\SOFTWARE\Classes\CLSID\{DF15095B-2C79-3886-7C82-938D01762F18}\VersionIndependentProgID@ ADODB.Connection
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:35 PM

Posted 30 September 2012 - 09:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

I get this message when doing the same thing using Chrome:
This webpage is not available
[u]The webpage at https://at.atwola.com/adiframe/3.0/5113.1/221794/0/-1/size=1300x800;noperf=1;alias=93312388;kvpagetype=0;kveditags=0;kvmood=0;kvpatcheditags=0;kvag=0;kvinc=0;kvmar=0;kvch=0;kvseg=0;kvugc=0;kvui=fba8dab406a011e29d8041de23c66351;kvmn=93312388;extmirroring=0;target=_blank;aduho=-240;grp=530777328 might be temporarily down or it may have moved permanently to a new web address.
Error 501 (net::ERR_INSECURE_RESPONSE): Unknown error.


My version of Chrome is Version 22.0.1229.79 m

The link you posted gives me a blank page. No error message.

If I only go to The webpage at https://at.atwola.com/
The site is listed by it's not displayed corrrectly.

Using IE for both links,

https://at.atwola.com/

and the one you listed above gives me good results.

===

There are issues with Chrome as you will see here.
http://code.google.com/p/chromium/issues/detail?id=87957

I think this issue should be taken with Google Chrome or the owner of the site.

#5 MungoStJohn

MungoStJohn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 30 September 2012 - 10:01 AM

Hi nasdaq and thanks for your response.

The problem is not that website or chrome. The problem is I cannot access my AOL email account from this computer only. I have two other computers on the same LAN and no problem accessing my aol email.

The problem is when I try to access my email from the aol.com home page by clicking on the email icon while using Internet Explorer 8, the log in screen for AOL displays and then I get this message "Content was blocked because it was not signed by a valid security certificate."

If I use Chrome and click the email icon on the AOL.com homepage, I either get a bad certificate message or this:

This webpage is not available
The webpage at https://at.atwola.com/adiframe/3.0/5113.1/221794/0/-1/size=1300x800;noperf=1;alias=93312388;kvpagetype=0;kveditags=0;kvmood=0;kvpatcheditags=0;kvag=0;kvinc=0;kvmar=0;kvch=0;kvseg=0;kvugc=0;kvui=fba8dab406a011e29d8041de23c66351;kvmn=93312388;extmirroring=0;target=_blank;aduho=-240;grp=16374395 might be temporarily down or it may have moved permanently to a new web address.
Error 501 (net::ERR_INSECURE_RESPONSE): Unknown error.


I believe the computer has a problem. It also freezes when I try to run DDS per the instructions above.

Thanks,

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:35 PM

Posted 30 September 2012 - 01:01 PM

Make sure that the Date and Time is correct on your computer.
===


Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===


Please post the logs for my review.

#7 MungoStJohn

MungoStJohn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 30 September 2012 - 01:46 PM

Thanks for your quick response.
The date and time are correct.

Here are the TDSSKILLER Log, the aws log and attached dat file.
I attempted to run Combofix after disabling my AV and the computer froze just like it did with DDS (see previous post). Also tried Combofix in safe mode and it froze again.

