Inactive Keep Getting Explorer Error

[Inactive] Keep Getting Explorer Error

While trying to copy photos from SIM card to my compluter using a USB Memory Card Reader, I keep getting a Windows Explorer error stating that Explorer has encountered an error and must shut down.

The monitor flickers and I lose some of the icons in my tray but I am still in Windows. When I restart, I get everything back, but the error keeps repeating.

Arie suggested I post the following logs in this forum.

Thanks for any help you can provide.

MBAM.LOG

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7058

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

7/9/2011 1:02:54 PM
mbam-log-2011-07-09 (13-02-54).txt

Scan type: Quick scan
Objects scanned: 150540
Time elapsed: 3 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER.LOG

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-09 15:11:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600BB-22GUA0 rev.08.02D08
Running: xregdk83.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kfldrpow.sys

 

xF400F848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF400F95E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF4031075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF400F746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF400F898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF400F79A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF400F90C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF400D226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF4031D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF403203D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF400FBE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF4031BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF4031A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF4073E3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF400CFF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF400D24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF400FD56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF400DCDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF400F820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF400F870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF400F988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF40313D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF400F772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF400FA1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF400F8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF400F7C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF400FAFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF400F936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF4073ED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF40318D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF400DBA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF403172A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF407C10E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF40306E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF400D26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF400D292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF400D04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF400D186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF4031E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF400D162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF400D1AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF400D2B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF4089398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 37C 804E29E8 4 Bytes CALL FD422CF3
PAGE ntoskrnl.exe!ObInsertObject 805650BA 5 Bytes JMP F40867F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB08 4 Bytes CALL F400E335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058124C 7 Bytes JMP F408939C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A038B 5 Bytes JMP F4084D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGENDSM NDIS.sys!NdisMIndicateStatus F72BC9EF 6 Bytes JMP F4398AC0 \SystemRoot\System32\Drivers\fwdrv.sys
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF723649E]
init C:\WINDOWS\System32\Drivers\sunkfilt39.sys entry point in "init" section [0xF77EF360]
.text win32k.sys!EngFreeUserMem + 674 BF809922 5 Bytes JMP F4010CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP F4010BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 783B BF824157 5 Bytes JMP F400FF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828CE9 5 Bytes JMP F4010E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 5 Bytes JMP F4011014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP F4010B1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 5F35 BF857E69 5 Bytes JMP F400FFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 348C BF866FF4 5 Bytes JMP F4010180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3517 BF86707F 5 Bytes JMP F4010326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 5 Bytes JMP F400FE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 5 Bytes JMP F4010BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 5 Bytes JMP F4010F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF88C9D8 5 Bytes JMP F40102FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP F400FE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 5 Bytes JMP F4010D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 450 BF8C3048 5 Bytes JMP F401003E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 1 Byte [E9]
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 5 Bytes JMP F40100AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP F40100E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 5 Bytes JMP F400FD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP F400FEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2586 BF914AF3 5 Bytes JMP F4010008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EE5 BF917452 5 Bytes JMP F4010440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP F4010ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[108] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[108] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[108] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[108] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[108] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[108] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[108] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[108] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[108] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[108] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[108] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[108] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[108] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[108] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[108] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[108] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[108] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\spoolsv.exe[204] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[204] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[204] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[204] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[204] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[204] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[204] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[204] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[204] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[204] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[204] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[204] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[204] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[204] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[204] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[204] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[204] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[304] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[304] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[304] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[304] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[304] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[304] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[304] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[304] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[304] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[304] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[304] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[304] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[304] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[304] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[304] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[304] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[304] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\nvsvc32.exe[412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\nvsvc32.exe[412] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[412] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\nvsvc32.exe[412] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[412] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\nvsvc32.exe[412] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\nvsvc32.exe[412] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\nvsvc32.exe[412] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\nvsvc32.exe[412] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\nvsvc32.exe[412] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\nvsvc32.exe[412] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\nvsvc32.exe[412] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\nvsvc32.exe[412] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\nvsvc32.exe[412] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\nvsvc32.exe[412] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\nvsvc32.exe[412] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\nvsvc32.exe[412] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Tiny Personal Firewall\persfw.exe[436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Tiny Personal Firewall\persfw.exe[436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Tiny Personal Firewall\persfw.exe[436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Tiny Personal Firewall\persfw.exe[436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Tiny Personal Firewall\persfw.exe[436] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Tiny Personal Firewall\persfw.exe[436] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Tiny Personal Firewall\persfw.exe[436] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Tiny Personal Firewall\persfw.exe[436] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Tiny Personal Firewall\persfw.exe[436] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Tiny Personal Firewall\persfw.exe[436] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Tiny Personal Firewall\persfw.exe[436] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Tiny Personal Firewall\persfw.exe[436] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Tiny Personal Firewall\persfw.exe[436] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Tiny Personal Firewall\persfw.exe[436] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Tiny Personal Firewall\persfw.exe[436] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Tiny Personal Firewall\persfw.exe[436] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Tiny Personal Firewall\persfw.exe[436] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\smss.exe[496] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[548] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[548] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[548] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Secunia\PSI\PSIA.exe[548] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Secunia\PSI\PSIA.exe[548] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Secunia\PSI\PSIA.exe[548] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Secunia\PSI\PSIA.exe[548] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Secunia\PSI\PSIA.exe[548] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[548] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[548] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Secunia\PSI\PSIA.exe[548] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Secunia\PSI\PSIA.exe[548] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Secunia\PSI\PSIA.exe[548] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Secunia\PSI\PSIA.exe[548] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[548] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\csrss.exe[552] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[552] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[576] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[576] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[576] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014

 

.text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[620] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[620] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[620] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[620] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[620] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC


.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[632] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[632] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[632] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[632] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[632] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[784] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[784] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[784] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[784] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[784] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[784] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[832] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[832] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[832] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[832] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[832] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[900] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[900] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[900] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[900] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[900] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[900] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[900] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[900] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[900] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[900] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[900] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[900] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[956] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[956] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[956] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[956] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[956] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[956] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[956] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1148] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1148] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1148] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1208] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1208] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[1244] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\wdfmgr.exe[1244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[1244] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\wdfmgr.exe[1244] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[1244] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\wdfmgr.exe[1244] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wdfmgr.exe[1244] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wdfmgr.exe[1244] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\wdfmgr.exe[1244] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\wdfmgr.exe[1244] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wdfmgr.exe[1244] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wdfmgr.exe[1244] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wdfmgr.exe[1244] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wdfmgr.exe[1244] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wdfmgr.exe[1244] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wdfmgr.exe[1244] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wdfmgr.exe[1244] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\Explorer.EXE[1356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1356] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1356] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1356] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1356] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[1356] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1356] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1356] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[1356] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[1356] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1356] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1356] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1356] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[1356] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[1356] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[1356] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[1356] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1480] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1480] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1480] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1480] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1480] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Digital Media Reader\shwiconem.exe[1484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Digital Media Reader\shwiconem.exe[1484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Digital Media Reader\shwiconem.exe[1484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Digital Media Reader\shwiconem.exe[1484] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Digital Media Reader\shwiconem.exe[1484] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Digital Media Reader\shwiconem.exe[1484] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08

