1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Terrys reports Part 2 GMER pt 1

Discussion in 'Malware and Virus Removal Archive' started by Howattee, 2010/12/07.

Page 1 of 2
  1. 2010/12/07
    Howattee Lifetime Subscription

    Howattee Well-Known Member Thread Starter

    Joined:
    2010/02/10
    Messages:
    146
    Likes Received:
    1
    [Resolved] Terrys reports Part 2 GMER pt 1

    Hi,
    This is the reports I have run on request from Arie on http://www.windowsbbs.com/windows-xp/96513-system-crashes-bsod-x-5-sp3.html

    I have to upload this split into 3 as it is 156502 chars long in total!

    1 - I have Panda GP 2010 installed. I ran a full scan and it picked up the spyware - serving-sys & deleted it.

    2 - Ran TFC.exe - removed 1266Mb - mainly temp internet files.

    3 - Mbam report:

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5261

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    07/12/2010 14:26:24
    mbam-log-2010-12-07 (14-26-24).txt

    Scan type: Quick scan
    Objects scanned: 130594
    Time elapsed: 1 minute(s), 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)​
     
    Howattee,
    #1
  2. 2010/12/07
    Howattee Lifetime Subscription

    Howattee Well-Known Member Thread Starter

    Joined:
    2010/02/10
    Messages:
    146
    Likes Received:
    1
    Terrys reports Part 2 GMER pt 1