14:27:06.0984 0476 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:27:07.0328 0476 ============================================================
14:27:07.0328 0476 Current date / time: 2012/09/30 14:27:07.0328
14:27:07.0328 0476 SystemInfo:
14:27:07.0328 0476
14:27:07.0328 0476 OS Version: 5.1.2600 ServicePack: 3.0
14:27:07.0328 0476 Product type: Workstation
14:27:07.0328 0476 ComputerName: TOSHIBA-LT
14:27:07.0328 0476 UserName: JD
14:27:07.0328 0476 Windows directory: C:\WINDOWS
14:27:07.0328 0476 System windows directory: C:\WINDOWS
14:27:07.0328 0476 Processor architecture: Intel x86
14:27:07.0328 0476 Number of processors: 2
14:27:07.0328 0476 Page size: 0x1000
14:27:07.0328 0476 Boot type: Normal boot
14:27:07.0328 0476 ============================================================
14:27:09.0015 0476 Drive \Device\Harddisk0\DR0 - Size: 0x173E585200 (92.97 Gb), SectorSize: 0x200, Cylinders: 0x2F69, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:27:09.0015 0476 ============================================================
14:27:09.0015 0476 \Device\Harddisk0\DR0:
14:27:09.0015 0476 MBR partitions:
14:27:09.0015 0476 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB9F2BEA
14:27:09.0015 0476 ============================================================
14:27:09.0156 0476 C: <-> \Device\Harddisk0\DR0\Partition1
14:27:09.0218 0476 ============================================================
14:27:09.0218 0476 Initialize success
14:27:09.0218 0476 ============================================================
14:27:18.0187 1496 ============================================================
14:27:18.0187 1496 Scan started
14:27:18.0187 1496 Mode: Manual;
14:27:18.0187 1496 ============================================================
14:27:20.0078 1496 ================ Scan system memory ========================
14:27:20.0078 1496 System memory - ok
14:27:20.0078 1496 ================ Scan services =============================
14:27:20.0859 1496 [ 914A9709FC3BF419AD2F85547F2A4832 ] 61883 C:\WINDOWS\system32\DRIVERS\61883.sys
14:27:20.0859 1496 61883 - ok
14:27:20.0890 1496 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
14:27:20.0890 1496 Aavmker4 - ok
14:27:20.0906 1496 Abiosdsk - ok
14:27:20.0906 1496 abp480n5 - ok
14:27:20.0953 1496 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:27:20.0953 1496 ACPI - ok
14:27:20.0984 1496 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
14:27:20.0984 1496 ACPIEC - ok
14:27:21.0031 1496 [ 761D5BBDB6A5867C9F8EBBB545AF7B34 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
14:27:21.0046 1496 ADIHdAudAddService - ok
14:27:21.0109 1496 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:27:21.0125 1496 AdobeFlashPlayerUpdateSvc - ok
14:27:21.0125 1496 adpu160m - ok
14:27:21.0171 1496 [ 9F59AE2DE835641FBB0C6AFD80D8FA9B ] AEAudioService C:\WINDOWS\system32\drivers\AEAudio.sys
14:27:21.0171 1496 AEAudioService - ok
14:27:21.0234 1496 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:27:21.0234 1496 aec - ok
14:27:21.0281 1496 [ 12DAFD934641DCF61E446313BC261EC2 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
14:27:21.0281 1496 AegisP - ok
14:27:21.0328 1496 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:27:21.0328 1496 AFD - ok
14:27:21.0421 1496 [ B3192376C7A3814B5341EFC2202022F8 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
14:27:21.0453 1496 AgereSoftModem - ok
14:27:21.0468 1496 Aha154x - ok
14:27:21.0468 1496 aic78u2 - ok
14:27:21.0484 1496 aic78xx - ok
14:27:21.0515 1496 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:27:21.0515 1496 Alerter - ok
14:27:21.0531 1496 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
14:27:21.0546 1496 ALG - ok
14:27:21.0546 1496 AliIde - ok
14:27:21.0546 1496 amsint - ok
14:27:21.0593 1496 [ 3ED81E8B4709D13E5A38DB2D8E792B28 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
14:27:21.0593 1496 ApfiltrService - ok
14:27:21.0703 1496 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:27:21.0703 1496 AppMgmt - ok
14:27:21.0859 1496 [ 8E2257584B2C52D44B4CB1949947D885 ] AR9271 C:\WINDOWS\system32\DRIVERS\athuw.sys
14:27:21.0906 1496 AR9271 - ok
14:27:21.0953 1496 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:27:21.0968 1496 Arp1394 - ok
14:27:22.0000 1496 [ 875F9079CABEE679D34B49E466B61701 ] ASAPIW2K C:\WINDOWS\system32\Drivers\ASAPIW2K.sys
14:27:22.0000 1496 ASAPIW2K - ok
14:27:22.0015 1496 asc - ok
14:27:22.0015 1496 asc3350p - ok
14:27:22.0031 1496 asc3550 - ok
14:27:22.0046 1496 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
14:27:22.0046 1496 ASCTRM - ok
14:27:22.0390 1496 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:27:22.0406 1496 aspnet_state - ok
14:27:22.0437 1496 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
14:27:22.0437 1496 aswFsBlk - ok
14:27:22.0468 1496 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
14:27:22.0484 1496 aswMon2 - ok
14:27:22.0500 1496 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
14:27:22.0500 1496 AswRdr - ok
14:27:22.0546 1496 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
14:27:22.0562 1496 aswSnx - ok
14:27:22.0609 1496 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
14:27:22.0625 1496 aswSP - ok
14:27:22.0671 1496 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
14:27:22.0671 1496 aswTdi - ok
14:27:22.0687 1496 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:27:22.0687 1496 AsyncMac - ok
14:27:22.0703 1496 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:27:22.0703 1496 atapi - ok
14:27:22.0703 1496 Atdisk - ok
14:27:22.0734 1496 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:27:22.0734 1496 Atmarpc - ok
14:27:22.0796 1496 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:27:22.0796 1496 AudioSrv - ok
14:27:22.0828 1496 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:27:22.0828 1496 audstub - ok
14:27:22.0937 1496 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:27:22.0937 1496 avast! Antivirus - ok
14:27:22.0984 1496 [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys
14:27:23.0000 1496 Avc - ok
14:27:23.0046 1496 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
14:27:23.0046 1496 BANTExt - ok
14:27:23.0125 1496 [ 774E5935CE233D22C39DDC655EA7D156 ] BCMH43XX C:\WINDOWS\system32\DRIVERS\bcmwlhigh5.sys
14:27:23.0156 1496 BCMH43XX - ok
14:27:23.0187 1496 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:27:23.0187 1496 Beep - ok
14:27:23.0281 1496 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
14:27:23.0296 1496 BITS - ok
14:27:23.0343 1496 [ 215A177ADF7B3644CD183CC625A26BD8 ] BootScreen C:\WINDOWS\System32\drivers\vidstub.sys
14:27:23.0343 1496 BootScreen - ok
14:27:23.0390 1496 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
14:27:23.0390 1496 Browser - ok
14:27:23.0406 1496 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
14:27:23.0406 1496 BthEnum - ok
14:27:23.0453 1496 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
14:27:23.0453 1496 BthPan - ok
14:27:23.0500 1496 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
14:27:23.0515 1496 BTHPORT - ok
14:27:23.0546 1496 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
14:27:23.0562 1496 BthServ - ok
14:27:23.0578 1496 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
14:27:23.0578 1496 BTHUSB - ok
14:27:23.0578 1496 catchme - ok
14:27:23.0656 1496 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:27:23.0671 1496 cbidf2k - ok
14:27:23.0703 1496 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:27:23.0703 1496 CCDECODE - ok
14:27:23.0718 1496 cd20xrnt - ok
14:27:23.0734 1496 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:27:23.0734 1496 Cdaudio - ok
14:27:23.0750 1496 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:27:23.0750 1496 Cdfs - ok
14:27:23.0781 1496 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:27:23.0781 1496 Cdrom - ok
14:27:23.0859 1496 [ 3CB0CC8879956C187E87E18634EE5164 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
14:27:23.0859 1496 CFSvcs - ok
14:27:23.0859 1496 Changer - ok
14:27:23.0890 1496 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:27:23.0890 1496 CiSvc - ok
14:27:23.0921 1496 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:27:23.0937 1496 ClipSrv - ok
14:27:23.0984 1496 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:27:24.0109 1496 clr_optimization_v2.0.50727_32 - ok
14:27:24.0156 1496 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:27:24.0156 1496 CmBatt - ok
14:27:24.0171 1496 CmdIde - ok
14:27:24.0187 1496 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:27:24.0187 1496 Compbatt - ok
14:27:24.0187 1496 COMSysApp - ok
14:27:24.0203 1496 Cpqarray - ok
14:27:24.0234 1496 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:27:24.0234 1496 CryptSvc - ok
14:27:24.0234 1496 dac2w2k - ok
14:27:24.0250 1496 dac960nt - ok
14:27:24.0312 1496 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:27:24.0343 1496 DcomLaunch - ok
14:27:24.0406 1496 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:27:24.0406 1496 Dhcp - ok
14:27:24.0421 1496 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:27:24.0421 1496 Disk - ok
14:27:24.0437 1496 dmadmin - ok
14:27:24.0546 1496 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:27:24.0562 1496 dmboot - ok
14:27:24.0593 1496 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
14:27:24.0593 1496 dmio - ok
14:27:24.0625 1496 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:27:24.0625 1496 dmload - ok
14:27:24.0671 1496 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:27:24.0687 1496 dmserver - ok
14:27:24.0734 1496 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:27:24.0734 1496 DMusic - ok
14:27:24.0781 1496 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:27:24.0781 1496 Dnscache - ok
14:27:24.0859 1496 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:27:24.0859 1496 Dot3svc - ok
14:27:24.0875 1496 dpti2o - ok
14:27:24.0890 1496 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:27:24.0890 1496 drmkaud - ok
14:27:24.0921 1496 [ C9FFBD6B8EDC46CD3D13E3C6DB914FB7 ] DVD-RAM_Service C:\WINDOWS\system32\DVDRAMSV.exe
14:27:24.0937 1496 DVD-RAM_Service - ok
14:27:24.0968 1496 [ 2646883E6DD867CD872D5B51B6036710 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:27:24.0968 1496 E100B - ok
14:27:25.0000 1496 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:27:25.0000 1496 EapHost - ok
14:27:25.0015 1496 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:27:25.0031 1496 ERSvc - ok
14:27:25.0062 1496 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
14:27:25.0078 1496 Eventlog - ok
14:27:25.0109 1496 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
14:27:25.0125 1496 EventSystem - ok
14:27:25.0187 1496 [ 56DED3ADE453272E6A0AD582D945D1A4 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
14:27:25.0203 1496 EvtEng - ok
14:27:25.0234 1496 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:27:25.0234 1496 Fastfat - ok
14:27:25.0296 1496 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:27:25.0312 1496 FastUserSwitchingCompatibility - ok
14:27:25.0328 1496 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
14:27:25.0328 1496 Fdc - ok
14:27:25.0390 1496 [ 33353A0F2F29DAAF862CF1FFDEC9B00E ] FdRedir C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
14:27:25.0390 1496 FdRedir - ok
14:27:25.0406 1496 [ CFDAA412167A87093A00D330E373F5DB ] FileDisk2 C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
14:27:25.0406 1496 FileDisk2 - ok
14:27:25.0437 1496 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:27:25.0437 1496 Fips - ok
14:27:25.0453 1496 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
14:27:25.0453 1496 Flpydisk - ok
14:27:25.0500 1496 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:27:25.0515 1496 FltMgr - ok
14:27:25.0593 1496 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:27:25.0609 1496 FontCache3.0.0.0 - ok
14:27:25.0656 1496 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:27:25.0656 1496 Fs_Rec - ok
14:27:25.0734 1496 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:27:25.0734 1496 Ftdisk - ok
14:27:25.0781 1496 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:27:25.0781 1496 Gpc - ok
14:27:25.0843 1496 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:27:25.0843 1496 HDAudBus - ok
14:27:25.0937 1496 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:27:25.0937 1496 helpsvc - ok
14:27:25.0953 1496 [ 7BD2DE4C85EB4241EED57672B16A7D8D ] HidBth C:\WINDOWS\system32\DRIVERS\hidbth.sys
14:27:25.0968 1496 HidBth - ok
14:27:25.0984 1496 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
14:27:26.0000 1496 HidServ - ok
14:27:26.0015 1496 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:27:26.0015 1496 HidUsb - ok
14:27:26.0062 1496 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:27:26.0078 1496 hkmsvc - ok
14:27:26.0078 1496 hpn - ok
14:27:26.0109 1496 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:27:26.0109 1496 HPZid412 - ok
14:27:26.0125 1496 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:27:26.0125 1496 HPZipr12 - ok
14:27:26.0140 1496 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:27:26.0140 1496 HPZius12 - ok
14:27:26.0203 1496 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:27:26.0218 1496 HTTP - ok
14:27:26.0250 1496 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:27:26.0265 1496 HTTPFilter - ok
14:27:26.0265 1496 i2omgmt - ok
14:27:26.0281 1496 i2omp - ok
14:27:26.0312 1496 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:27:26.0312 1496 i8042prt - ok
14:27:26.0406 1496 [ BC1F1FF8D5800398937966CDB0A97FDC ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:27:26.0437 1496 ialm - ok
14:27:26.0515 1496 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:27:26.0515 1496 IDriverT - ok
14:27:26.0703 1496 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:27:26.0718 1496 idsvc - ok
14:27:26.0750 1496 [ 0B556E950404D90D097C687E65238730 ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
14:27:26.0750 1496 IFXTPM - ok
14:27:26.0859 1496 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] IISADMIN C:\WINDOWS\system32\inetsrv\inetinfo.exe
14:27:26.0859 1496 IISADMIN - ok
14:27:26.0906 1496 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:27:26.0906 1496 Imapi - ok
14:27:26.0953 1496 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:27:26.0968 1496 ImapiService - ok
14:27:26.0968 1496 ini910u - ok
14:27:26.0984 1496 IntelIde - ok
14:27:27.0000 1496 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:27:27.0015 1496 intelppm - ok
14:27:27.0015 1496 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:27:27.0031 1496 Ip6Fw - ok
14:27:27.0062 1496 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:27:27.0062 1496 IpFilterDriver - ok
14:27:27.0078 1496 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:27:27.0078 1496 IpInIp - ok
14:27:27.0140 1496 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:27:27.0140 1496 IpNat - ok
14:27:27.0171 1496 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:27:27.0187 1496 IPSec - ok
14:27:27.0203 1496 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:27:27.0203 1496 IRENUM - ok
14:27:27.0234 1496 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:27:27.0234 1496 isapnp - ok
14:27:27.0250 1496 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
14:27:27.0265 1496 Iviaspi - ok
14:27:27.0390 1496 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
14:27:27.0390 1496 JavaQuickStarterService - ok
14:27:27.0406 1496 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:27:27.0406 1496 Kbdclass - ok
14:27:27.0437 1496 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:27:27.0437 1496 kbdhid - ok
14:27:27.0500 1496 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:27:27.0500 1496 kmixer - ok
14:27:27.0531 1496 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:27:27.0531 1496 KSecDD - ok
14:27:27.0562 1496 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:27:27.0578 1496 lanmanserver - ok
14:27:27.0625 1496 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:27:27.0625 1496 lanmanworkstation - ok
14:27:27.0640 1496 lbrtfdc - ok
14:27:27.0687 1496 [ 4ED28529BE6266BC3C1EB18BE925314A ] LLUSBFLT C:\WINDOWS\system32\drivers\llusbflt.sys
14:27:27.0687 1496 LLUSBFLT - ok
14:27:27.0718 1496 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:27:27.0718 1496 LmHosts - ok
14:27:27.0765 1496 [ 32933B07FC16D9F778BEE12545FA1B1A ] LPDSVC C:\WINDOWS\system32\tcpsvcs.exe
14:27:27.0781 1496 LPDSVC - ok
14:27:27.0781 1496 [ 7EFAC183A25B30FB5D64CC9D484B1EB6 ] meiudf C:\WINDOWS\system32\Drivers\meiudf.sys
14:27:27.0796 1496 meiudf - ok
14:27:27.0812 1496 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:27:27.0812 1496 Messenger - ok
14:27:27.0843 1496 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:27:27.0843 1496 mnmdd - ok
14:27:27.0875 1496 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:27:27.0890 1496 mnmsrvc - ok
14:27:27.0906 1496 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:27:27.0906 1496 Modem - ok
14:27:27.0937 1496 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:27:27.0937 1496 Mouclass - ok
14:27:27.0953 1496 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:27:27.0953 1496 mouhid - ok
14:27:27.0984 1496 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:27:27.0984 1496 MountMgr - ok
14:27:28.0031 1496 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:27:28.0046 1496 MozillaMaintenance - ok
14:27:28.0046 1496 mraid35x - ok
14:27:28.0062 1496 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:27:28.0078 1496 MRxDAV - ok
14:27:28.0125 1496 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:27:28.0125 1496 MRxSmb - ok
14:27:28.0140 1496 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:27:28.0156 1496 MSDTC - ok
14:27:28.0187 1496 [ 1477849772712BAC69C144DCF2C9CE81 ] MSDV C:\WINDOWS\system32\DRIVERS\msdv.sys
14:27:28.0187 1496 MSDV - ok
14:27:28.0203 1496 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:27:28.0203 1496 Msfs - ok
14:27:28.0203 1496 MSIServer - ok
14:27:28.0234 1496 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:27:28.0234 1496 MSKSSRV - ok
14:27:28.0250 1496 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:27:28.0250 1496 MSPCLOCK - ok
14:27:28.0250 1496 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:27:28.0250 1496 MSPQM - ok
14:27:28.0281 1496 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:27:28.0281 1496 mssmbios - ok
14:27:28.0328 1496 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
14:27:28.0328 1496 MSTEE - ok
14:27:28.0359 1496 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:27:28.0359 1496 Mup - ok
14:27:28.0406 1496 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:27:28.0406 1496 NABTSFEC - ok
14:27:28.0500 1496 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:27:28.0515 1496 napagent - ok
14:27:28.0515 1496 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:27:28.0515 1496 NDIS - ok
14:27:28.0546 1496 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:27:28.0546 1496 NdisIP - ok
14:27:28.0578 1496 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:27:28.0578 1496 NdisTapi - ok
14:27:28.0609 1496 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:27:28.0609 1496 Ndisuio - ok
14:27:28.0671 1496 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:27:28.0687 1496 NdisWan - ok
14:27:28.0781 1496 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:27:28.0781 1496 NDProxy - ok