 

.text C:\Program Files\Digital Media Reader\shwiconem.exe[1484] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Digital Media Reader\shwiconem.exe[1484] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Digital Media Reader\shwiconem.exe[1484] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Digital Media Reader\shwiconem.exe[1484] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Digital Media Reader\shwiconem.exe[1484] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Digital Media Reader\shwiconem.exe[1484] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Digital Media Reader\shwiconem.exe[1484] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Digital Media Reader\shwiconem.exe[1484] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Digital Media Reader\shwiconem.exe[1484] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Digital Media Reader\shwiconem.exe[1484] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Digital Media Reader\shwiconem.exe[1484] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Lexmark 6200 Series\lxbumon.exe[1492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Lexmark 6200 Series\lxbumon.exe[1492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Lexmark 6200 Series\lxbumon.exe[1492] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Lexmark 6200 Series\lxbumon.exe[1492] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Lexmark 6200 Series\lxbumon.exe[1492] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Lexmark 6200 Series\lxbumon.exe[1492] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Lexmark 6200 Series\lxbumon.exe[1492] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Lexmark 6200 Series\lxbumon.exe[1492] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Lexmark 6200 Series\lxbumon.exe[1492] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Lexmark 6200 Series\lxbumon.exe[1492] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Lexmark 6200 Series\lxbumon.exe[1492] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Lexmark 6200 Series\lxbumon.exe[1492] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Lexmark 6200 Series\lxbumon.exe[1492] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Lexmark 6200 Series\lxbumon.exe[1492] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Lexmark 6200 Series\lxbumon.exe[1492] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Lexmark 6200 Series\lxbumon.exe[1492] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Lexmark 6200 Series\lxbumon.exe[1492] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text J:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text J:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1504] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text J:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1504] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text J:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1504] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text J:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1504] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text J:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1504] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text J:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1504] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text J:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1504] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text J:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1504] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text J:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1504] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text J:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1504] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text J:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1504] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text J:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1504] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text J:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1504] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text J:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1504] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text J:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1504] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text J:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1504] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Lexmark 6200 Series\ezprint.exe[1508] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Lexmark 6200 Series\ezprint.exe[1508] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Lexmark 6200 Series\ezprint.exe[1508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Lexmark 6200 Series\ezprint.exe[1508] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Lexmark 6200 Series\ezprint.exe[1508] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00580804
.text C:\Program Files\Lexmark 6200 Series\ezprint.exe[1508] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00580A08
.text C:\Program Files\Lexmark 6200 Series\ezprint.exe[1508] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00580600
.text C:\Program Files\Lexmark 6200 Series\ezprint.exe[1508] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005801F8
.text C:\Program Files\Lexmark 6200 Series\ezprint.exe[1508] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005803FC
.text C:\Program Files\Lexmark 6200 Series\ezprint.exe[1508] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00591014
.text C:\Program Files\Lexmark 6200 Series\ezprint.exe[1508] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00590804
.text C:\Program Files\Lexmark 6200 Series\ezprint.exe[1508] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00590A08
.text C:\Program Files\Lexmark 6200 Series\ezprint.exe[1508] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00590C0C
.text C:\Program Files\Lexmark 6200 Series\ezprint.exe[1508] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00590E10
.text C:\Program Files\Lexmark 6200 Series\ezprint.exe[1508] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005901F8
.text C:\Program Files\Lexmark 6200 Series\ezprint.exe[1508] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005903FC
.text C:\Program Files\Lexmark 6200 Series\ezprint.exe[1508] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00590600
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1516] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[1524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[1524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[1524] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[1524] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[1524] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[1524] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[1524] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[1524] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[1524] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[1524] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[1524] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[1524] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[1524] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[1524] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[1524] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[1524] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[1524] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\ctfmon.exe[1548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[1548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1548] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[1548] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1548] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[1548] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[1548] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[1548] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[1548] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[1548] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[1548] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[1548] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[1548] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[1548] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[1548] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[1548] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[1548] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\PROGRA~1\Eraser\Eraser.exe[1556] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\PROGRA~1\Eraser\Eraser.exe[1556] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\Eraser\Eraser.exe[1556] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\PROGRA~1\Eraser\Eraser.exe[1556] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\Eraser\Eraser.exe[1556] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\PROGRA~1\Eraser\Eraser.exe[1556] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\PROGRA~1\Eraser\Eraser.exe[1556] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\PROGRA~1\Eraser\Eraser.exe[1556] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\PROGRA~1\Eraser\Eraser.exe[1556] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\PROGRA~1\Eraser\Eraser.exe[1556] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\PROGRA~1\Eraser\Eraser.exe[1556] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\PROGRA~1\Eraser\Eraser.exe[1556] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\PROGRA~1\Eraser\Eraser.exe[1556] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\PROGRA~1\Eraser\Eraser.exe[1556] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\PROGRA~1\Eraser\Eraser.exe[1556] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\PROGRA~1\Eraser\Eraser.exe[1556] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\PROGRA~1\Eraser\Eraser.exe[1556] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1712] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1712] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1712] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1712] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1712] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1712] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1712] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1712] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1712] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1712] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1712] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1712] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1712] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1712] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1712] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1964] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1964] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1964] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[1964] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1964] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1964] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1964] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[1964] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1964] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1964] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1964] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1964] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1964] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1964] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\lxbucoms.exe[2172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\lxbucoms.exe[2172] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lxbucoms.exe[2172] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\lxbucoms.exe[2172] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lxbucoms.exe[2172] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\lxbucoms.exe[2172] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\lxbucoms.exe[2172] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\lxbucoms.exe[2172] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\lxbucoms.exe[2172] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\lxbucoms.exe[2172] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\lxbucoms.exe[2172] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\lxbucoms.exe[2172] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\lxbucoms.exe[2172] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\lxbucoms.exe[2172] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\lxbucoms.exe[2172] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\lxbucoms.exe[2172] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\lxbucoms.exe[2172] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\alg.exe[2596] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[2596] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2596] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[2596] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2596] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[2596] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[2596] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[2596] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[2596] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[2596] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[2596] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[2596] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[2596] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[2596] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[2596] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[2596] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[2596] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\Documents and Settings\Owner\Desktop\xregdk83.exe[3712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Owner\Desktop\xregdk83.exe[3712] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3960] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wscntfy.exe[3960] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3960] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wscntfy.exe[3960] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3960] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wscntfy.exe[3960] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wscntfy.exe[3960] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wscntfy.exe[3960] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wscntfy.exe[3960] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\wscntfy.exe[3960] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\wscntfy.exe[3960] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\wscntfy.exe[3960] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\wscntfy.exe[3960] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\wscntfy.exe[3960] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\wscntfy.exe[3960] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\wscntfy.exe[3960] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\wscntfy.exe[3960] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwLoadDriver] [F4398928] \SystemRoot\System32\Drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F4398820] \SystemRoot\System32\Drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F439883B] \SystemRoot\System32\Drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F43988CB] \SystemRoot\System32\Drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!ZwLoadDriver] [F4398928] \SystemRoot\System32\Drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F43988CB] \SystemRoot\System32\Drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F439883B] \SystemRoot\System32\Drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F4398820] \SystemRoot\System32\Drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F43988CB] \SystemRoot\System32\Drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F4398820] \SystemRoot\System32\Drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F439883B] \SystemRoot\System32\Drivers\fwdrv.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[620] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[620] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