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-07 14:45:12
    Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-1b ST3500418AS rev.CC38
    Running: GMER.exe; Driver: C:\DOCUME~1\Terry\LOCALS~1\Temp\pwdoapod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Protection driver/Panda Security, S.L.) ZwTerminateProcess [0xA8E954E8]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2FE8 80504884 4 Bytes CALL FCF931DD
    .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9356000, 0x22F0B7, 0xE8000020]
    ? C:\WINDOWS\system32\PavTPK.sys The system cannot find the file specified. !
    ? C:\WINDOWS\system32\PavSRK.sys The system cannot find the file specified. !
    ? system32\drivers\av5flt.sys The system cannot find the path specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [65, 5F]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [86, 5F]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [68, 5F]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [89, 5F]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [6B, 5F]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [71, 5F] {JNO 0x61}
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [74, 5F] {JZ 0x61}
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [77, 5F] {JA 0x61}
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [9E, 5F] {SAHF ; POP EDI}
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [8C, 5F]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [7A, 5F] {JP 0x61}
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [7D, 5F] {JGE 0x61}
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [8F, 5F]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtSetContextThread 7C90DBAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtSetContextThread + 4 7C90DBB2 2 Bytes [9B, 5F] {WAIT ; POP EDI}
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 5F] {XCHG EDX, EAX; POP EDI}
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [80, 5F]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [83, 5F]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 5F] {XCHG EBP, EAX; POP EDI}
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [98, 5F] {CWDE ; POP EDI}
    .text C:\WINDOWS\Explorer.EXE[280] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F520F5A
    .text C:\WINDOWS\Explorer.EXE[280] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F5B0F5A
    .text C:\WINDOWS\Explorer.EXE[280] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F550F5A
    .text C:\WINDOWS\Explorer.EXE[280] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [5F, 5F] {POP EDI; POP EDI}
    .text C:\WINDOWS\Explorer.EXE[280] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [62, 5F]
    .text C:\WINDOWS\Explorer.EXE[280] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F580F5A
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F310F5A
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F430F5A
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F460F5A
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F490F5A
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!ControlService 77DF4A09 6 Bytes JMP 5F340F5A
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F400F5A
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F4C0F5A
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F4F0F5A
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F250F5A
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F280F5A
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F2B0F5A
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [2F, 5F] {DAS ; POP EDI}
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F370F5A
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F3A0F5A
    .text C:\WINDOWS\Explorer.EXE[280] ADVAPI32.dll!DeleteService 77E374B1 6 Bytes JMP 5F3D0F5A
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FD00F5A
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5FAF0F5A
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5FC10F5A
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5FAC0F5A
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [CB, 5F] {RETF ; POP EDI}
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FCD0F5A
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5FBB0F5A
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5FB20F5A
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5FC40F5A
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5FA90F5A
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [B9, 5F]
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!SetClipboardData 7E430F9E 6 Bytes JMP 5FD30F5A
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5FA60F5A
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5FC70F5A
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [B6, 5F] {MOV DH, 0x5f}
    .text C:\WINDOWS\Explorer.EXE[280] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5FBE0F5A
    .text C:\WINDOWS\Explorer.EXE[280] ole32.dll!CLSIDFromProgID 77518322 6 Bytes JMP 5FA30F5A
    .text C:\WINDOWS\Explorer.EXE[280] ole32.dll!CLSIDFromProgIDEx 77556235 6 Bytes JMP 5FA00F5A
    .text C:\WINDOWS\Explorer.EXE[280] WS2_32.dll!sendto 71AB2F51 6 Bytes JMP 5F100F5A
    .text C:\WINDOWS\Explorer.EXE[280] WS2_32.dll!recvfrom 71AB2FF7 6 Bytes JMP 5F0A0F5A
    .text C:\WINDOWS\Explorer.EXE[280] WS2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 5F220F5A
    .text C:\WINDOWS\Explorer.EXE[280] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 5F040F5A
    .text C:\WINDOWS\Explorer.EXE[280] WS2_32.dll!send 71AB4C27 6 Bytes JMP 5F0D0F5A
    .text C:\WINDOWS\Explorer.EXE[280] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 5F160F5A
    .text C:\WINDOWS\Explorer.EXE[280] WS2_32.dll!recv 71AB676F 6 Bytes JMP 5F070F5A
    .text C:\WINDOWS\Explorer.EXE[280] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 5F1C0F5A
    .text C:\WINDOWS\Explorer.EXE[280] WS2_32.dll!WSARecvFrom 71ABF66A 6 Bytes JMP 5F190F5A
    .text C:\WINDOWS\Explorer.EXE[280] WS2_32.dll!WSASendTo 71AC0AAD 6 Bytes JMP 5F1F0F5A
    .text C:\WINDOWS\Explorer.EXE[280] WS2_32.dll!WSAConnect 71AC0C81 6 Bytes JMP 5F130F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [44, 5F] {INC ESP; POP EDI}
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [65, 5F]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [47, 5F] {INC EDI; POP EDI}