14:27:28.0843 1496 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
14:27:29.0000 1496 Net Driver HPZ12 - ok
14:27:29.0031 1496 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:27:29.0031 1496 NetBIOS - ok
14:27:29.0093 1496 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:27:29.0093 1496 NetBT - ok
14:27:29.0140 1496 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
14:27:29.0140 1496 NetDDE - ok
14:27:29.0156 1496 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:27:29.0156 1496 NetDDEdsdm - ok
14:27:29.0187 1496 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
14:27:29.0187 1496 Netdevio - ok
14:27:29.0218 1496 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:27:29.0218 1496 Netlogon - ok
14:27:29.0265 1496 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
14:27:29.0265 1496 Netman - ok
14:27:29.0343 1496 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:27:29.0343 1496 NetTcpPortSharing - ok
14:27:29.0375 1496 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:27:29.0390 1496 NIC1394 - ok
14:27:29.0421 1496 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
14:27:29.0437 1496 Nla - ok
14:27:29.0484 1496 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\DRIVERS\npf.sys
14:27:29.0500 1496 NPF - ok
14:27:29.0531 1496 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:27:29.0531 1496 Npfs - ok
14:27:29.0562 1496 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:27:29.0578 1496 Ntfs - ok
14:27:29.0578 1496 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:27:29.0593 1496 NtLmSsp - ok
14:27:29.0656 1496 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:27:29.0671 1496 NtmsSvc - ok
14:27:29.0718 1496 [ 20623A75F3C6C1076EBBA64DD8C4BC02 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
14:27:29.0734 1496 NuidFltr - ok
14:27:29.0750 1496 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:27:29.0750 1496 Null - ok
14:27:29.0796 1496 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:27:29.0796 1496 NwlnkFlt - ok
14:27:29.0812 1496 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:27:29.0812 1496 NwlnkFwd - ok
14:27:29.0843 1496 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
14:27:29.0859 1496 NwlnkIpx - ok
14:27:29.0875 1496 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
14:27:29.0890 1496 NwlnkNb - ok
14:27:29.0906 1496 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
14:27:29.0906 1496 NwlnkSpx - ok
14:27:29.0906 1496 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:27:29.0921 1496 ohci1394 - ok
14:27:30.0000 1496 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:27:30.0000 1496 ose - ok
14:27:30.0000 1496 PalmUSBD - ok
14:27:30.0046 1496 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
14:27:30.0046 1496 Parport - ok
14:27:30.0062 1496 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:27:30.0062 1496 PartMgr - ok
14:27:30.0093 1496 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:27:30.0093 1496 ParVdm - ok
14:27:30.0125 1496 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:27:30.0125 1496 PCI - ok
14:27:30.0125 1496 PCIDump - ok
14:27:30.0140 1496 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:27:30.0140 1496 PCIIde - ok
14:27:30.0171 1496 [ 1BEBE7DE8508A02650CDCE45C664C2A2 ] PCLEPCI C:\WINDOWS\system32\drivers\pclepci.sys
14:27:30.0171 1496 PCLEPCI - ok
14:27:30.0171 1496 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:27:30.0187 1496 Pcmcia - ok
14:27:30.0187 1496 PDCOMP - ok
14:27:30.0187 1496 PDFRAME - ok
14:27:30.0203 1496 PDRELI - ok
14:27:30.0203 1496 PDRFRAME - ok
14:27:30.0234 1496 [ 0429F05FECC2AF6312155738D455B6FD ] pelmouse C:\WINDOWS\system32\DRIVERS\pelmouse.sys
14:27:30.0234 1496 pelmouse - ok
14:27:30.0281 1496 [ AD15379B0EF17A31EF4504854F4D7228 ] pelusblf C:\WINDOWS\system32\DRIVERS\pelusblf.sys
14:27:30.0281 1496 pelusblf - ok
14:27:30.0296 1496 perc2 - ok
14:27:30.0296 1496 perc2hib - ok
14:27:30.0515 1496 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\mamba\pev.3XE
14:27:30.0531 1496 PEVSystemStart - ok
14:27:30.0562 1496 [ 444F122E68DB44C0589227781F3C8B3F ] Pfc C:\WINDOWS\system32\drivers\pfc.sys
14:27:30.0562 1496 Pfc - ok
14:27:30.0578 1496 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
14:27:30.0593 1496 PlugPlay - ok
14:27:30.0609 1496 [ DEB5A23F8625D7D84DAFF899478A4893 ] PLUsbbc2 C:\WINDOWS\system32\Drivers\usbbc2.sys
14:27:30.0609 1496 PLUsbbc2 - ok
14:27:30.0640 1496 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
14:27:30.0640 1496 Pml Driver HPZ12 - ok
14:27:30.0671 1496 [ 3B6973D60BDE757C53BB76842D31318E ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
14:27:30.0671 1496 Point32 - ok
14:27:30.0687 1496 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:27:30.0703 1496 PolicyAgent - ok
14:27:30.0734 1496 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:27:30.0734 1496 PptpMiniport - ok
14:27:30.0750 1496 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:27:30.0750 1496 ProtectedStorage - ok
14:27:30.0796 1496 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:27:30.0796 1496 PSched - ok
14:27:30.0828 1496 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:27:30.0828 1496 Ptilink - ok
14:27:30.0859 1496 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:27:30.0859 1496 PxHelp20 - ok
14:27:30.0937 1496 [ F6EA2DCE39F1ACCB2C6C38D61FC79075 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
14:27:30.0937 1496 QBCFMonitorService - ok
14:27:30.0984 1496 [ BAB30D2799754F6EA22F0B9076311793 ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
14:27:31.0000 1496 QBFCService - ok
14:27:31.0000 1496 ql1080 - ok
14:27:31.0000 1496 Ql10wnt - ok
14:27:31.0015 1496 ql12160 - ok
14:27:31.0015 1496 ql1240 - ok
14:27:31.0015 1496 ql1280 - ok
14:27:31.0031 1496 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:27:31.0046 1496 RasAcd - ok
14:27:31.0078 1496 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:27:31.0093 1496 RasAuto - ok
14:27:31.0125 1496 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:27:31.0140 1496 Rasl2tp - ok
14:27:31.0187 1496 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:27:31.0203 1496 RasMan - ok
14:27:31.0234 1496 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:27:31.0234 1496 RasPppoe - ok
14:27:31.0265 1496 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:27:31.0265 1496 Raspti - ok
14:27:31.0296 1496 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:27:31.0296 1496 Rdbss - ok
14:27:31.0312 1496 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:27:31.0312 1496 RDPCDD - ok
14:27:31.0375 1496 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:27:31.0375 1496 rdpdr - ok
14:27:31.0421 1496 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:27:31.0437 1496 RDPWD - ok
14:27:31.0484 1496 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:27:31.0500 1496 RDSessMgr - ok
14:27:31.0531 1496 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:27:31.0531 1496 redbook - ok
14:27:31.0562 1496 [ 1B2857EF12D79A9F9ADBA14B0637CBF8 ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
14:27:31.0562 1496 RegSrvc - ok
14:27:31.0609 1496 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:27:31.0609 1496 RemoteAccess - ok
14:27:31.0640 1496 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:27:31.0640 1496 RemoteRegistry - ok
14:27:31.0687 1496 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
14:27:31.0687 1496 RFCOMM - ok
14:27:31.0734 1496 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
14:27:31.0734 1496 RpcLocator - ok
14:27:31.0781 1496 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
14:27:31.0796 1496 RpcSs - ok
14:27:31.0859 1496 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:27:31.0875 1496 RSVP - ok
14:27:31.0921 1496 [ 6C5155CC0E805C7BE6028BFF7AC14524 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
14:27:31.0921 1496 S24EventMonitor - ok
14:27:31.0953 1496 [ 1CC074E0D48383D4E9BFFC6A26C2A58A ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
14:27:31.0953 1496 s24trans - ok
14:27:31.0968 1496 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
14:27:31.0984 1496 SamSs - ok
14:27:32.0015 1496 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:27:32.0031 1496 SCardSvr - ok
14:27:32.0093 1496 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:27:32.0109 1496 Schedule - ok
14:27:32.0187 1496 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:27:32.0203 1496 sdbus - ok
14:27:32.0265 1496 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:27:32.0265 1496 Secdrv - ok
14:27:32.0312 1496 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:27:32.0328 1496 seclogon - ok
14:27:32.0375 1496 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
14:27:32.0390 1496 SENS - ok
14:27:32.0437 1496 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
14:27:32.0437 1496 Serial - ok
14:27:32.0468 1496 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
14:27:32.0468 1496 sffdisk - ok
14:27:32.0484 1496 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
14:27:32.0484 1496 sffp_sd - ok
14:27:32.0531 1496 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
14:27:32.0531 1496 Sfloppy - ok
14:27:32.0609 1496 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:27:32.0625 1496 SharedAccess - ok
14:27:32.0640 1496 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:27:32.0656 1496 ShellHWDetection - ok
14:27:32.0656 1496 Simbad - ok
14:27:32.0687 1496 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:27:32.0703 1496 SLIP - ok
14:27:32.0734 1496 [ 1F10F9AE28BA69B465247D7B993CDB2B ] smihlp C:\Program Files\Protector Suite QL\smihlp.sys
14:27:32.0734 1496 smihlp - ok
14:27:32.0781 1496 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] SMTPSVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
14:27:32.0781 1496 SMTPSVC - ok
14:27:32.0781 1496 Sparrow - ok
14:27:32.0796 1496 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:27:32.0796 1496 splitter - ok
14:27:32.0843 1496 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:27:32.0843 1496 Spooler - ok
14:27:32.0875 1496 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:27:32.0875 1496 sr - ok
14:27:32.0937 1496 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
14:27:32.0953 1496 srservice - ok
14:27:33.0000 1496 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:27:33.0093 1496 Srv - ok
14:27:33.0281 1496 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:27:33.0312 1496 SSDPSRV - ok
14:27:33.0343 1496 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
14:27:33.0343 1496 StillCam - ok
14:27:33.0421 1496 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:27:33.0453 1496 stisvc - ok
14:27:33.0468 1496 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:27:33.0468 1496 streamip - ok
14:27:33.0484 1496 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:27:33.0484 1496 swenum - ok
14:27:33.0515 1496 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:27:33.0531 1496 swmidi - ok
14:27:33.0531 1496 SwPrv - ok
14:27:33.0578 1496 [ 486A64AABD88E4E174681E89E9736BC9 ] Swupdtmr c:\Toshiba\IVP\swupdate\swupdtmr.exe
14:27:33.0578 1496 Swupdtmr - ok
14:27:33.0593 1496 symc810 - ok
14:27:33.0593 1496 symc8xx - ok
14:27:33.0593 1496 sym_hi - ok
14:27:33.0609 1496 sym_u3 - ok
14:27:33.0671 1496 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:27:33.0687 1496 sysaudio - ok
14:27:33.0703 1496 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:27:33.0718 1496 SysmonLog - ok
14:27:33.0781 1496 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:27:33.0812 1496 TapiSrv - ok
14:27:33.0843 1496 [ 7147B0575BCC93A6AB7D5C90F47C0B9F ] tbiosdrv C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
14:27:33.0843 1496 tbiosdrv - ok
14:27:33.0906 1496 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:27:33.0906 1496 Tcpip - ok
14:27:33.0937 1496 [ FC6FE02F400308606A911640E72326B5 ] TcUsb C:\WINDOWS\system32\Drivers\tcusb.sys
14:27:33.0937 1496 TcUsb - ok
14:27:33.0953 1496 [ CC1D7BC6A3632C55EE6D8877E9B936F3 ] tdcmdpst C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
14:27:33.0968 1496 tdcmdpst - ok
14:27:34.0000 1496 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:27:34.0000 1496 TDPIPE - ok
14:27:34.0015 1496 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:27:34.0015 1496 TDTCP - ok
14:27:34.0046 1496 [ 8B8AFDE16E41D7750B82E3CE7B87444F ] tdudf C:\WINDOWS\system32\DRIVERS\tdudf.sys
14:27:34.0062 1496 tdudf - ok
14:27:34.0078 1496 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:27:34.0093 1496 TermDD - ok
14:27:34.0171 1496 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
14:27:34.0203 1496 TermService - ok
14:27:34.0218 1496 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
14:27:34.0234 1496 Themes - ok
14:27:34.0250 1496 [ 9A932560E9246B0D370FB97789BC0FD4 ] Thpdrv C:\WINDOWS\system32\DRIVERS\thpdrv.sys
14:27:34.0250 1496 Thpdrv - ok
14:27:34.0265 1496 [ 51B3DFBE72CE64FAF326C07CCBB5D632 ] Thpevm C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
14:27:34.0265 1496 Thpevm - ok
14:27:34.0312 1496 [ 737AC9EC5E8107B72152E4F9C0AE1694 ] Thpsrv C:\WINDOWS\system32\ThpSrv.exe
14:27:34.0328 1496 Thpsrv - ok
14:27:34.0359 1496 [ 244CFBFFDEFB77F3DF571A8CD108FC06 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
14:27:34.0375 1496 tifm21 - ok
14:27:34.0421 1496 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
14:27:34.0437 1496 TlntSvr - ok
14:27:34.0468 1496 [ 622BEA0C44BAECCF07F6E05B97939610 ] TODDSrv C:\WINDOWS\system32\TODDSrv.exe
14:27:34.0484 1496 TODDSrv - ok
14:27:34.0484 1496 TosIde - ok
14:27:34.0515 1496 [ CC069342EE0EAE55B32A0AE99CF6185C ] tosrfec C:\WINDOWS\system32\DRIVERS\tosrfec.sys
14:27:34.0531 1496 tosrfec - ok
14:27:34.0562 1496 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:27:34.0578 1496 TrkWks - ok
14:27:34.0593 1496 [ CCF4F8F8240F7057BF864EF73E91DCBB ] TVALZ C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
14:27:34.0593 1496 TVALZ - ok
14:27:34.0609 1496 [ 141BFD78F67028C49E9A150868F2C8A8 ] Tvs C:\WINDOWS\system32\DRIVERS\Tvs.sys
14:27:34.0625 1496 Tvs - ok
14:27:34.0625 1496 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:27:34.0625 1496 Udfs - ok
14:27:34.0640 1496 ultra - ok
14:27:34.0718 1496 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:27:34.0734 1496 Update - ok
14:27:34.0781 1496 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:27:34.0812 1496 upnphost - ok
14:27:34.0828 1496 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
14:27:34.0843 1496 UPS - ok
14:27:34.0890 1496 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
14:27:34.0906 1496 usbaudio - ok
14:27:34.0921 1496 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:27:34.0921 1496 usbccgp - ok
14:27:34.0953 1496 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:27:34.0953 1496 usbehci - ok
14:27:34.0984 1496 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:27:34.0984 1496 usbhub - ok
14:27:35.0015 1496 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:27:35.0015 1496 usbprint - ok
14:27:35.0046 1496 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:27:35.0046 1496 usbscan - ok
14:27:35.0078 1496 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:27:35.0093 1496 USBSTOR - ok
14:27:35.0109 1496 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:27:35.0125 1496 usbuhci - ok
14:27:35.0156 1496 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
14:27:35.0156 1496 usb_rndisx - ok
14:27:35.0203 1496 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:27:35.0203 1496 VgaSave - ok
14:27:35.0203 1496 ViaIde - ok
14:27:35.0234 1496 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:27:35.0234 1496 VolSnap - ok
14:27:35.0328 1496 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
14:27:35.0343 1496 VSS - ok
14:27:35.0406 1496 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
14:27:35.0421 1496 W32Time - ok
14:27:35.0500 1496 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
14:27:35.0531 1496 w39n51 - ok
14:27:35.0546 1496 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] W3SVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
14:27:35.0546 1496 W3SVC - ok
14:27:35.0609 1496 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:27:35.0609 1496 Wanarp - ok
14:27:35.0687 1496 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
14:27:35.0687 1496 wanatw - ok
14:27:35.0750 1496 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
14:27:35.0765 1496 Wdf01000 - ok
14:27:35.0781 1496 WDICA - ok
14:27:35.0828 1496 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:27:35.0828 1496 wdmaud - ok
14:27:35.0859 1496 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:27:35.0890 1496 WebClient - ok
14:27:36.0078 1496 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:27:36.0078 1496 winmgmt - ok
14:27:36.0125 1496 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
14:27:36.0140 1496 WmdmPmSN - ok
14:27:36.0218 1496 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
14:27:36.0234 1496 Wmi - ok
14:27:36.0281 1496 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:27:36.0281 1496 WmiApSrv - ok
14:27:36.0390 1496 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
14:27:36.0406 1496 WMPNetworkSvc - ok
14:27:36.0453 1496 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:27:36.0453 1496 WS2IFSL - ok
14:27:36.0484 1496 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:27:36.0500 1496 wscsvc - ok
14:27:36.0515 1496 WSearch - ok
14:27:36.0531 1496 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:27:36.0546 1496 WSTCODEC - ok
14:27:36.0671 1496 [ A2C4DC335656FB7A5A3AC076282534CB ] WSWNDA3100 C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
14:27:36.0671 1496 WSWNDA3100 - ok
14:27:36.0718 1496 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:27:36.0734 1496 wuauserv - ok
14:27:36.0781 1496 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:27:36.0781 1496 WudfPf - ok
14:27:36.0812 1496 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:27:36.0828 1496 WudfRd - ok
14:27:36.0859 1496 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
14:27:36.0890 1496 WudfSvc - ok
14:27:36.0984 1496 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:27:37.0031 1496 WZCSVC - ok
14:27:37.0062 1496 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:27:37.0093 1496 xmlprov - ok
14:27:37.0125 1496 ================ Scan global ===============================
14:27:37.0171 1496 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:27:37.0234 1496 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:27:37.0265 1496 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:27:37.0312 1496 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:27:37.0328 1496 [Global] - ok
14:27:37.0328 1496 ================ Scan MBR ==================================
14:27:37.0343 1496 [ 09CE7397AF23D4C0B331B89D0297CC7E ] \Device\Harddisk0\DR0
14:27:37.0531 1496 \Device\Harddisk0\DR0 - ok
14:27:37.0531 1496 ================ Scan VBR ==================================
14:27:37.0531 1496 [ C8E13C1BE9177A87F9EF5EB19DD369BC ] \Device\Harddisk0\DR0\Partition1
14:27:37.0546 1496 \Device\Harddisk0\DR0\Partition1 - ok
14:27:37.0546 1496 ============================================================
14:27:37.0546 1496 Scan finished
14:27:37.0546 1496 ============================================================
14:27:37.0546 0644 Detected object count: 0
14:27:37.0546 0644 Actual detected object count: 0
14:32:17.0500 1508 Deinitialize success