 

MBR.LOG:

aswMBR version 0.9.7.705 Copyright(c) 2011 AVAST Software
Run date: 2011-07-09 16:14:52
-----------------------------
16:14:52.062 OS Version: Windows 5.1.2600 Service Pack 3
16:14:52.078 Number of processors: 1 586 0xA00
16:14:52.078 ComputerName: RBI-250 UserName: Owner
16:14:52.703 Initialize success
16:14:52.890 AVAST engine defs: 11070900
16:15:10.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:15:10.421 Disk 0 Vendor: WDC_WD1600BB-22GUA0 08.02D08 Size: 152627MB BusType: 3
16:15:12.484 Disk 0 MBR read successfully
16:15:12.484 Disk 0 MBR scan
16:15:12.484 Disk 0 unknown MBR code
16:15:14.515 Disk 0 scanning sectors +312576705
16:15:14.562 Disk 0 scanning C:\WINDOWS\system32\drivers
16:16:12.343 Service scanning
16:16:13.375 Disk 0 trace - called modules:
16:16:13.406 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:16:13.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86220ab8]
16:16:13.421 3 CLASSPNP.SYS[f7547fd7] -> nt!IofCallDriver -> \Device\0000008d[0x86225f18]
16:16:13.421 5 ACPI.sys[f743e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8623e940]
16:16:14.390 AVAST engine scan C:\WINDOWS
16:42:51.515 File: C:\WINDOWS\I386\APPS\APP29978\comps\rp\rp9codec.exe **INFECTED** Win32:Hrupka-D [Cryp]
17:02:46.812 AVAST engine scan C:\Documents and Settings\Owner
17:05:40.593 AVAST engine scan C:\Documents and Settings\All Users
17:06:40.281 Scan finished successfully
17:38:17.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat "
17:38:17.218 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt "


aswMBR version 0.9.7.705 Copyright(c) 2011 AVAST Software
Run date: 2011-07-09 16:14:52
-----------------------------
16:14:52.062 OS Version: Windows 5.1.2600 Service Pack 3
16:14:52.078 Number of processors: 1 586 0xA00
16:14:52.078 ComputerName: RBI-250 UserName: Owner
16:14:52.703 Initialize success
16:14:52.890 AVAST engine defs: 11070900
16:15:10.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:15:10.421 Disk 0 Vendor: WDC_WD1600BB-22GUA0 08.02D08 Size: 152627MB BusType: 3
16:15:12.484 Disk 0 MBR read successfully
16:15:12.484 Disk 0 MBR scan
16:15:12.484 Disk 0 unknown MBR code
16:15:14.515 Disk 0 scanning sectors +312576705
16:15:14.562 Disk 0 scanning C:\WINDOWS\system32\drivers
16:16:12.343 Service scanning
16:16:13.375 Disk 0 trace - called modules:
16:16:13.406 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:16:13.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86220ab8]
16:16:13.421 3 CLASSPNP.SYS[f7547fd7] -> nt!IofCallDriver -> \Device\0000008d[0x86225f18]
16:16:13.421 5 ACPI.sys[f743e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8623e940]
16:16:14.390 AVAST engine scan C:\WINDOWS
16:42:51.515 File: C:\WINDOWS\I386\APPS\APP29978\comps\rp\rp9codec.exe **INFECTED** Win32:Hrupka-D [Cryp]
17:02:46.812 AVAST engine scan C:\Documents and Settings\Owner
17:05:40.593 AVAST engine scan C:\Documents and Settings\All Users
17:06:40.281 Scan finished successfully
17:38:17.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat "
17:38:17.218 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt "
17:40:07.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat "
17:40:08.156 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt "

 

DDS.TXT
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by Owner at 17:51:22 on 2011-07-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.448 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Eraser\Eraser.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
J:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\lxbucoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\aswMBR.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uSearch Page = www.google.com
uWindow Title =
mWindow Title =
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe "
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - k:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} -
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} -
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Eraser] c:\progra~1\eraser\Eraser.exe -hide
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [lxbumon.exe] "c:\program files\lexmark 6200 series\lxbumon.exe "
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [EzPrint] "c:\program files\lexmark 6200 series\ezprint.exe "
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [LXBUCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBUtime.dll,_RunDLLEntry@16
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\event reminder.lnk - j:\program files\printmaster silver 17\Remind.exe
IE: E&xport to Microsoft Excel - k:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - k:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: adobe.com
Trusted Zone: aol.com
Trusted Zone: att.net
Trusted Zone: http
Trusted Zone: sbcglobal.net
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136945801983
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136946304062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - k:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - k:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} -
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\j2sdyqf3.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\opera\program\plugins\NPEvery.dll
FF - plugin: c:\program files\opera\program\plugins\NPExpFTP.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-20 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-6-27 309848]
R1 fwdrv;Tiny Personal Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2006-1-10 77312]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-27 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-7 42184]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2010-12-21 987704]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S0 SSI;SSI;c:\windows\system32\drivers\ssi.sys --> c:\windows\system32\drivers\SSI.SYS [?]
S1 GhPciScan;GhostPciScanner;\??\c:\program files\symantec\norton ghost 2003\ghpciscan.sys --> c:\program files\symantec\norton ghost 2003\ghpciscan.sys [?]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2010-12-21 399416]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2007-7-3 36224]
.
=============== Created Last 30 ================
.
2011-07-05 19:25:34 -------- d-----w- c:\documents and settings\owner\local settings\application data\Opera
2011-06-29 19:07:13 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-29 19:05:55 551936 -c----w- c:\windows\system32\dllcache\oleaut32.dll
2011-06-28 19:58:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-27 18:54:17 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll
2011-06-25 18:17:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-28 19:58:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:51:58 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51:57 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51:57 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01:21 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 17:53:03.54 ===============

 