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [68, 5F]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [7D, 5F] {JGE 0x61}
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [6B, 5F]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [59, 5F] {POP ECX; POP EDI}
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [5C, 5F] {POP ESP; POP EDI}
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtSetContextThread 7C90DBAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtSetContextThread + 4 7C90DBB2 2 Bytes [7A, 5F] {JP 0x61}
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [71, 5F] {JNO 0x61}
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [62, 5F]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [74, 5F] {JZ 0x61}
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [77, 5F] {JA 0x61}
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3A0F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [3E, 5F]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI}
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FB50F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5FA60F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] USER32.dll!CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] USER32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [B0, 5F] {MOV AL, 0x5f}
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FB20F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5FA00F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F970F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5FA90F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] USER32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5F8E0F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] USER32.dll!SetClipboardData 7E430F9E 6 Bytes JMP 5FB80F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F8B0F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5FAC0F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] USER32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] USER32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5FA30F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F100F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ADVAPI32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F220F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ADVAPI32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F250F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ADVAPI32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F280F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ADVAPI32.dll!ControlService 77DF4A09 6 Bytes JMP 5F130F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ADVAPI32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F1F0F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ADVAPI32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F2B0F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F2E0F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F040F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ADVAPI32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F070F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F160F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F190F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ADVAPI32.dll!DeleteService 77E374B1 6 Bytes JMP 5F1C0F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ole32.dll!CoCreateInstanceEx 774FF154 6 Bytes JMP 5F880F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ole32.dll!CoGetClassObject 775151F5 6 Bytes JMP 5F850F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ole32.dll!CLSIDFromProgID 77518322 6 Bytes JMP 5F820F5A
    .text C:\Program Files\Toolkit\PCPitstopScheduleService.exe[360] ole32.dll!CLSIDFromProgIDEx 77556235 6 Bytes JMP 5F7F0F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [44, 5F] {INC ESP; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [65, 5F]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [47, 5F] {INC EDI; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [68, 5F]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [7D, 5F] {JGE 0x61}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [6B, 5F]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [59, 5F] {POP ECX; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [5C, 5F] {POP ESP; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtSetContextThread 7C90DBAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtSetContextThread + 4 7C90DBB2 2 Bytes [7A, 5F] {JP 0x61}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [71, 5F] {JNO 0x61}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [62, 5F]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [74, 5F] {JZ 0x61}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [77, 5F] {JA 0x61}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3A0F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [3E, 5F]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F100F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ADVAPI32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F220F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ADVAPI32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F250F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ADVAPI32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F280F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ADVAPI32.dll!ControlService 77DF4A09 6 Bytes JMP 5F130F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ADVAPI32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F1F0F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ADVAPI32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F2B0F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F2E0F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F040F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ADVAPI32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F070F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F160F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F190F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ADVAPI32.dll!DeleteService 77E374B1 6 Bytes JMP 5F1C0F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FB50F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5FA60F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] USER32.dll!
     