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-30 13:20:48

-----------------------------
13:20:48.328 OS Version: Windows 5.1.2600 Service Pack 3
13:20:48.328 Number of processors: 2 586 0xE08
13:20:48.328 ComputerName: TOSHIBA-LT UserName: JD
13:20:49.656 Initialize success
13:20:49.796 AVAST engine defs: 12093000
13:21:01.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:21:01.265 Disk 0 Vendor: TOSHIBA_MK1032GSX AS021G Size: 95205MB BusType: 3
13:21:01.281 Disk 0 MBR read successfully
13:21:01.281 Disk 0 MBR scan
13:21:01.281 Disk 0 Windows XP default MBR code
13:21:01.281 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95205 MB offset 63
13:21:01.281 Disk 0 scanning sectors +194980905
13:21:01.375 Disk 0 scanning C:\WINDOWS\system32\drivers
13:21:20.609 Service scanning
13:21:40.171 Modules scanning
13:21:47.453 Disk 0 trace - called modules:
13:21:47.453 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:21:47.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f4aab8]
13:21:47.968 3 CLASSPNP.SYS[f7777fd7] -> nt!IofCallDriver -> \Device\0000008c[0x86f6cf18]
13:21:47.968 5 ACPI.sys[f76ce620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f3dab8]
13:21:48.484 AVAST engine scan C:\WINDOWS
13:21:57.078 AVAST engine scan C:\WINDOWS\system32
13:25:52.390 AVAST engine scan C:\WINDOWS\system32\drivers
13:26:11.421 AVAST engine scan C:\Documents and Settings\JD
13:27:33.968 AVAST engine scan C:\Documents and Settings\All Users
13:29:14.640 Scan finished successfully
13:33:44.125 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\JD\Desktop\MBR.dat"
13:33:44.328 The log file has been saved successfully to "C:\Documents and Settings\JD\Desktop\aswMBR.txt"

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:35 PM

Posted 01 October 2012 - 07:12 AM

Try this.

Please download CCleaner (freeware) from [URL=http://www.piriform.com/ccleaner/features here[/URL].
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner.

The following should be selected by default, if not, please select:
Posted Image

Then please click Posted Image and choose Posted Image

Please uncheck Posted Image

Then go back to Posted Image and click Posted Image to run it.

If presented with an option to install 3rd party software, deny it.
===

How is AOL now?

#9 MungoStJohn

MungoStJohn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 01 October 2012 - 09:09 AM

I ran Ccleaner as instructed with the advanced option.

The problem still exists.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:35 PM

Posted 01 October 2012 - 12:38 PM

Go Posted Image > run box and type cmd and hit OK
type
ipconfig /flushdns <-- (The space between g and / is needed) press the Enter key.

repeat with
ipconfig /renew

Then type Exit, hit the Enter key
*/*

If that fails and you installed a Plug-in or Extension in the last few days disable it.
===
Disable JavaScript.
http://osxdaily.com/2012/02/08/enable-or-disable-javascript-web-browsers/

If all this fails to restore your AOL

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

#11 MungoStJohn

MungoStJohn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 01 October 2012 - 01:48 PM

Hi,

I did the ipconfig /dnsflush and the problem still exists when trying to go to aol webmail page. "Content was blocked because it was not signed by a valid security certificate."

I disabled javascript in IE8 and Chrome. When I try to go to aol webmail with either browser, it displays "Whoops... Sign-in to this site requires JavaScript. You are either using a browser that does not support JavaScript or has JavaScript disabled. For more information, please visit our Help article."

I downloaded Combofix, disabled my AV and started it. It starts and when it gets to the screen where it says it is scanning, the computer freezes and the only way to get the computer working again is to do a hard power off. This is the same thing it did before when trying to run Combofix and DDS. This is what concerns me along with the certificate issue. Something is making these two programs freeze the computer.