ATTACH.TXT

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/10/2006 11:33:02 AM
System Uptime: 7/9/2011 1:36:57 PM (4 hours ago)
.
Motherboard: First International Computer, Inc. | | AU31
Processor: AMD Athlon(tm) XP 2800+ | Socket A | 2088/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 117 GiB total, 88.856 GiB free.
D: is CDROM ()
E: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 20 GiB total, 9.889 GiB free.
K: is FIXED (NTFS) - 5 GiB total, 3.669 GiB free.
L: is FIXED (NTFS) - 7 GiB total, 7.048 GiB free.
M: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce MCP Networking Controller
Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_904D1509&REV_A1\3&13C0B0C5&0&20
Manufacturer: Nvidia
Name: NVIDIA nForce MCP Networking Controller
PNP Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_904D1509&REV_A1\3&13C0B0C5&0&20
Service: NVENET
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys LNE100TX(v5) Fast Ethernet Adapter
Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_05741317&REV_11\4&3B1D9AB8&0&3840
Manufacturer: LinkSys Group Inc.
Name: Linksys LNE100TX(v5) Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_05741317&REV_11\4&3B1D9AB8&0&3840
Service: LNE100
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
ABBYY FineReader 6.0 Sprint Plus
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Shockwave Player 11.6
America Online (Choose which version to remove)
AoA Audio Extractor 1.0
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Spyware Protection
Apple Application Support
Apple Software Update
avast! Free Antivirus
CCleaner
CloneCD
ConvertXtoDVD 3.0.0.9
Digital Media Reader
DVD Shrink 3.2
DVDFab HD Decrypter 3.1.8.0
Eraser
ERUNT 1.1j
Foxit Reader
Hallmark Card Studio 2006 Deluxe
Hallmark Card Studio 2008 Deluxe
HijackThis 2.0.2
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
ImgBurn
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 26
K-Lite Codec Pack 3.8.5 Standard
Learn2 Player (Uninstall Only)
Lexmark 6200 Series
Lexmark Fax Solutions
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio Professional 2003
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
Microsoft Works
More Brain Games 1.0
Mozilla Firefox (3.6.18)
MP3 CD Converter Professional 5.03
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 6 Ultra Edition
NVIDIA Display Driver
NVIDIA Ethernet Driver
NVIDIA nForce Drivers
Opera 11.50
PartitionMagic
PowerDVD
PowerQuest PartitionMagic 8.0
PrintMaster 7.00
PrintMaster Silver 17
Pure Networks Port Magic
Quicken WillMaker Plus 2007
QuickTime
RealPlayer Basic
Revo Uninstaller 1.83
Secunia PSI (2.0.0.1003)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Serif DrawPlus 3.0
SnagIt 7
SoftV92 Data Fax Modem with SmartCP
Spybot - Search & Destroy
SpywareBlaster 4.4
SUPERAntiSpyware
swMSM
Tiny Personal Firewall 2.0.15 A (221001)
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Viewpoint Media Player
VLC media player 1.1.10
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Presentation Foundation
Windows XP Service Pack 3
WinDriversBackup
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
7/9/2011 1:45:48 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
7/9/2011 1:32:15 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/5/2011 4:19:50 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SSI
7/4/2011 4:20:05 PM, error: Service Control Manager [7034] - The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

 

broni, as requested:

ComboFix 11-07-10.03 - Owner 07/10/2011 16:41:43.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.578 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\Application Data\inst.exe
c:\documents and settings\Owner\Local Settings\~GLH0009.TMP
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\Chip.dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\sstray.exe
c:\windows\vb.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-06-10 to 2011-07-10 )))))))))))))))))))))))))))))))
.
.
2011-07-05 19:25 . 2011-07-05 19:25 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Opera
2011-07-05 19:21 . 2011-07-05 19:21 -------- d-----w- c:\documents and settings\Owner\Application Data\ImgBurn
2011-07-05 19:20 . 2011-07-05 19:20 -------- d-----w- c:\program files\ImgBurn
2011-06-29 19:07 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-29 19:05 . 2010-12-20 17:32 551936 -c----w- c:\windows\system32\dllcache\oleaut32.dll
2011-06-28 19:58 . 2011-06-28 19:58 -------- d-----w- c:\program files\Common Files\Java
2011-06-28 19:58 . 2011-06-28 19:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-27 18:54 . 2009-04-20 17:17 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll
2011-06-25 18:17 . 2011-06-25 18:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2010-07-07 19:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2009-06-28 03:35 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-03-20 18:05 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2009-06-28 03:35 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2009-06-28 03:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2009-06-28 03:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2009-06-28 03:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2009-06-28 03:35 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2009-06-28 03:35 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2009-06-28 03:35 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-28 19:58 . 2010-07-02 19:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-29 16:11 . 2008-11-06 00:14 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 16:11 . 2008-11-06 00:14 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 15:31 . 2006-01-10 19:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2006-01-10 19:21 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-01-10 19:20 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:51 . 2006-01-10 19:21 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51 . 2006-01-10 19:18 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51 . 2006-01-10 19:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51 . 2006-01-10 19:17 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2006-01-10 19:18 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2006-01-10 19:20 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser "= "c:\progra~1\Eraser\Eraser.exe" [2007-07-28 277328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2004-03-04 46080]
"SunKistEM "= "c:\program files\Digital Media Reader\shwiconem.exe" [2004-03-13 135168]
"lxbumon.exe "= "c:\program files\Lexmark 6200 Series\lxbumon.exe" [2004-08-20 188416]
"FaxCenterServer "= "c:\program files\Lexmark Fax Solutions\fm3032.exe" [2004-08-24 299008]
"EzPrint "= "c:\program files\Lexmark 6200 Series\ezprint.exe" [2004-08-24 61440]
"CloneCDTray "= "c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LXBUCATS "= "c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-08-20 65536]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Reminder.lnk - j:\program files\PrintMaster Silver 17\Remind.exe [2006-2-22 344064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ "= "c:\program files\Ahead\Nero BackItUp\NBJ.exe "
"Eraser "=c:\program files\Eraser\Eraser.exe -hide
"SUPERAntiSpyware "=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan "=SOUNDMAN.EXE
"NvCplDaemon "=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"nwiz "=nwiz.exe /install
"nForce Tray Options "=sstray.exe /r
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe "
"NeroFilterCheck "=c:\windows\system32\NeroCheck.exe
"Adobe Photo Downloader "= "j:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe "
"ClamWin "= "c:\program files\ClamWin\bin\ClamTray.exe" --logon
"UnlockerAssistant "= "c:\program files\Unlocker\UnlockerAssistant.exe "
"avgnt "= "c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" /min
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_03\bin\jusched.exe "
"GrooveMonitor "= "k:\program files\Microsoft Office\Office12\GrooveMonitor.exe "
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"c:\\WINDOWS\\system32\\lxbucoms.exe "=
"c:\\Program Files\\America Online 9.0\\waol.exe "=
"k:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Opera\\opera.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP "= 5353:UDP:Bonjour
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/20/2011 11:05 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/27/2009 8:35 PM 309848]
R1 fwdrv;Tiny Personal Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [1/10/2006 2:02 PM 77312]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/27/2009 8:35 PM 19544]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [12/21/2010 5:04 AM 987704]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [7/3/2007 6:22 PM 36224]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 1:30 AM 15544]
S0 SSI;SSI;c:\windows\system32\Drivers\SSI.SYS --> c:\windows\system32\Drivers\SSI.SYS [?]
S1 GhPciScan;GhostPciScanner;\??\c:\program files\Symantec\Norton Ghost 2003\ghpciscan.sys --> c:\program files\Symantec\Norton Ghost 2003\ghpciscan.sys [?]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [12/21/2010 5:04 AM 399416]
.
Contents of the 'Scheduled Tasks' folder
.
2010-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title =
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe "
IE: E&xport to Microsoft Excel - k:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: adobe.com
Trusted Zone: aol.com
Trusted Zone: att.net
Trusted Zone: http
Trusted Zone: sbcglobal.net
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 10.0.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\j2sdyqf3.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
SafeBoot-svcWRSSSDK
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-10 16:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(580)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-07-10 16:54:50
ComboFix-quarantined-files.txt 2011-07-10 23:54
.
Pre-Run: 95,256,817,664 bytes free
Post-Run: 95,208,521,728 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINNT= "Microsoft Windows XP Home Edition" /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=bad /safeboot:network
.
- - End Of File - - 6F9F22469B885BF65586467BF0F91A66