    Howattee,
    #2


  3. to hide this advert.

  4. 2010/12/07
    Howattee Lifetime Subscription

    Howattee Well-Known Member Thread Starter

    Joined:
    2010/02/10
    Messages:
    146
    Likes Received:
    1
    GMER part 2

    CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] USER32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [B0, 5F] {MOV AL, 0x5f}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FB20F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5FA00F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F970F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5FA90F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] USER32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5F8E0F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] USER32.dll!SetClipboardData 7E430F9E 6 Bytes JMP 5FB80F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F8B0F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5FAC0F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] USER32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] USER32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5FA30F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ole32.dll!CoCreateInstanceEx 774FF154 6 Bytes JMP 5F880F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ole32.dll!CoGetClassObject 775151F5 6 Bytes JMP 5F850F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ole32.dll!CLSIDFromProgID 77518322 6 Bytes JMP 5F820F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[656] ole32.dll!CLSIDFromProgIDEx 77556235 6 Bytes JMP 5F7F0F5A
    .text C:\Program Files\Toolkit\Fighters\SPAMfighter\sfus.exe[1004] WS2_32.dll!sendto 71AB2F51 6 Bytes JMP 5F100F5A
    .text C:\Program Files\Toolkit\Fighters\SPAMfighter\sfus.exe[1004] WS2_32.dll!recvfrom 71AB2FF7 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\Toolkit\Fighters\SPAMfighter\sfus.exe[1004] WS2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 5F220F5A
    .text C:\Program Files\Toolkit\Fighters\SPAMfighter\sfus.exe[1004] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 5F040F5A
    .text C:\Program Files\Toolkit\Fighters\SPAMfighter\sfus.exe[1004] WS2_32.dll!send 71AB4C27 6 Bytes JMP 5F0D0F5A
    .text C:\Program Files\Toolkit\Fighters\SPAMfighter\sfus.exe[1004] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 5F160F5A
    .text C:\Program Files\Toolkit\Fighters\SPAMfighter\sfus.exe[1004] WS2_32.dll!recv 71AB676F 6 Bytes JMP 5F070F5A
    .text C:\Program Files\Toolkit\Fighters\SPAMfighter\sfus.exe[1004] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 5F1C0F5A
    .text C:\Program Files\Toolkit\Fighters\SPAMfighter\sfus.exe[1004] WS2_32.dll!WSARecvFrom 71ABF66A 6 Bytes JMP 5F190F5A
    .text C:\Program Files\Toolkit\Fighters\SPAMfighter\sfus.exe[1004] WS2_32.dll!WSASendTo 71AC0AAD 6 Bytes JMP 5F1F0F5A
    .text C:\Program Files\Toolkit\Fighters\SPAMfighter\sfus.exe[1004] WS2_32.dll!WSAConnect 71AC0C81 6 Bytes JMP 5F130F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [44, 5F] {INC ESP; POP EDI}
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [65, 5F]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [47, 5F] {INC EDI; POP EDI}
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [68, 5F]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [7D, 5F] {JGE 0x61}
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [6B, 5F]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [59, 5F] {POP ECX; POP EDI}
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [5C, 5F] {POP ESP; POP EDI}
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtSetContextThread 7C90DBAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtSetContextThread + 4 7C90DBB2 2 Bytes [7A, 5F] {JP 0x61}
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [71, 5F] {JNO 0x61}
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [62, 5F]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [74, 5F] {JZ 0x61}
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [77, 5F] {JA 0x61}
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3A0F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [3E, 5F]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI}
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F100F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ADVAPI32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F220F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ADVAPI32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F250F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ADVAPI32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F280F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ADVAPI32.dll!ControlService 77DF4A09 6 Bytes JMP 5F130F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ADVAPI32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F1F0F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ADVAPI32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F2B0F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F2E0F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F040F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ADVAPI32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F070F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F160F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F190F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ADVAPI32.dll!DeleteService 77E374B1 6 Bytes JMP 5F1C0F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FB50F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5FA60F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] USER32.dll!CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] USER32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [B0, 5F] {MOV AL, 0x5f}
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FB20F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5FA00F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F970F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5FA90F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] USER32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5F8E0F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] USER32.dll!SetClipboardData 7E430F9E 6 Bytes JMP 5FB80F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F8B0F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5FAC0F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] USER32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] USER32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5FA30F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ole32.dll!CoCreateInstanceEx 774FF154 6 Bytes JMP 5F880F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ole32.dll!CoGetClassObject 775151F5 6 Bytes JMP 5F850F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ole32.dll!CLSIDFromProgID 77518322 6 Bytes JMP 5F820F5A
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[1300] ole32.dll!CLSIDFromProgIDEx 77556235 6 Bytes JMP 5F7F0F5A