Problem still exists.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:35 PM

Posted 02 October 2012 - 07:34 AM

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#13 MungoStJohn

MungoStJohn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 02 October 2012 - 03:42 PM

Here are the two logs from OTL

OTL logfile created on: 10/2/2012 4:25:27 PM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\JD\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.11 Mb Total Physical Memory | 634.37 Mb Available Physical Memory | 62.49% Memory free
2.39 Gb Paging File | 2.15 Gb Available in Paging File | 90.09% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.97 Gb Total Space | 61.80 Gb Free Space | 66.47% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-LT | User Name: JD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\JD\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe ()
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Targus Comfort Mouse\PELMICED.EXE (TPMX Electronics Ltd.)
PRC - C:\Program Files\Targus Comfort Mouse\ICO.EXE (Primax Electronics Ltd.)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsubleepa Electric Industrial Co., Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12100200\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\12100100\algo.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Program Files\NETGEAR\WNDA3100v2\WifiLib.dll ()
MOD - C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe ()
MOD - C:\Program Files\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\WINDOWS\system32\BiImg.dll ()
MOD - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()
SRV - (WSWNDA3100) -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (Thpsrv) -- C:\WINDOWS\system32\ThpSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsubleepa Electric Industrial Co., Ltd.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PalmUSBD) -- system32\drivers\PalmUSBD.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (BCMH43XX) -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys (Broadcom Corporation)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (AR9271) -- C:\WINDOWS\system32\drivers\athuw.sys (Atheros Communications, Inc.)
DRV - (pelusblf) -- C:\WINDOWS\system32\drivers\pelusblf.sys (TPMX Electronics Ltd.)
DRV - (pelmouse) -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS (TPMX Electronics Ltd.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (BANTExt) -- C:\WINDOWS\system32\drivers\BANTExt.sys ()
DRV - (BootScreen) -- C:\WINDOWS\system32\drivers\vidstub.sys ()
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (tdudf) -- C:\WINDOWS\system32\drivers\tdudf.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\WINDOWS\system32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (FdRedir) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys (UPEK Inc.)
DRV - (FileDisk2) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys (UPEK Inc.)
DRV - (smihlp) -- C:\Program Files\Protector Suite QL\smihlp.sys (UPEK Inc.)
DRV - (TVALZ) -- C:\WINDOWS\system32\drivers\TVALZ.SYS (TOSHIBA Corporation)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tbiosdrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()
DRV - (PLUsbbc2) -- C:\WINDOWS\system32\drivers\usbbc2.sys (Prolific Technology Inc.)
DRV - (LLUSBFLT) -- C:\WINDOWS\system32\drivers\llusbflt.sys (Laplink Software, Inc.)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsubleepa Electric Industrial Co.,Ltd.)
DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH)
DRV - (Thpdrv) -- C:\WINDOWS\system32\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV - (Thpevm) -- C:\WINDOWS\system32\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{758D1E8B-9E78-4F31-86F9-4EA33706E521}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "aol.com"
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\JD\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\JD\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/24 21:42:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/30 13:48:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/14 19:32:44 | 000,000,000 | ---D | M]

[2012/09/30 13:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JD\Application Data\Mozilla\Extensions
[2012/09/30 13:48:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/24 21:42:02 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/05 21:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/01/28 18:31:56 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/01/19 19:14:22 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2006/11/25 14:38:13 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2006/11/28 11:45:34 | 000,648,736 | ---- | M] (Medical Informatics Engineering, Inc.) -- C:\Program Files\mozilla firefox\plugins\npzzatif.dll
[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 21:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://aol.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://aol.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\JD\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Gmail = C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/12/13 01:03:52 | 000,000,764 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.1.112 HP0016353FEB94
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Program Files\Targus Comfort Mouse\ICO.EXE (Primax Electronics Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Send to OneNote - {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - Reg Error: Unable to open value key File not found
O9 - Extra Button: Add to Library - {ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC} - C:\PROGRAM FILES\AMICUS50\Research\GetTags.htm File not found
O9 - Extra 'Tools' menuitem : Send to OneNote Settings - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - Reg Error: Unable to open value key File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1348430292437 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E25E6396-5565-4DA7-9D19-12417D8B7C1C}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (psqlpwd.dll) - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\OrganicMetal_Wide_1440_900.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\OrganicMetal_Wide_1440_900.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/28 08:51:24 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/10/02 16:21:14 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JD\Desktop\OTL.exe
[2012/10/01 14:28:03 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/10/01 14:04:48 | 004,759,381 | R--- | C] (Swearware) -- C:\Documents and Settings\JD\Desktop\ComboFix.exe
[2012/10/01 10:01:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\JD\Recent
[2012/09/30 13:48:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Local Settings\Application Data\Mozilla
[2012/09/30 13:48:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\Mozilla
[2012/09/30 13:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/30 13:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/09/30 13:20:31 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\JD\Desktop\aswMBR.exe
[2012/09/30 13:06:39 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\JD\Desktop\rkill.com
[2012/09/30 12:15:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Start Menu\Programs\Google Chrome
[2012/09/30 12:10:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/09/30 12:09:36 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/09/30 12:09:36 | 000,473,072 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/09/30 12:09:36 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/09/30 12:09:36 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/09/30 12:09:36 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/09/30 12:09:36 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/09/30 12:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/09/30 12:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\Sun
[2012/09/29 22:27:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\JD\Desktop\dentist.com
[2012/09/28 11:16:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/09/28 11:16:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/09/28 11:16:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/09/28 11:16:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/09/28 07:40:15 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/09/24 21:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/09/24 21:42:26 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/09/24 21:42:26 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/09/24 21:42:23 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/09/24 21:42:23 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/09/24 21:42:22 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/09/24 21:42:20 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/09/24 21:42:20 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/09/24 21:42:19 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/09/24 21:41:52 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/09/24 21:41:51 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/09/24 21:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/24 21:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/09/24 18:37:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\My Documents\Downloads
[2012/09/23 20:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Local Settings\Application Data\Deployment
[2012/09/23 20:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/09/23 20:35:05 | 003,927,560 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\JD\Desktop\ccsetup322.exe
[2012/09/23 18:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\Malwarebytes
[2012/09/23 17:29:09 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2012/09/23 16:27:08 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2012/09/23 16:27:08 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2012/09/23 16:27:07 | 002,000,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2012/09/23 16:27:07 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/09/23 16:27:06 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/09/23 16:26:35 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/09/23 16:20:46 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2012/09/23 16:20:42 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012/09/23 16:20:14 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2012/09/23 16:14:47 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2012/09/23 16:14:33 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2012/09/23 16:14:28 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2012/09/23 16:14:13 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2012/09/23 16:14:13 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2012/09/23 16:13:57 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2012/09/23 16:12:57 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2012/09/23 16:10:36 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2012/09/23 16:10:36 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2012/09/23 16:07:16 | 002,148,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012/09/23 16:07:16 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2012/09/23 16:07:15 | 002,192,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012/09/23 16:07:14 | 002,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012/09/23 16:06:34 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2012/09/23 16:05:45 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2012/09/23 16:05:41 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2012/09/23 15:59:04 | 000,015,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/09/23 14:41:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JD\My Documents\My Videos
[2012/09/23 14:41:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JD\Start Menu\Programs\Administrative Tools
[2012/09/23 14:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\ElevatedDiagnostics
[2012/09/23 14:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/09/23 14:34:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/09/23 14:30:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\JD\IECompatCache
[2012/09/23 14:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\Macromedia
[2012/09/23 14:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\Adobe
[2012/09/23 14:30:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\JD\PrivacIE
[2012/09/23 14:30:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\JD\IETldCache
[2012/09/23 14:26:24 | 000,000,000 | --SD | C] -- C:\Documents and Settings\JD\Application Data\Microsoft
[2012/09/23 14:26:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\JD\SendTo
[2012/09/23 14:26:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\JD\Application Data
[2012/09/23 14:26:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JD\Start Menu\Programs\Startup
[2012/09/23 14:26:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JD\Start Menu
[2012/09/23 14:26:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JD\My Documents\My Pictures
[2012/09/23 14:26:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JD\My Documents\My Music
[2012/09/23 14:26:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JD\My Documents
[2012/09/23 14:26:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JD\Favorites
[2012/09/23 14:26:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JD\Start Menu\Programs\Accessories
[2012/09/23 14:26:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\JD\Cookies
[2012/09/23 14:26:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\JD\Templates
[2012/09/23 14:26:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\JD\PrintHood
[2012/09/23 14:26:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\JD\NetHood
[2012/09/23 14:26:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\JD\Local Settings
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\You've Got Pictures Screensaver
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Local Settings\Application Data\Yahoo
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Local Settings\Application Data\Wildtangent
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\toshiba
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\Spearit
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Local Settings\Application Data\Microsoft
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\InterVideo
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\Intel
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\Identities
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Local Settings\Application Data\Google
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Desktop
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Local Settings\Application Data\ApplicationHistory
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\AOL
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Start Menu\Programs\America Online
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2012/09/21 23:40:51 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012/09/14 20:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/08 12:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Targus Comfort Mouse
[2012/09/08 12:37:00 | 000,020,480 | ---- | C] (TPMX Electronics Ltd.) -- C:\WINDOWS\System32\drivers\pelusblf.sys
[2012/09/08 12:37:00 | 000,020,480 | ---- | C] (TPMX Electronics Ltd.) -- C:\WINDOWS\PELUSBlf.SYS
[2012/09/08 12:37:00 | 000,018,944 | ---- | C] (TPMX Electronics Ltd.) -- C:\WINDOWS\System32\drivers\PELMOUSE.SYS
[2012/09/08 12:37:00 | 000,018,944 | ---- | C] (TPMX Electronics Ltd.) -- C:\WINDOWS\PELMOUSE.SYS
[2012/09/08 12:37:00 | 000,010,240 | ---- | C] (TPMX Electronics Ltd.) -- C:\WINDOWS\System32\drivers\PELUSBBT.SYS
[2012/09/08 12:37:00 | 000,010,240 | ---- | C] (TPMX Electronics Ltd.) -- C:\WINDOWS\PELUSBBT.SYS
[2012/09/08 12:37:00 | 000,000,000 | ---D | C] -- C:\Program Files\Targus Comfort Mouse
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/02 16:31:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{18721658-174C-49FB-B127-360C2D6263A7}.job
[2012/10/02 16:27:00 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9EC1DFB0-DD47-4C65-93A3-CCF2D0A5C3BB}.job
[2012/10/02 16:24:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229631038-3120262822-4246582294-1016UA.job
[2012/10/02 16:22:22 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{12375CDC-7389-4819-8278-97B8DAA41449}.job
[2012/10/02 16:21:14 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JD\Desktop\OTL.exe
[2012/10/01 15:15:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/01 14:59:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229631038-3120262822-4246582294-1005UA.job
[2012/10/01 14:38:00 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/10/01 14:37:55 | 000,001,180 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/01 14:37:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/01 14:04:54 | 004,759,381 | R--- | M] (Swearware) -- C:\Documents and Settings\JD\Desktop\ComboFix.exe
[2012/10/01 13:59:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229631038-3120262822-4246582294-1005Core.job
[2012/09/30 14:34:25 | 000,000,496 | ---- | M] () -- C:\Documents and Settings\JD\Desktop\MBR.zip
[2012/09/30 14:34:21 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\JD\Application Data\$_hpcst$.hpc
[2012/09/30 13:48:32 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/30 13:48:32 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/30 13:33:44 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\JD\Desktop\MBR.dat
[2012/09/30 13:24:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229631038-3120262822-4246582294-1016Core.job
[2012/09/30 13:20:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\JD\Desktop\aswMBR.exe
[2012/09/30 13:15:26 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/09/30 13:15:26 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/09/30 13:06:41 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\JD\Desktop\rkill.com
[2012/09/30 12:15:30 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\JD\Desktop\Google Chrome.lnk
[2012/09/30 12:15:30 | 000,002,253 | ---- | M] () -- C:\Documents and Settings\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/30 12:09:16 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/09/30 12:09:16 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/09/30 12:09:15 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/09/30 12:09:15 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/09/30 12:09:15 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/09/30 12:09:15 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/09/30 11:59:49 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/30 00:13:34 | 000,006,824 | ---- | M] () -- C:\Documents and Settings\JD\My Documents\cc_20120930_001331.reg
[2012/09/29 22:49:57 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\JD\Desktop\golibxez.exe
[2012/09/29 22:27:09 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\JD\Desktop\dentist.com
[2012/09/24 21:42:27 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/09/24 21:42:20 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/23 20:35:57 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/09/23 20:35:25 | 003,927,560 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\JD\Desktop\ccsetup322.exe
[2012/09/23 17:55:47 | 000,519,544 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/09/23 17:55:47 | 000,099,520 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/09/23 17:24:13 | 000,316,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/21 23:42:56 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/21 23:40:33 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/09/21 23:40:33 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/09/21 23:39:30 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/09/14 21:40:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/30 14:34:25 | 000,000,496 | ---- | C] () -- C:\Documents and Settings\JD\Desktop\MBR.zip
[2012/09/30 14:34:21 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\JD\Application Data\$_hpcst$.hpc
[2012/09/30 13:48:32 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/30 13:48:32 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/30 13:48:32 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/30 13:33:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\JD\Desktop\MBR.dat
[2012/09/30 12:47:40 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/30 12:15:30 | 000,002,275 | ---- | C] () -- C:\Documents and Settings\JD\Desktop\Google Chrome.lnk
[2012/09/30 12:15:30 | 000,002,253 | ---- | C] () -- C:\Documents and Settings\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/30 12:14:24 | 000,000,966 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229631038-3120262822-4246582294-1016UA.job
[2012/09/30 12:14:23 | 000,000,914 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229631038-3120262822-4246582294-1016Core.job
[2012/09/30 11:59:48 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\JD\Start Menu\Programs\Internet Explorer.lnk
[2012/09/30 00:13:32 | 000,006,824 | ---- | C] () -- C:\Documents and Settings\JD\My Documents\cc_20120930_001331.reg
[2012/09/29 22:49:57 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\JD\Desktop\golibxez.exe
[2012/09/28 11:16:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/09/28 11:16:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/09/28 11:16:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/09/28 11:16:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/09/28 11:16:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/09/24 21:42:27 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/09/24 21:42:20 | 000,000,308 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/09/23 20:35:57 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/09/23 16:22:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/09/23 16:22:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/09/23 14:30:46 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{12375CDC-7389-4819-8278-97B8DAA41449}.job
[2012/09/23 14:26:26 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/23 14:26:26 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/09/23 14:26:26 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/09/23 14:26:25 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\JD\Start Menu\Programs\Remote Assistance.lnk
[2012/09/23 14:26:25 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\JD\Desktop\Windows Media Player.lnk
[2012/09/23 14:26:24 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\JD\Start Menu\Programs\Windows Media Player.lnk
[2012/09/22 13:10:35 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2012/09/08 19:29:32 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/08 12:37:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\XMOUSE.CPL
[2012/06/10 12:54:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/23 14:02:09 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2012/03/19 14:23:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2011/12/12 23:22:18 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2011/12/12 23:22:18 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2011/12/12 23:21:59 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2011/12/12 23:21:59 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2011/12/12 23:21:57 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2011/05/16 14:31:44 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/10/29 20:20:46 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/08 13:41:50 | 000,000,394 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2006/04/06 13:51:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/12/13 01:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACT
[2012/09/24 21:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/12 21:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chaos Software
[2012/02/02 13:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2006/10/11 11:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2007/04/20 12:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\inData
[2006/10/13 10:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IPROTech
[2011/12/14 19:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2006/10/20 20:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2007/04/28 15:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2007/04/28 15:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2012/02/02 13:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2006/12/19 13:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/11/09 15:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2007/04/19 13:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2012/04/23 15:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TP-LINK
[2007/01/12 21:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/03/23 21:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2011/12/12 23:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{71D3EDC9-3F0F-4763-A981-436F3FAE6661}
[2011/12/12 23:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C381BF8B-3153-4BC8-BD05-339D5EE80FB9}
[2012/09/23 14:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JD\Application Data\ElevatedDiagnostics
[2006/04/06 19:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JD\Application Data\InterVideo
[2007/04/19 13:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JD\Application Data\Spearit
[2006/04/06 17:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JD\Application Data\toshiba