 

broni, I am adding the OTL files first because I have not gotten VirusTotal to work on the file.

OTL logfile created on: 7/10/2011 8:04:44 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.48 Mb Total Physical Memory | 540.59 Mb Available Physical Memory | 56.34% Memory free
1.51 Gb Paging File | 1.26 Gb Available in Paging File | 83.08% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 117.30 Gb Total Space | 88.56 Gb Free Space | 75.49% Space Free | Partition Type: NTFS
Drive J: | 19.68 Gb Total Space | 9.95 Gb Free Space | 50.55% Space Free | Partition Type: NTFS
Drive K: | 4.89 Gb Total Space | 3.68 Gb Free Space | 75.21% Space Free | Partition Type: NTFS
Drive L: | 7.15 Gb Total Space | 7.05 Gb Free Space | 98.62% Space Free | Partition Type: NTFS

Computer Name: RBI-250 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/10 19:34:33 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/07/04 04:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/12/21 05:04:30 | 000,987,704 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2009/01/29 15:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/28 14:05:00 | 000,277,328 | ---- | M] (Heidi Computers Ltd) -- C:\Program Files\Eraser\Eraser.exe
PRC - [2004/09/22 17:08:24 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2004/08/20 04:30:32 | 000,188,416 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 6200 Series\lxbumon.exE
PRC - [2004/08/18 10:36:44 | 000,450,560 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\lxbucoms.exe
PRC - [2004/04/08 16:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/03/12 19:18:54 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconEM.exe
PRC - [2001/10/22 18:57:20 | 000,421,888 | ---- | M] (Tiny Software) -- C:\Program Files\Tiny Personal Firewall\persfw.exe


========== Modules (SafeList) ==========

MOD - [2011/07/10 19:34:33 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2011/07/04 04:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (GhostStartService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- -- (AMON)
SRV - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/12/21 05:04:30 | 000,987,704 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010/12/21 05:04:30 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/01/21 17:23:51 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- K:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () [Auto | Stopped] -- J:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2004/09/22 17:08:24 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/08/18 10:36:44 | 000,450,560 | ---- | M] (Lexmark International, Inc.) [On_Demand | Running] -- C:\WINDOWS\System32\lxbucoms.exe -- (lxbu_device)
SRV - [2004/04/08 16:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2001/10/22 18:57:20 | 000,421,888 | ---- | M] (Tiny Software) [Auto | Stopped] -- C:\Program Files\Tiny Personal Firewall\persfw.exe -- (PersFw)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 04:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 04:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 04:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 04:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 04:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 04:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 04:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/01 01:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/04/07 19:35:51 | 000,084,028 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2007/02/15 17:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2004/09/23 10:44:58 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/08/03 22:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2004/06/18 19:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/18 19:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/18 19:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/03/23 15:27:20 | 000,042,936 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/03/23 15:01:38 | 000,040,564 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2003/09/03 20:51:00 | 000,312,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2003/09/03 20:51:00 | 000,036,864 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2003/08/22 05:31:52 | 000,462,940 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/08/16 23:22:16 | 000,072,771 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2003/08/15 12:16:38 | 000,404,736 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/04/16 15:21:30 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2003/03/20 19:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/01/11 20:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/08/14 16:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/10/24 17:16:10 | 000,036,224 | R--- | M] (LinkSys Group Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lne100v5.sys -- (LNE100) Linksys LNE100TX(v5)
DRV - [2001/10/22 18:54:28 | 000,077,312 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\fwdrv.sys -- (fwdrv)
DRV - [2001/08/17 06:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [2001/08/17 05:12:02 | 000,063,208 | ---- | M] (Intel Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc21x4.sys -- (DC21x4)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-4164284701-3019791684-2807634832-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4164284701-3019791684-2807634832-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.com "
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.1.2
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/01 18:46:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/05 12:14:11 | 000,000,000 | ---D | M]