    .text C:\Program Files\Fighters\FighterSuiteService.exe[1744] WS2_32.dll!sendto 71AB2F51 6 Bytes JMP 5F100F5A
    .text C:\Program Files\Fighters\FighterSuiteService.exe[1744] WS2_32.dll!recvfrom 71AB2FF7 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\Fighters\FighterSuiteService.exe[1744] WS2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 5F220F5A
    .text C:\Program Files\Fighters\FighterSuiteService.exe[1744] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 5F040F5A
    .text C:\Program Files\Fighters\FighterSuiteService.exe[1744] WS2_32.dll!send 71AB4C27 6 Bytes JMP 5F0D0F5A
    .text C:\Program Files\Fighters\FighterSuiteService.exe[1744] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 5F160F5A
    .text C:\Program Files\Fighters\FighterSuiteService.exe[1744] WS2_32.dll!recv 71AB676F 6 Bytes JMP 5F070F5A
    .text C:\Program Files\Fighters\FighterSuiteService.exe[1744] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 5F1C0F5A
    .text C:\Program Files\Fighters\FighterSuiteService.exe[1744] WS2_32.dll!WSARecvFrom 71ABF66A 6 Bytes JMP 5F190F5A
    .text C:\Program Files\Fighters\FighterSuiteService.exe[1744] WS2_32.dll!WSASendTo 71AC0AAD 6 Bytes JMP 5F1F0F5A
    .text C:\Program Files\Fighters\FighterSuiteService.exe[1744] WS2_32.dll!WSAConnect 71AC0C81 6 Bytes JMP 5F130F5A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1952] WS2_32.dll!sendto 71AB2F51 6 Bytes JMP 5F100F5A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1952] WS2_32.dll!recvfrom 71AB2FF7 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1952] WS2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 5F220F5A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1952] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 5F040F5A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1952] WS2_32.dll!send 71AB4C27 6 Bytes JMP 5F0D0F5A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1952] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 5F160F5A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1952] WS2_32.dll!recv 71AB676F 6 Bytes JMP 5F070F5A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1952] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 5F1C0F5A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1952] WS2_32.dll!WSARecvFrom 71ABF66A 6 Bytes JMP 5F190F5A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1952] WS2_32.dll!WSASendTo 71AC0AAD 6 Bytes JMP 5F1F0F5A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1952] WS2_32.dll!WSAConnect 71AC0C81 6 Bytes JMP 5F130F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [44, 5F] {INC ESP; POP EDI}
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [65, 5F]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [47, 5F] {INC EDI; POP EDI}
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [68, 5F]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [7D, 5F] {JGE 0x61}
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [6B, 5F]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [59, 5F] {POP ECX; POP EDI}
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [5C, 5F] {POP ESP; POP EDI}
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtSetContextThread 7C90DBAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtSetContextThread + 4 7C90DBB2 2 Bytes [7A, 5F] {JP 0x61}
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [71, 5F] {JNO 0x61}
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [62, 5F]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [74, 5F] {JZ 0x61}
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [77, 5F] {JA 0x61}
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3A0F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [3E, 5F]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI}
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FB50F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5FA60F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] USER32.dll!CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] USER32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [B0, 5F] {MOV AL, 0x5f}
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FB20F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5FA00F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F970F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5FA90F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] USER32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5F8E0F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] USER32.dll!SetClipboardData 7E430F9E 6 Bytes JMP 5FB80F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F8B0F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5FAC0F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] USER32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] USER32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5FA30F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F100F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ADVAPI32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F220F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ADVAPI32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F250F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ADVAPI32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F280F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ADVAPI32.dll!ControlService 77DF4A09 6 Bytes JMP 5F130F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ADVAPI32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F1F0F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ADVAPI32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F2B0F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F2E0F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F040F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ADVAPI32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F070F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F160F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F190F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ADVAPI32.dll!DeleteService 77E374B1 6 Bytes JMP 5F1C0F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ole32.dll!CoCreateInstanceEx 774FF154 6 Bytes JMP 5F880F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ole32.dll!CoGetClassObject 775151F5 6 Bytes JMP 5F850F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ole32.dll!CLSIDFromProgID 77518322 6 Bytes JMP 5F820F5A
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3032] ole32.dll!CLSIDFromProgIDEx 77556235 6 Bytes JMP 5F7F0F5A
    .text C:\Program Files\Toolkit\Fighters\SPAMfighter\sfagent.exe[3260] WS2_32.dll!sendto 71AB2F51 6 Bytes JMP 5F100F5A
    .text C:\Program Files\Toolkit\Fighters\SPAMfighter\sfagent.exe[3260] WS2_32.dll!recvfrom 71AB2FF7 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\Toolkit\Fighters\SPAMfighter\sfagent.exe[3260] WS2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 5F220F5A
     