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2012/08/21 05:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSnx.sys
[2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2006/04/05 18:05:48 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2006/04/06 13:49:21 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2006/10/08 18:28:03 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2011/09/06 21:01:24 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9EC1DFB0-DD47-4C65-93A3-CCF2D0A5C3BB}.job
[2011/12/12 21:26:45 | 000,000,914 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1229631038-3120262822-4246582294-1005Core.job
[2011/12/12 21:26:46 | 000,000,966 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1229631038-3120262822-4246582294-1005UA.job
[2012/02/02 12:36:34 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{18721658-174C-49FB-B127-360C2D6263A7}.job
[2012/09/23 14:30:46 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{12375CDC-7389-4819-8278-97B8DAA41449}.job
[2012/09/24 21:42:20 | 000,000,308 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012/09/30 12:14:23 | 000,000,914 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1229631038-3120262822-4246582294-1016Core.job
[2012/09/30 12:14:24 | 000,000,966 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1229631038-3120262822-4246582294-1016UA.job
[2012/09/30 12:47:40 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-09-27 01:10:52

< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:05:44 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/14 06:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008/04/14 06:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/14 06:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 00:56:48 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
[2004/08/04 08:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\I386\AUTOCHK.EXE
[2004/08/04 08:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\autochk.exe

< MD5 for: BEEP.SYS >
[2002/08/29 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2002/08/29 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2006/02/24 13:52:08 | 000,023,552 | ---- | M] (UPEK Inc.) MD5=5966B5ABF33C7AD464D4C4366C0862E4 -- C:\Program Files\Protector Suite QL\eventlog.dll
[2008/04/14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: KERNEL32.DLL >
[2007/04/16 12:07:27 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2006/07/05 06:57:10 | 000,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC76CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[2009/03/21 09:54:07 | 000,989,184 | ---- | M] (Microsoft Corporation) MD5=80202858D245FF07DAA1739C57A3E19B -- C:\WINDOWS\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[2004/08/04 00:56:44 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/14 06:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/14 06:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2008/04/13 20:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kernel32.dll
[2009/03/21 09:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 13:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 00:56:46 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3gdr\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 06:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/04/14 06:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/04/13 20:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/14 01:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
[2008/04/14 01:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/09 07:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2008/04/14 01:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntfs.sys
[2008/04/14 01:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2004/08/04 08:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\I386\NTFS.SYS

< MD5 for: NTMSSVC.DLL >
[2008/04/14 06:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntmssvc.dll
[2008/04/14 06:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 00:56:46 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 00:56:56 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/14 06:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 20:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\proquota.exe
[2008/04/14 06:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 08:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/14 06:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\qmgr.dll
[2008/04/14 06:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/14 06:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 00:56:46 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/14 06:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 20:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll
[2008/04/14 06:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/17 09:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\sp3gdr\spoolsv.exe
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2004/08/04 00:56:58 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2005/06/10 20:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/14 06:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008/04/14 06:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/13 20:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/14 06:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
[2008/04/14 06:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 08:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/04 08:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/14 06:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\termsrv.dll
[2008/04/14 06:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: XMLPROV.DLL >
[2008/04/14 06:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 20:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\xmlprov.dll
[2008/04/14 06:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 00:56:48 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 1251 bytes -> C:\Program Files\Common Files\Microsoft Shared:rbyrR1FuCXfVpQ6Jp2Y9VLvfV2Ff08
@Alternate Data Stream - 1251 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:bDrpsbDGo9xI0L0eyZLXCY
@Alternate Data Stream - 1185 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:DDUUz9xet5WXxgH8m4Etfe7D6Pac
@Alternate Data Stream - 1143 bytes -> C:\Program Files\Common Files\System:goeT9eTIRLOYGdQFqgFrAd

< End of report >


OTL Extras logfile created on: 10/2/2012 4:25:27 PM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\JD\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.11 Mb Total Physical Memory | 634.37 Mb Available Physical Memory | 62.49% Memory free
2.39 Gb Paging File | 2.15 Gb Available in Paging File | 90.09% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.97 Gb Total Space | 61.80 Gb Free Space | 66.47% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-LT | User Name: JD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Unable to open value key File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"80:TCP" = 80:TCP:LocalSubNet:Enabled:Port80