[2009/06/05 23:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/12/24 19:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1lxbgr0a.cybertek\extensions
[2007/07/11 16:03:20 | 000,000,000 | ---D | M] ( "FlashGot ") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1lxbgr0a.cybertek\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2007/07/11 16:03:20 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1lxbgr0a.cybertek\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2007/04/12 17:58:10 | 000,000,000 | ---D | M] ( "CookieCuller ") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1lxbgr0a.cybertek\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2011/07/10 18:50:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j2sdyqf3.default\extensions
[2011/02/17 13:28:36 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j2sdyqf3.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011/07/03 19:05:35 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j2sdyqf3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/07/10 18:50:19 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j2sdyqf3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/07/10 18:50:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/28 12:58:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/06/28 12:58:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/07/10 16:49:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - K:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4164284701-3019791684-2807634832-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4164284701-3019791684-2807634832-1003\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-4164284701-3019791684-2807634832-1003\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 6200 Series\ezprint.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [LXBUCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.DLL (Lexmark International, Inc.)
O4 - HKLM..\Run: [lxbumon.exe] C:\Program Files\Lexmark 6200 Series\lxbumon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
O4 - HKU\S-1-5-21-4164284701-3019791684-2807634832-1003..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (Heidi Computers Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = J:\Program Files\PrintMaster Silver 17\Remind.exe (Broderbund Properties LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4164284701-3019791684-2807634832-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4164284701-3019791684-2807634832-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4164284701-3019791684-2807634832-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4164284701-3019791684-2807634832-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - K:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-4164284701-3019791684-2807634832-1003\..Trusted Domains: adobe.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-4164284701-3019791684-2807634832-1003\..Trusted Domains: aol.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-4164284701-3019791684-2807634832-1003\..Trusted Domains: att.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4164284701-3019791684-2807634832-1003\..Trusted Domains: att.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-4164284701-3019791684-2807634832-1003\..Trusted Domains: att.net ([]https in Trusted sites)
O15 - HKU\S-1-5-21-4164284701-3019791684-2807634832-1003\..Trusted Domains: http ([]https in Trusted sites)
O15 - HKU\S-1-5-21-4164284701-3019791684-2807634832-1003\..Trusted Domains: sbcglobal.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4164284701-3019791684-2807634832-1003\..Trusted Domains: sbcglobal.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-4164284701-3019791684-2807634832-1003\..Trusted Domains: sbcglobal.net ([]https in Trusted sites)
O15 - HKU\S-1-5-21-4164284701-3019791684-2807634832-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136945801983 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136946304062 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - K:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - K:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/27 15:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/10 19:34:14 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/07/10 17:02:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/10 16:39:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/10 16:35:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/10 16:35:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/10 16:35:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/10 16:35:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/10 16:35:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/10 16:27:16 | 004,138,980 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/07/09 19:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\BBS
[2011/07/09 09:56:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/07/05 20:23:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Disabled Startup Items
[2011/07/05 20:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/07/05 20:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\PUERTO RICO 2011
[2011/07/05 20:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\LITO
[2011/07/05 12:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Opera
[2011/07/05 12:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2011/07/05 12:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/07/05 12:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/07/05 12:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2011/06/28 12:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/25 14:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlySoft
[2007/07/09 17:28:31 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/07/10 19:34:33 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/07/10 19:09:09 | 001,698,403 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IMG_1360_edited.jpg
[2011/07/10 18:58:17 | 000,158,208 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/10 16:49:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/10 16:39:56 | 000,000,364 | RHS- | M] () -- C:\boot.ini
[2011/07/10 16:28:04 | 004,138,980 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/07/10 16:15:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/09 19:33:46 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\default.ers
[2011/07/09 10:19:54 | 003,822,877 | R--- | M] () -- C:\Documents and Settings\Owner\My Documents\My Money Backup.mbf
[2011/07/09 10:19:54 | 003,821,568 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Money.mny
[2011/07/09 08:29:38 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/07 14:27:32 | 000,439,643 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110707-142816.backup
[2011/07/07 14:27:05 | 000,439,643 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110707-142732.backup
[2011/07/07 14:26:38 | 000,439,643 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110707-142705.backup
[2011/07/07 12:23:15 | 000,031,660 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2011/07/07 12:09:00 | 000,057,831 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\shexview.zip
[2011/07/07 11:55:00 | 000,000,166 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/07/05 20:13:15 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/07/05 12:27:56 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/07/05 12:27:56 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/07/05 12:20:11 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/07/05 12:20:11 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/07/05 12:17:07 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/07/04 04:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 04:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 04:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 04:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 04:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 04:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 04:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 04:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 04:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 04:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/01 15:56:40 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/30 14:22:46 | 000,439,445 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110707-142638.backup
[2011/06/28 12:42:13 | 000,761,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/26 20:10:19 | 000,439,269 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110630-142246.backup
[2011/06/26 19:24:13 | 000,528,896 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\June_11.cal
[2011/06/25 23:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/25 14:02:26 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CloneCD.lnk
[2011/06/25 13:59:55 | 002,734,688 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SetupCloneCD5314.exe
[2011/06/24 08:06:34 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/23 14:59:09 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/18 23:43:30 | 002,041,231 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IMG_1360.JPG

========== Files Created - No Company Name ==========

[2011/07/10 19:09:09 | 001,698,403 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IMG_1360_edited.jpg
[2011/07/10 16:39:56 | 000,000,247 | ---- | C] () -- C:\Boot.bak
[2011/07/10 16:39:54 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/10 16:35:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/10 16:35:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/10 16:35:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/10 16:35:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/10 16:35:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/07 12:09:00 | 000,057,831 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\shexview.zip
[2011/07/05 20:07:35 | 002,041,231 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IMG_1360.JPG
[2011/07/05 20:07:35 | 001,991,157 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IMG_1101.JPG
[2011/07/05 12:27:56 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/07/05 12:27:56 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/07/05 12:27:56 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/07/05 12:20:11 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/07/05 12:20:11 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/07/05 12:17:07 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/06/26 19:08:52 | 000,528,896 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\June_11.cal
[2011/06/25 14:02:26 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CloneCD.lnk
[2011/06/25 14:02:08 | 002,734,688 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SetupCloneCD5314.exe
[2010/11/11 15:44:44 | 000,000,106 | ---- | C] () -- C:\WINDOWS\Pmw.INI
[2010/07/28 17:11:29 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/04/05 16:32:29 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2008/04/04 10:24:06 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/03/03 16:50:08 | 000,000,028 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/03/02 20:20:29 | 000,000,445 | ---- | C] () -- C:\WINDOWS\EntPack.dat
[2008/03/02 11:57:23 | 000,000,135 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2008/02/04 15:29:52 | 007,586,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2007/10/21 16:15:38 | 000,000,424 | ---- | C] () -- C:\WINDOWS\dssar.ini
[2007/09/07 16:33:50 | 000,000,166 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/08/11 15:34:06 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/07/29 19:08:24 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2007/07/09 17:28:31 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2007/07/09 17:28:31 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2007/06/28 15:33:32 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/06/17 18:44:22 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2006/10/21 12:43:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/08/25 12:56:05 | 000,000,081 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2006/08/24 17:52:40 | 000,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2006/08/09 20:19:33 | 000,000,198 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
[2006/06/10 18:50:54 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/06/10 18:50:54 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/04/26 14:10:54 | 000,000,056 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2006/04/17 15:20:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/08 20:33:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dm.ini
[2006/03/03 18:32:30 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/06 19:36:55 | 000,158,208 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/10 14:02:10 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwdrv.sys
[2006/01/10 13:30:40 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/01/10 13:30:26 | 000,004,436 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/01/10 13:13:24 | 000,031,660 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2006/01/10 12:39:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2006/01/10 12:39:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2006/01/10 12:36:39 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbuvs.dll
[2006/01/10 12:21:11 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/01/10 12:20:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/01/10 12:20:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/01/10 12:20:50 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/01/10 12:20:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/01/10 12:20:36 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/01/10 12:20:02 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/01/10 12:20:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/01/10 12:18:39 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/01/10 12:17:27 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/09/29 08:20:20 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2004/09/23 10:42:54 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/09/23 09:40:57 | 000,018,253 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2004/09/22 17:08:25 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe
[2004/08/27 15:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/27 15:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/27 13:12:43 | 000,001,244 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/27 13:12:43 | 000,000,462 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/27 13:12:10 | 000,442,240 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/27 13:12:10 | 000,071,540 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/27 07:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/27 07:54:01 | 000,761,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/06/11 11:49:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/11 10:22:33 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL

========== LOP Check ==========

[2006/08/25 13:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/07/07 12:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/12/12 11:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2006/06/22 14:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/10/20 13:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2006/06/21 20:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/11/24 12:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/06/22 15:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2007/09/07 16:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/11/24 12:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2011/07/09 08:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2004/09/25 15:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/03 10:24:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1}
[2006/08/24 18:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ACD Systems
[2010/07/26 18:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Freezetag
[2010/10/19 13:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GrabPro
[2008/06/17 20:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Hallmark
[2011/07/05 12:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2010/09/06 18:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2011/07/05 12:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2011/07/07 12:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Orbit
[2010/10/19 13:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ProgSense
[2006/01/10 13:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/10/20 13:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2007/06/20 13:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\URSoft
[2011/03/20 23:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/06/21 20:07:37 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2004/08/27 15:04:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/26 21:55:50 | 000,000,247 | ---- | M] () -- C:\Boot.bak
[2011/07/10 16:39:56 | 000,000,364 | RHS- | M] () -- C:\boot.ini
[2007/02/01 11:03:36 | 000,000,180 | -H-- | M] () -- C:\boot.ini.SAB
[2006/02/22 19:59:38 | 000,004,986 | R--- | M] () -- C:\CLDMA.LOG
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/07/10 16:54:52 | 000,011,909 | ---- | M] () -- C:\ComboFix.txt
[2004/08/27 15:04:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/08/27 15:04:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/09/23 10:46:31 | 000,000,825 | -H-- | M] () -- C:\IPH.PH
[2011/06/27 11:08:55 | 000,009,186 | ---- | M] () -- C:\lxbu.log
[2011/07/10 16:16:03 | 000,057,513 | ---- | M] () -- C:\lxbuscan.log
[2010/07/01 14:23:45 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/27 15:04:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/05 16:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/07/26 21:40:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/10 16:15:50 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/04 12:00:00 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/14 17:43:18 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004/08/18 04:37:48 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxbuPP5C.DLL
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2007/03/22 21:25:42 | 000,677,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/07/04 04:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/27 07:53:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/27 07:53:18 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/27 07:53:18 | 000,864,256 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/07/26 21:43:30 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2004/08/27 15:09:50 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/27 15:09:49 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/07/10 16:28:04 | 004,138,980 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2007/02/16 18:13:49 | 001,475,376 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\GenuineCheck.exe
[2010/11/11 16:34:12 | 000,201,728 | ---- | M] (Freebyte.com) -- C:\Documents and Settings\Owner\Desktop\hjsplit.exe
[2007/09/03 14:34:38 | 000,217,088 | ---- | M] (J.C. Kessels) -- C:\Documents and Settings\Owner\Desktop\JkDefrag.exe
[2007/05/24 23:43:32 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Md5Check.exe
[2011/07/10 19:34:33 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/25 13:59:55 | 002,734,688 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SetupCloneCD5314.exe
[2009/07/12 15:57:04 | 000,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2004/03/28 19:46:44 | 001,340,416 | ---- | M] (Gabest) -- C:\Documents and Settings\Owner\Desktop\Videocapture.exe
[2007/02/16 18:11:34 | 000,878,896 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\WGAPluginInstall.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2004/08/27 15:09:49 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/07/10 18:50:33 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Owner\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2005/01/28 13:44:28 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/05 12:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/05 12:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 05:42:30 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/05 12:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/05 12:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/05 12:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/05 12:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/05 12:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[2002/08/14 16:03:38 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\WOWPOST.EXE

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4252FE0
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80337C03
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE

< End of report >

 

OTL Extras logfile created on: 7/10/2011 8:04:44 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.48 Mb Total Physical Memory | 540.59 Mb Available Physical Memory | 56.34% Memory free
1.51 Gb Paging File | 1.26 Gb Available in Paging File | 83.08% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 117.30 Gb Total Space | 88.56 Gb Free Space | 75.49% Space Free | Partition Type: NTFS
Drive J: | 19.68 Gb Total Space | 9.95 Gb Free Space | 50.55% Space Free | Partition Type: NTFS
Drive K: | 4.89 Gb Total Space | 3.68 Gb Free Space | 75.21% Space Free | Partition Type: NTFS
Drive L: | 7.15 Gb Total Space | 7.05 Gb Free Space | 98.62% Space Free | Partition Type: NTFS

Computer Name: RBI-250 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-4164284701-3019791684-2807634832-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\WINDOWS\system32\lxbucoms.exe" = C:\WINDOWS\system32\lxbucoms.exe:*isabled:6200 Series Server -- (Lexmark International, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"K:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = K:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B901CB2-9DAF-43FC-BDD2-4149AF19381C}" = Hallmark Card Studio 2006 Deluxe
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{747A6A10-DA58-48C2-A1F0-C15514419C8A}" = Hallmark Card Studio 2008 Deluxe
"{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.9
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC4D65B6-F6A2-4FDC-9436-0C29DE29C457}" = PrintMaster Silver 17
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint Plus
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C713C8B5-F0E1-401D-AE9B-3AB0E180D626}" = WinDriversBackup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{ED5AF20A-7155-11D4-AAB3-204C4F4F5020}" = Tiny Personal Firewall 2.0.15 A (221001)
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"America Online us" = America Online (Choose which version to remove)
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab HD Decrypter_is1" = DVDFab HD Decrypter 3.1.8.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eraser" = Eraser
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.8.5 Standard
"Lexmark 6200 Series" = Lexmark 6200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"More Brain Games" = More Brain Games 1.0
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MP3 CD Converter Professional" = MP3 CD Converter Professional 5.03
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Ethernet Driver" = NVIDIA Ethernet Driver
"NVIDIA nForce Drivers" = NVIDIA nForce Drivers
"Opera 11.50.1074" = Opera 11.50
"Port Magic" = Pure Networks Port Magic
"PrintMaster 7.00" = PrintMaster 7.00
"Quicken WillMaker Plus 2007" = Quicken WillMaker Plus 2007
"RealPlayer 6.0" = RealPlayer Basic
"Revo Uninstaller" = Revo Uninstaller 1.83
"Secunia PSI" = Secunia PSI (2.0.0.1003)
"Serif DrawPlus 3.0" = Serif DrawPlus 3.0
"SnagIt7" = SnagIt 7
"SpywareBlaster_is1" = SpywareBlaster 4.4
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Unlocker" = Unlocker 1.8.7
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.10
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 12/2/2009 10:55:48 PM | Computer Name = RBI-250 | Source = avast! | ID = 33554522
Description =

Error - 12/2/2009 10:55:48 PM | Computer Name = RBI-250 | Source = avast! | ID = 33554522
Description =

Error - 12/3/2009 1:25:08 PM | Computer Name = RBI-250 | Source = avast! | ID = 33554522
Description =

Error - 12/3/2009 1:25:08 PM | Computer Name = RBI-250 | Source = avast! | ID = 33554522
Description =

Error - 12/3/2009 1:25:08 PM | Computer Name = RBI-250 | Source = avast! | ID = 33554522
Description =

Error - 12/3/2009 1:25:08 PM | Computer Name = RBI-250 | Source = avast! | ID = 33554522
Description =

Error - 12/14/2009 9:23:47 PM | Computer Name = RBI-250 | Source = avast! | ID = 33554522
Description =

Error - 12/14/2009 9:23:47 PM | Computer Name = RBI-250 | Source = avast! | ID = 33554522
Description =

Error - 12/21/2009 11:10:47 PM | Computer Name = RBI-250 | Source = avast! | ID = 33554522
Description =

Error - 1/9/2010 3:52:11 PM | Computer Name = RBI-250 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 7/5/2011 3:15:32 PM | Computer Name = RBI-250 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/5/2011 3:15:32 PM | Computer Name = RBI-250 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/5/2011 3:15:32 PM | Computer Name = RBI-250 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/5/2011 6:04:04 PM | Computer Name = RBI-250 | Source = Application Hang | ID = 1002
Description = Hanging application psi.exe, version 2.0.0.1003, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/6/2011 10:52:30 PM | Computer Name = RBI-250 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module avisplitter.ax, version 1.0.0.9, fault address 0x00023048.