    Howattee,
    #3
  5. 2010/12/07
    Howattee Lifetime Subscription

    Howattee Well-Known Member Thread Starter

    Joined:
    2010/02/10
    Messages:
    146
    Likes Received:
    1
    Part 3

    .text C:\Program Files\Toolkit\Fighters\SPAMfighter\sfagent.exe[3260] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 5F040F5A
    .text C:\Program Files\Toolkit\Fighters\SPAMfighter\sfagent.exe[3260] WS2_32.dll!send 71AB4C27 6 Bytes JMP 5F0D0F5A
    .text C:\Program Files\Toolkit\Fighters\SPAMfighter\sfagent.exe[3260] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 5F160F5A
    .text C:\Program Files\Toolkit\Fighters\SPAMfighter\sfagent.exe[3260] WS2_32.dll!recv 71AB676F 6 Bytes JMP 5F070F5A
    .text C:\Program Files\Toolkit\Fighters\SPAMfighter\sfagent.exe[3260] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 5F1C0F5A
    .text C:\Program Files\Toolkit\Fighters\SPAMfighter\sfagent.exe[3260] WS2_32.dll!WSARecvFrom 71ABF66A 6 Bytes JMP 5F190F5A
    .text C:\Program Files\Toolkit\Fighters\SPAMfighter\sfagent.exe[3260] WS2_32.dll!WSASendTo 71AC0AAD 6 Bytes JMP 5F1F0F5A
    .text C:\Program Files\Toolkit\Fighters\SPAMfighter\sfagent.exe[3260] WS2_32.dll!WSAConnect 71AC0C81 6 Bytes JMP 5F130F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [65, 5F]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [86, 5F]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [68, 5F]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [89, 5F]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [6B, 5F]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [71, 5F] {JNO 0x61}
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [74, 5F] {JZ 0x61}
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [77, 5F] {JA 0x61}
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [9E, 5F] {SAHF ; POP EDI}
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [8C, 5F]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [7A, 5F] {JP 0x61}
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [7D, 5F] {JGE 0x61}
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [8F, 5F]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtSetContextThread 7C90DBAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtSetContextThread + 4 7C90DBB2 2 Bytes [9B, 5F] {WAIT ; POP EDI}
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 5F] {XCHG EDX, EAX; POP EDI}
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [80, 5F]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [83, 5F]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 5F] {XCHG EBP, EAX; POP EDI}
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [98, 5F] {CWDE ; POP EDI}
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F520F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F5B0F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F550F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [5F, 5F] {POP EDI; POP EDI}
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [62, 5F]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F580F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] user32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FD60F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] user32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5FB50F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] user32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5FC70F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] user32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5FB20F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] user32.dll!CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] user32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [D1, 5F]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] user32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FD30F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] user32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5FC10F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] user32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5FB80F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] user32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5FCA0F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] user32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5FAF0F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] user32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] user32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [BF, 5F]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] user32.dll!SetClipboardData 7E430F9E 6 Bytes JMP 5FD90F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] user32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5FAC0F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] user32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5FCD0F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] user32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] user32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [BC, 5F]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] user32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5FC40F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] advapi32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F310F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] advapi32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F430F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] advapi32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F460F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] advapi32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F490F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] advapi32.dll!ControlService 77DF4A09 6 Bytes JMP 5F340F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] advapi32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F400F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] advapi32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F4C0F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] advapi32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F4F0F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] advapi32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F250F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] advapi32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F280F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] advapi32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F2B0F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] advapi32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] advapi32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [2F, 5F] {DAS ; POP EDI}
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] advapi32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F370F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] advapi32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F3A0F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] advapi32.dll!DeleteService 77E374B1 6 Bytes JMP 5F3D0F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ole32.dll!CoCreateInstanceEx 774FF154 6 Bytes JMP 5FA90F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ole32.dll!CoGetClassObject 775151F5 6 Bytes JMP 5FA60F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ole32.dll!CLSIDFromProgID 77518322 6 Bytes JMP 5FA30F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] ole32.dll!CLSIDFromProgIDEx 77556235 6 Bytes JMP 5FA00F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] WS2_32.dll!sendto 71AB2F51 6 Bytes JMP 5F100F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] WS2_32.dll!recvfrom 71AB2FF7 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] WS2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 5F220F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 5F040F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] WS2_32.dll!send 71AB4C27 6 Bytes JMP 5F0D0F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 5F160F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] WS2_32.dll!recv 71AB676F 6 Bytes JMP 5F070F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 5F1C0F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] WS2_32.dll!WSARecvFrom 71ABF66A 6 Bytes JMP 5F190F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] WS2_32.dll!WSASendTo 71AC0AAD 6 Bytes JMP 5F1F0F5A
    .text C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe[3908] WS2_32.dll!WSAConnect 71AC0C81 6 Bytes JMP 5F130F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [44, 5F] {INC ESP; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [65, 5F]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [47, 5F] {INC EDI; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [68, 5F]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [7D, 5F] {JGE 0x61}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [6B, 5F]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [59, 5F] {POP ECX; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [5C, 5F] {POP ESP; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtSetContextThread 7C90DBAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtSetContextThread + 4 7C90DBB2 2 Bytes [7A, 5F] {JP 0x61}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [71, 5F] {JNO 0x61}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [62, 5F]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [74, 5F] {JZ 0x61}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [77, 5F] {JA 0x61}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3A0F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [3E, 5F]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FB50F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5FA60F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] USER32.dll!CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] USER32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [B0, 5F] {MOV AL, 0x5f}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FB20F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5FA00F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F970F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5FA90F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] USER32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5F8E0F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] USER32.dll!SetClipboardData 7E430F9E 6 Bytes JMP 5FB80F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F8B0F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5FAC0F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] USER32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] USER32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5FA30F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F100F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ADVAPI32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F220F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ADVAPI32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F250F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ADVAPI32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F280F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ADVAPI32.dll!ControlService 77DF4A09 6 Bytes JMP 5F130F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ADVAPI32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F1F0F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ADVAPI32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F2B0F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F2E0F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F040F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ADVAPI32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F070F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F160F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F190F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ADVAPI32.dll!DeleteService 77E374B1 6 Bytes JMP 5F1C0F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ole32.dll!CoCreateInstanceEx 774FF154 6 Bytes JMP 5F880F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ole32.dll!CoGetClassObject 775151F5 6 Bytes JMP 5F850F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ole32.dll!CLSIDFromProgID 77518322 6 Bytes JMP 5F820F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] ole32.dll!CLSIDFromProgIDEx 77556235 6 Bytes JMP 5F7F0F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] WS2_32.dll!sendto 71AB2F51 6 Bytes JMP 5FC70F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] WS2_32.dll!recvfrom 71AB2FF7 6 Bytes JMP 5FC10F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] WS2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 5FD90F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 5FBB0F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] WS2_32.dll!send 71AB4C27 6 Bytes JMP 5FC40F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 5FCD0F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] WS2_32.dll!recv 71AB676F 6 Bytes JMP 5FBE0F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 5FD30F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] WS2_32.dll!WSARecvFrom 71ABF66A 6 Bytes JMP 5FD00F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] WS2_32.dll!WSASendTo 71AC0AAD 6 Bytes JMP 5FD60F5A
    .text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5680] WS2_32.dll!WSAConnect 71AC0C81 6 Bytes JMP 5FCA0F5A

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs ShlDrv51.sys (PandaShield driver/Panda Security, S.L.)