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
"C:\Program Files\Common Files\AOL\1144361610\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1144361610\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
"C:\Program Files\Grisoft\AVG Free\avginet.exe" = C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe
"C:\Program Files\Grisoft\AVG Free\avgemc.exe" = C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:Windows® installer -- (Microsoft Corporation)
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe" = C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe
"C:\Program Files\Grisoft\AVG Free\avgcc.exe" = C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" = C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe:*:Enabled:PsiService_2
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" = C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe:*:Enabled:sqlbrowser
"C:\Program Files\ACT\Act for Windows\Act.Scheduler.UI.exe" = C:\Program Files\ACT\Act for Windows\Act.Scheduler.UI.exe:*:Enabled:Sage ACT! Scheduler
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe" = C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe:*:Enabled:sqlservr
"C:\Program Files\Centerbase\Client\Centerbase.exe" = C:\Program Files\Centerbase\Client\Centerbase.exe:*:Enabled:Centerbase Client
"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" = C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe:*:Enabled:sqlservr
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02E73E50-6513-4802-8600-B5A5BA185BE3}" = ScanSoft PaperPort 11
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1698B560-DB7C-11D2-BAAA-00207814ABF0}" = FairCom Crystal Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24300A63-DD78-4AA5-A914-4D582C41D33A}" = TOSHIBA TouchPad On/Off Utility V2.05.01
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java™ 6 Update 35
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F412577-408A-4C7E-8B8D-9F3971E96A4E}" = Send to OneNote from Outlook
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{481EA8F8-CAC0-4137-9CF8-DD0297593E61}" = TP-LINK Wireless Client Utility
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AB6A079-178B-4144-B21F-4D1AE71666A2}" = Microsoft SQL Server 2008 R2 Native Client
"{529DDE6B-4F31-438B-B218-F36266ABD8C0}" = TOSHIBA Disc Creator
"{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5A847475-157F-45AD-9919-CD40D344B8B1}" = QBFC3.0
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{90849E84-F026-4638-A184-E6FCFD472C34}" = Brother Software
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI (Studio 10)
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B79FBFDD-8B0C-4B8E-B70E-499E39978281}" = Windows Vista Upgrade Advisor
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C00949CC-2EA9-4A5E-8062-DFD02F894BAD}" = PCmover
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDBFC424-DD00-497F-9BDC-4E4178332336}" = Protector Suite 5.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF3E217E-4661-4AE0-8CE0-11B7E74C2A94}" = Send to OneNote from IE Powertoy
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FDFE8A65-3DDD-4309-8194-559F41BF61F3}" = Studio 10
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe PhotoDeluxe Home Edition 4.0" = Adobe PhotoDeluxe Home Edition 4.0
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe SVG Viewer" = Adobe SVG Viewer
"Anapod Reinitializer" = Anapod Reinitializer (remove only)
"AnswerWorks" = AnswerWorks Runtime
"avast" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.1
"BootSkin" = BootSkin
"CCleaner" = CCleaner
"Cool Edit 2000" = Cool Edit 2000
"ESET Online Scanner" = ESET Online Scanner v3
"Express Media Player" = Express Media Player
"ie8" = Windows Internet Explorer 8
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"InstallShield_{C00949CC-2EA9-4A5E-8062-DFD02F894BAD}" = PCmover
"InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Targus Comfort Mouse
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Shop for HP Supplies" = Shop for HP Supplies
"Stamps.com support for Microsoft Outlook 2000, 2002, 2003" = Stamps.com support for Microsoft Outlook 2000, 2002, 2003
"Stamps.com support for Microsoft Outlook 97-2003" = Stamps.com support for Microsoft Outlook 97-2003
"Stamps.com support for Microsoft Word 2000, 2002, 2003" = Stamps.com support for Microsoft Word 2000, 2002, 2003
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TFNF5" = TOSHIBA Hotkey Utility for Display Devices
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Tweak UI 2.10" = Tweak UI
"Videora iPod Converter" = Videora iPod Converter 2.19
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT004722" = Bejeweled 2 Deluxe
"WT004723" = Blasterball 2 Revolution
"WT004725" = SCRABBLE
"WT004829" = Polar Golfer
"WT006066" = FATE
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/30/2012 12:59:55 AM | Computer Name = TOSHIBA-LT | Source = MsiInstaller | ID = 11905
Description = Product: SolutionCenter -- Error 1905. Module C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
failed to unregister. HRESULT -2147220472. Contact your support personnel.

Error - 9/30/2012 12:59:55 AM | Computer Name = TOSHIBA-LT | Source = MsiInstaller | ID = 11905
Description = Product: SolutionCenter -- Error 1905. Module C:\Program Files\HP\Digital
Imaging\Product Assistant\Bin\hpqscprefhelper.dll failed to unregister. HRESULT
-2147220472. Contact your support personnel.

Error - 9/30/2012 2:03:49 PM | Computer Name = TOSHIBA-LT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 15.0.1.4631, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 9/30/2012 2:17:59 PM | Computer Name = TOSHIBA-LT | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.100 for the Network Card with network
address 0013025F1790 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 9/30/2012 2:18:03 PM | Computer Name = TOSHIBA-LT | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0013025F1790. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 9/30/2012 9:37:34 PM | Computer Name = TOSHIBA-LT | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.100 on
the Network Card with network address 0013025F1790.

Error - 10/1/2012 9:56:48 AM | Computer Name = TOSHIBA-LT | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.100 on
the Network Card with network address 0013025F1790.

Error - 10/1/2012 1:54:30 PM | Computer Name = TOSHIBA-LT | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0013025F1790. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 10/1/2012 2:29:10 PM | Computer Name = TOSHIBA-LT | Source = Service Control Manager | ID = 7034
Description = The Swupdtmr service terminated unexpectedly. It has done this 1
time(s).

Error - 10/1/2012 2:29:10 PM | Computer Name = TOSHIBA-LT | Source = Service Control Manager | ID = 7031
Description = The IIS Admin service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 1 milliseconds: Run
the configured recovery program.

Error - 10/1/2012 2:29:10 PM | Computer Name = TOSHIBA-LT | Source = Service Control Manager | ID = 7034
Description = The Simple Mail Transfer Protocol (SMTP) service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/1/2012 2:29:10 PM | Computer Name = TOSHIBA-LT | Source = Service Control Manager | ID = 7034
Description = The World Wide Web Publishing service terminated unexpectedly. It
has done this 1 time(s).

Error - 10/2/2012 4:18:27 PM | Computer Name = TOSHIBA-LT | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.100 on
the Network Card with network address 0013025F1790.


< End of report >

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:35 PM

Posted 03 October 2012 - 10:32 AM

Run OTL - Double-click OTL.exe Posted Image to start it.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()
    DRV - (WDICA) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (PalmUSBD) -- system32\drivers\PalmUSBD.sys File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (Changer) -- File not found
    DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    @Alternate Data Stream - 1251 bytes -> C:\Program Files\Common Files\Microsoft Shared:rbyrR1FuCXfVpQ6Jp2Y9VLvfV2Ff08
    @Alternate Data Stream - 1251 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:bDrpsbDGo9xI0L0eyZLXCY
    @Alternate Data Stream - 1185 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:DDUUz9xet5WXxgH8m4Etfe7D6Pac
    @Alternate Data Stream - 1143 bytes -> C:\Program Files\Common Files\System:goeT9eTIRLOYGdQFqgFrAd
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Keep me posted.

#15 MungoStJohn

MungoStJohn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 03 October 2012 - 06:37 PM

Hi,

I ran OTL s instructed and tried to go to aol webmail with chrome and got "The site's security certificate is not tructed". So, the problem still exists.

Here are the two OTL logs, the first from the Run Fix and the second from Quick Scan.

All processes killed
========== OTL ==========
Service PEVSystemStart stopped successfully!
Service PEVSystemStart deleted successfully!
C:\ComboFix\pev.3XE moved successfully.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
File File not found not found.
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
File File not found not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
File File not found not found.
Service PalmUSBD stopped successfully!
Service PalmUSBD deleted successfully!
File system32\drivers\PalmUSBD.sys File not found not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
File File not found not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
File File not found not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
File File not found not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
ADS C:\Program Files\Common Files\Microsoft Shared:rbyrR1FuCXfVpQ6Jp2Y9VLvfV2Ff08 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:bDrpsbDGo9xI0L0eyZLXCY deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:DDUUz9xet5WXxgH8m4Etfe7D6Pac deleted successfully.
ADS C:\Program Files\Common Files\System:goeT9eTIRLOYGdQFqgFrAd deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\JD\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\JD\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1190513 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: JD
->Temp folder emptied: 1906 bytes
->Temporary Internet Files folder emptied: 21474674 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38079323 bytes
->Google Chrome cache emptied: 11698262 bytes
->Flash cache emptied: 622 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 158502 bytes
->FireFox cache emptied: 3543820 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: OD
->Temp folder emptied: 57361296 bytes
->Temporary Internet Files folder emptied: 11140349 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4445267 bytes
->Google Chrome cache emptied: 408114824 bytes
->Flash cache emptied: 1499227 bytes

User: TOSHIBA-LT

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2181852 bytes
%systemroot%\System32 .tmp files removed: 4531217 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 135114026 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 668.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: JD
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: OD
->Flash cache emptied: 0 bytes

User: TOSHIBA-LT

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.70.1 log created on 10032012_191738

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


OTL logfile created on: 10/3/2012 7:23:09 PM - Run 2
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\JD\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.11 Mb Total Physical Memory | 656.01 Mb Available Physical Memory | 64.62% Memory free
2.39 Gb Paging File | 2.13 Gb Available in Paging File | 89.37% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.97 Gb Total Space | 63.10 Gb Free Space | 67.87% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-LT | User Name: JD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\JD\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe ()
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Targus Comfort Mouse\PELMICED.EXE (TPMX Electronics Ltd.)
PRC - C:\Program Files\Targus Comfort Mouse\ICO.EXE (Primax Electronics Ltd.)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsubleepa Electric Industrial Co., Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12100200\algo.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Program Files\NETGEAR\WNDA3100v2\WifiLib.dll ()
MOD - C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe ()
MOD - C:\Program Files\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\WINDOWS\system32\BiImg.dll ()
MOD - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (WSWNDA3100) -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (Thpsrv) -- C:\WINDOWS\system32\ThpSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsubleepa Electric Industrial Co., Ltd.)


========== Driver Services (SafeList) ==========

DRV - (PDRFRAME) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (BCMH43XX) -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys (Broadcom Corporation)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (AR9271) -- C:\WINDOWS\system32\drivers\athuw.sys (Atheros Communications, Inc.)
DRV - (pelusblf) -- C:\WINDOWS\system32\drivers\pelusblf.sys (TPMX Electronics Ltd.)
DRV - (pelmouse) -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS (TPMX Electronics Ltd.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (BANTExt) -- C:\WINDOWS\system32\drivers\BANTExt.sys ()
DRV - (BootScreen) -- C:\WINDOWS\system32\drivers\vidstub.sys ()
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (tdudf) -- C:\WINDOWS\system32\drivers\tdudf.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\WINDOWS\system32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (FdRedir) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys (UPEK Inc.)
DRV - (FileDisk2) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys (UPEK Inc.)
DRV - (smihlp) -- C:\Program Files\Protector Suite QL\smihlp.sys (UPEK Inc.)
DRV - (TVALZ) -- C:\WINDOWS\system32\drivers\TVALZ.SYS (TOSHIBA Corporation)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tbiosdrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()
DRV - (PLUsbbc2) -- C:\WINDOWS\system32\drivers\usbbc2.sys (Prolific Technology Inc.)
DRV - (LLUSBFLT) -- C:\WINDOWS\system32\drivers\llusbflt.sys (Laplink Software, Inc.)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsubleepa Electric Industrial Co.,Ltd.)
DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH)
DRV - (Thpdrv) -- C:\WINDOWS\system32\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV - (Thpevm) -- C:\WINDOWS\system32\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{758D1E8B-9E78-4F31-86F9-4EA33706E521}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "aol.com"
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\JD\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\JD\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/24 21:42:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/30 13:48:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/14 19:32:44 | 000,000,000 | ---D | M]