Error - 7/6/2011 10:53:08 PM | Computer Name = RBI-250 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module avisplitter.ax, version 1.0.0.9, fault address 0x00023048.

Error - 7/6/2011 10:53:42 PM | Computer Name = RBI-250 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module avisplitter.ax, version 1.0.0.9, fault address 0x00023048.

Error - 7/8/2011 10:16:44 AM | Computer Name = RBI-250 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module avisplitter.ax, version 1.0.0.9, fault address 0x00023048.

Error - 7/8/2011 4:29:44 PM | Computer Name = RBI-250 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module avisplitter.ax, version 1.0.0.9, fault address 0x00023048.

Error - 7/8/2011 9:25:10 PM | Computer Name = RBI-250 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module avisplitter.ax, version 1.0.0.9, fault address 0x00023048.

[ OSession Events ]
Error - 8/21/2010 10:00:36 PM | Computer Name = RBI-250 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 2030
seconds with 720 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/9/2011 4:32:15 PM | Computer Name = RBI-250 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/9/2011 4:32:15 PM | Computer Name = RBI-250 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 7/9/2011 4:38:20 PM | Computer Name = RBI-250 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SSI

Error - 7/9/2011 4:45:48 PM | Computer Name = RBI-250 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 7/9/2011 4:48:26 PM | Computer Name = RBI-250 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 7/9/2011 6:12:58 PM | Computer Name = RBI-250 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 7/9/2011 6:14:09 PM | Computer Name = RBI-250 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 7/9/2011 6:16:52 PM | Computer Name = RBI-250 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 7/10/2011 7:16:54 PM | Computer Name = RBI-250 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SSI

Error - 7/10/2011 7:41:27 PM | Computer Name = RBI-250 | Source = Service Control Manager | ID = 7034
Description = The Adobe Active File Monitor V4 service terminated unexpectedly.
It has done this 1 time(s).


< End of report >

 

There was a long wait and nothing was happening. I finally got the following:

File name:
rp9codec.exe
Submission date:
2011-07-11 03:08:32 (UTC)
Current status:
queued (#49) queued (#15) analysing finished
Result:
0/ 43 (0.0%)

eSafe 7.0.17.0 2011.07.07 -
eTrust-Vet 36.1.8434 2011.07.08 -
F-Prot 4.6.2.117 2011.07.10 -
F-Secure 9.0.16440.0 2011.07.11 -
Fortinet 4.2.257.0 2011.07.11 -
GData 22 2011.07.11 -
Ikarus T3.1.1.104.0 2011.07.11 -
Jiangmin 13.0.900 2011.07.10 -
K7AntiVirus 9.108.4891 2011.07.10 -
Kaspersky 9.0.0.837 2011.07.11 -
McAfee 5.400.0.1158 2011.07.11 -
McAfee-GW-Edition 2010.1D 2011.07.11 -
Microsoft 1.7000 2011.07.10 -
NOD32 6282 2011.07.11 -
Norman 6.07.10 2011.07.10 -
nProtect 2011-07-10.01 2011.07.10 -
Panda 10.0.3.5 2011.07.10 -
PCTools 8.0.0.5 2011.07.08 -
Prevx 3.0 2011.07.11 -
Rising 23.65.04.03 2011.07.08 -
Sophos 4.67.0 2011.07.11 -
SUPERAntiSpyware 4.40.0.1006 2011.07.11 -
Symantec 20111.1.0.186 2011.07.11 -
TheHacker 6.7.0.1.252 2011.07.11 -
TrendMicro 9.200.0.1012 2011.07.10 -
TrendMicro-HouseCall 9.200.0.1012 2011.07.11 -
VBA32 3.12.16.4 2011.07.08 -
VIPRE 9831 2011.07.11 -
ViRobot 2011.7.11.4561 2011.07.11 -
VirusBuster 14.0.117.0 2011.07.10 -
Additional information
Show all
MD5 : 97b51ffdc795ab2a268d40c66ee858b8
SHA1 : 2d7a3778b0470bef457320c688c92a8958646725
SHA256: 70a9793d2584dca3fc0f86555a0865a0ed42c94654ef56ef32bfc7ab9bc04fdb

 

All processes killed
========== OTL ==========
Service GhostStartService stopped successfully!
Service GhostStartService deleted successfully!
Service AMON stopped successfully!
Service AMON deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4164284701-3019791684-2807634832-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-4164284701-3019791684-2807634832-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_USERS\S-1-5-21-4164284701-3019791684-2807634832-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Registry key HKEY_USERS\S-1-5-21-4164284701-3019791684-2807634832-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adobe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-4164284701-3019791684-2807634832-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-4164284701-3019791684-2807634832-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\att.net\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-4164284701-3019791684-2807634832-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\att.net\ not found.
Registry key HKEY_USERS\S-1-5-21-4164284701-3019791684-2807634832-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\att.net\ not found.
Registry key HKEY_USERS\S-1-5-21-4164284701-3019791684-2807634832-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\http\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-4164284701-3019791684-2807634832-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sbcglobal.net\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-4164284701-3019791684-2807634832-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sbcglobal.net\ not found.
Registry key HKEY_USERS\S-1-5-21-4164284701-3019791684-2807634832-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sbcglobal.net\ not found.
Registry key HKEY_USERS\S-1-5-21-4164284701-3019791684-2807634832-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Uniblue folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C4252FE0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:80337C03 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 348 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Owner
->Temp folder emptied: 18081 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 29406331 bytes
->Flash cache emptied: 2794 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 11111689 bytes

Total Files Cleaned = 39.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 07112011_120109

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_81c.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

 

Here's the Security Check Log:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
Tiny Personal Firewall 2.0.15 A (221001)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Mozilla Firefox (3.6.18)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Kerio Personal Firewall persfw.exe
Alwil Software Avast5 AvastSvc.exe
``````````End of Log````````````

 

ESET Online Scanner found No Threats.

With running all the programs, I now find that I no longer have Avast available when I select a document and right-click for Avast scan. I had enabled all the items that I disabled in shelxview.

Any suggestions on how I can get the right-click Avast Scan back?