[2012/09/30 13:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JD\Application Data\Mozilla\Extensions
[2012/09/30 13:48:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/24 21:42:02 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/05 21:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/01/28 18:31:56 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/01/19 19:14:22 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2006/11/25 14:38:13 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2006/11/28 11:45:34 | 000,648,736 | ---- | M] (Medical Informatics Engineering, Inc.) -- C:\Program Files\mozilla firefox\plugins\npzzatif.dll
[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 21:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://aol.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://aol.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\JD\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Gmail = C:\Documents and Settings\JD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/12/13 01:03:52 | 000,000,764 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.1.112 HP0016353FEB94
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Program Files\Targus Comfort Mouse\ICO.EXE (Primax Electronics Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Send to OneNote - {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - Reg Error: Unable to open value key File not found
O9 - Extra Button: Add to Library - {ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC} - C:\PROGRAM FILES\AMICUS50\Research\GetTags.htm File not found
O9 - Extra 'Tools' menuitem : Send to OneNote Settings - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - Reg Error: Unable to open value key File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1348430292437 (WUWebControl Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E25E6396-5565-4DA7-9D19-12417D8B7C1C}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (psqlpwd.dll) - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\OrganicMetal_Wide_1440_900.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\OrganicMetal_Wide_1440_900.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/28 08:51:24 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/03 19:19:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/10/03 19:17:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/02 16:21:14 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JD\Desktop\OTL.exe
[2012/10/01 14:28:03 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/10/01 14:04:48 | 004,759,381 | R--- | C] (Swearware) -- C:\Documents and Settings\JD\Desktop\ComboFix.exe
[2012/10/01 10:01:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\JD\Recent
[2012/09/30 13:48:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Local Settings\Application Data\Mozilla
[2012/09/30 13:48:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\Mozilla
[2012/09/30 13:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/30 13:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/09/30 13:20:31 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\JD\Desktop\aswMBR.exe
[2012/09/30 13:06:39 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\JD\Desktop\rkill.com
[2012/09/30 12:15:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Start Menu\Programs\Google Chrome
[2012/09/30 12:10:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/09/30 12:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/09/30 12:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\Sun
[2012/09/29 22:27:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\JD\Desktop\dentist.com
[2012/09/28 11:16:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/09/28 11:16:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/09/28 11:16:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/09/28 11:16:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/09/28 07:40:15 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/09/24 21:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/09/24 21:42:26 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/09/24 21:42:26 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/09/24 21:42:23 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/09/24 21:42:23 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/09/24 21:42:22 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/09/24 21:42:20 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/09/24 21:42:20 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/09/24 21:42:19 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/09/24 21:41:52 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/09/24 21:41:51 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/09/24 21:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/24 21:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/09/24 18:37:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\My Documents\Downloads
[2012/09/23 20:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Local Settings\Application Data\Deployment
[2012/09/23 20:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/09/23 20:35:05 | 003,927,560 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\JD\Desktop\ccsetup322.exe
[2012/09/23 18:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\Malwarebytes
[2012/09/23 14:41:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JD\My Documents\My Videos
[2012/09/23 14:41:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JD\Start Menu\Programs\Administrative Tools
[2012/09/23 14:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\ElevatedDiagnostics
[2012/09/23 14:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/09/23 14:34:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/09/23 14:30:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\JD\IECompatCache
[2012/09/23 14:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\Macromedia
[2012/09/23 14:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\Adobe
[2012/09/23 14:30:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\JD\PrivacIE
[2012/09/23 14:30:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\JD\IETldCache
[2012/09/23 14:26:24 | 000,000,000 | --SD | C] -- C:\Documents and Settings\JD\Application Data\Microsoft
[2012/09/23 14:26:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\JD\SendTo
[2012/09/23 14:26:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\JD\Application Data
[2012/09/23 14:26:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JD\Start Menu\Programs\Startup
[2012/09/23 14:26:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JD\Start Menu
[2012/09/23 14:26:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JD\My Documents\My Pictures
[2012/09/23 14:26:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JD\My Documents\My Music
[2012/09/23 14:26:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JD\My Documents
[2012/09/23 14:26:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JD\Favorites
[2012/09/23 14:26:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JD\Start Menu\Programs\Accessories
[2012/09/23 14:26:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\JD\Cookies
[2012/09/23 14:26:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\JD\Templates
[2012/09/23 14:26:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\JD\PrintHood
[2012/09/23 14:26:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\JD\NetHood
[2012/09/23 14:26:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\JD\Local Settings
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\You've Got Pictures Screensaver
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Local Settings\Application Data\Yahoo
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Local Settings\Application Data\Wildtangent
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\toshiba
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\Spearit
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Local Settings\Application Data\Microsoft
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\InterVideo
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\Intel
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\Identities
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Local Settings\Application Data\Google
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Desktop
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Local Settings\Application Data\ApplicationHistory
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Application Data\AOL
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Start Menu\Programs\America Online
[2012/09/23 14:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JD\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2012/09/14 20:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/08 12:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Targus Comfort Mouse
[2012/09/08 12:37:00 | 000,020,480 | ---- | C] (TPMX Electronics Ltd.) -- C:\WINDOWS\System32\drivers\pelusblf.sys
[2012/09/08 12:37:00 | 000,020,480 | ---- | C] (TPMX Electronics Ltd.) -- C:\WINDOWS\PELUSBlf.SYS
[2012/09/08 12:37:00 | 000,018,944 | ---- | C] (TPMX Electronics Ltd.) -- C:\WINDOWS\System32\drivers\PELMOUSE.SYS
[2012/09/08 12:37:00 | 000,018,944 | ---- | C] (TPMX Electronics Ltd.) -- C:\WINDOWS\PELMOUSE.SYS
[2012/09/08 12:37:00 | 000,010,240 | ---- | C] (TPMX Electronics Ltd.) -- C:\WINDOWS\System32\drivers\PELUSBBT.SYS
[2012/09/08 12:37:00 | 000,010,240 | ---- | C] (TPMX Electronics Ltd.) -- C:\WINDOWS\PELUSBBT.SYS
[2012/09/08 12:37:00 | 000,000,000 | ---D | C] -- C:\Program Files\Targus Comfort Mouse

========== Files - Modified Within 30 Days ==========

[2012/10/03 19:27:00 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9EC1DFB0-DD47-4C65-93A3-CCF2D0A5C3BB}.job
[2012/10/03 19:26:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{18721658-174C-49FB-B127-360C2D6263A7}.job
[2012/10/03 19:24:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229631038-3120262822-4246582294-1016UA.job
[2012/10/03 19:21:33 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/10/03 19:21:31 | 000,001,180 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/03 19:20:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/03 19:17:03 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{12375CDC-7389-4819-8278-97B8DAA41449}.job
[2012/10/03 19:15:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/02 16:21:14 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JD\Desktop\OTL.exe
[2012/10/01 14:59:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229631038-3120262822-4246582294-1005UA.job
[2012/10/01 14:04:54 | 004,759,381 | R--- | M] (Swearware) -- C:\Documents and Settings\JD\Desktop\ComboFix.exe
[2012/10/01 13:59:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229631038-3120262822-4246582294-1005Core.job
[2012/09/30 14:34:25 | 000,000,496 | ---- | M] () -- C:\Documents and Settings\JD\Desktop\MBR.zip
[2012/09/30 14:34:21 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\JD\Application Data\$_hpcst$.hpc
[2012/09/30 13:48:32 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/30 13:48:32 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/30 13:33:44 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\JD\Desktop\MBR.dat
[2012/09/30 13:24:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229631038-3120262822-4246582294-1016Core.job
[2012/09/30 13:20:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\JD\Desktop\aswMBR.exe
[2012/09/30 13:06:41 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\JD\Desktop\rkill.com
[2012/09/30 12:15:30 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\JD\Desktop\Google Chrome.lnk
[2012/09/30 12:15:30 | 000,002,253 | ---- | M] () -- C:\Documents and Settings\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/30 11:59:49 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/30 00:13:34 | 000,006,824 | ---- | M] () -- C:\Documents and Settings\JD\My Documents\cc_20120930_001331.reg
[2012/09/29 22:49:57 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\JD\Desktop\golibxez.exe
[2012/09/29 22:27:09 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\JD\Desktop\dentist.com
[2012/09/24 21:42:27 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/09/24 21:42:20 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/23 20:35:57 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/09/23 20:35:25 | 003,927,560 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\JD\Desktop\ccsetup322.exe
[2012/09/23 17:55:47 | 000,519,544 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/09/23 17:55:47 | 000,099,520 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/09/23 17:24:13 | 000,316,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/21 23:42:56 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/21 23:40:33 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/09/21 23:40:33 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/09/21 23:39:30 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/09/14 21:40:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/09/30 14:34:25 | 000,000,496 | ---- | C] () -- C:\Documents and Settings\JD\Desktop\MBR.zip
[2012/09/30 14:34:21 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\JD\Application Data\$_hpcst$.hpc
[2012/09/30 13:48:32 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/30 13:48:32 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/30 13:48:32 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/30 13:33:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\JD\Desktop\MBR.dat
[2012/09/30 12:47:40 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/30 12:15:30 | 000,002,275 | ---- | C] () -- C:\Documents and Settings\JD\Desktop\Google Chrome.lnk
[2012/09/30 12:15:30 | 000,002,253 | ---- | C] () -- C:\Documents and Settings\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/30 12:14:24 | 000,000,966 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229631038-3120262822-4246582294-1016UA.job
[2012/09/30 12:14:23 | 000,000,914 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229631038-3120262822-4246582294-1016Core.job
[2012/09/30 11:59:48 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\JD\Start Menu\Programs\Internet Explorer.lnk
[2012/09/30 00:13:32 | 000,006,824 | ---- | C] () -- C:\Documents and Settings\JD\My Documents\cc_20120930_001331.reg
[2012/09/29 22:49:57 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\JD\Desktop\golibxez.exe
[2012/09/28 11:16:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/09/28 11:16:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/09/28 11:16:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/09/28 11:16:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/09/28 11:16:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/09/24 21:42:27 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/09/24 21:42:20 | 000,000,308 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/09/23 20:35:57 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/09/23 16:22:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/09/23 16:22:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/09/23 14:30:46 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{12375CDC-7389-4819-8278-97B8DAA41449}.job
[2012/09/23 14:26:26 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/23 14:26:26 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/09/23 14:26:26 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/09/23 14:26:25 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\JD\Start Menu\Programs\Remote Assistance.lnk
[2012/09/23 14:26:25 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\JD\Desktop\Windows Media Player.lnk
[2012/09/23 14:26:24 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\JD\Start Menu\Programs\Windows Media Player.lnk
[2012/09/22 13:10:35 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2012/09/08 19:29:32 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/08 12:37:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\XMOUSE.CPL
[2012/06/10 12:54:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/23 14:02:09 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2012/03/19 14:23:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2011/12/12 23:22:18 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2011/12/12 23:22:18 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2011/12/12 23:21:59 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2011/12/12 23:21:59 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2011/12/12 23:21:57 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2011/05/16 14:31:44 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/10/29 20:20:46 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/08 13:41:50 | 000,000,394 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2006/04/06 13:51:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/12/13 01:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACT
[2012/09/24 21:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/12 21:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chaos Software
[2012/02/02 13:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2006/10/11 11:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2007/04/20 12:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\inData
[2006/10/13 10:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IPROTech
[2011/12/14 19:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2006/10/20 20:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2007/04/28 15:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2007/04/28 15:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2012/02/02 13:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2006/12/19 13:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/11/09 15:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2007/04/19 13:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2012/04/23 15:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TP-LINK
[2007/01/12 21:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/03/23 21:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2011/12/12 23:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{71D3EDC9-3F0F-4763-A981-436F3FAE6661}
[2011/12/12 23:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C381BF8B-3153-4BC8-BD05-339D5EE80FB9}
[2012/09/23 14:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JD\Application Data\ElevatedDiagnostics
[2006/04/06 19:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JD\Application Data\InterVideo
[2007/04/19 13:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JD\Application Data\Spearit
[2006/04/06 17:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JD\Application Data\toshiba

========== Purity Check ==========



< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users