    AttachedDevice \FileSystem\Ntfs \Ntfs pavdrv51.sys (Antivirus Filter Driver for Windows XP/2003 x86/Panda Security, S.L.)
    AttachedDevice \FileSystem\Ntfs \Ntfs av5flt.sys
    AttachedDevice \Driver\Tcpip \Device\Ip NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)
    AttachedDevice \Driver\Tcpip \Device\Tcp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)
    AttachedDevice \Driver\Tcpip \Device\Udp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)
    AttachedDevice \Driver\Tcpip \Device\RawIp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)

    ---- EOF - GMER 1.0.15 ----
     
    Howattee,
    #4
  6. 2010/12/07
    Howattee Lifetime Subscription

    Howattee Well-Known Member Thread Starter

    Joined:
    2010/02/10
    Messages:
    146
    Likes Received:
    1
    MBR Check

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x00ff01dd

    Kernel Drivers (total 138):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA0B8000 MountMgr.sys
    0xB9F49000 ftdisk.sys
    0xBA330000 PartMgr.sys
    0xBA338000 pavboot.sys
    0xBA0C8000 VolSnap.sys
    0xB9F31000 atapi.sys
    0xBA0D8000 disk.sys
    0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9F11000 fltmgr.sys
    0xB9EFF000 sr.sys
    0xBA0F8000 PxHelp20.sys
    0xB9EE8000 KSecDD.sys
    0xB9E5B000 Ntfs.sys
    0xB9E2E000 NDIS.sys
    0xBA340000 pssnap.sys
    0xBA108000 ohci1394.sys
    0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xB9E14000 Mup.sys
    0xBA288000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xBA308000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB9355000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xB9341000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB9319000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xBA408000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB92F5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA410000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xBA318000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA148000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA158000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB92D2000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB929D000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    0xBA418000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xBA168000 \SystemRoot\system32\DRIVERS\serial.sys
    0xB9DE0000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xBA178000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xBA420000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA698000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA188000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB9DDC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB9286000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA198000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA1A8000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBA428000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB9275000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA1B8000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA430000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA438000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB9245000 \SystemRoot\system32\DRIVERS\neti1639.sys
    0xBA1C8000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA440000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA5D2000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB91E7000 \SystemRoot\system32\DRIVERS\update.sys
    0xB9DCC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xBA1D8000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xBA1F8000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA5DA000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xBA448000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xBA5DE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA6A6000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA5E0000 \SystemRoot\System32\Drivers\Beep.SYS
    0xBA458000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xBA460000 \SystemRoot\System32\drivers\vga.sys
    0xBA5E2000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA5E4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xBA468000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA470000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xBA56C000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xAC2C8000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xAC26F000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xAC249000 \??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS
    0xAC1D3000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xBA218000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xAC1AB000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xAC189000 \SystemRoot\System32\drivers\afd.sys
    0xBA228000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xBA238000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xBA248000 \??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS
    0xB989B000 \SystemRoot\System32\DRIVERS\ShlDrv51.sys
    0xAC0BE000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB988B000 \SystemRoot\System32\Drivers\PSFileDsk.SYS
    0xBA478000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xBA7A7000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
    0xABFFE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xABFD0000 \??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS
    0xAC23D000 \??\C:\WINDOWS\system32\Drivers\fnetmon.SYS
    0xB987B000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB986B000 \??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS
    0xABFBF000 \??\C:\WINDOWS\system32\Drivers\APPFLT.SYS
    0xBA488000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xAC215000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0xAC209000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xB984B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xBA498000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xAC1FD000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xBA4A0000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
    0xB983B000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    0xABECC000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
    0xAC0B6000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xB982B000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xABEB4000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xBA5EA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xAC0A2000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBA3B0000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA771000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF060000 \SystemRoot\System32\ati2cqag.dll
    0xBF0FC000 \SystemRoot\System32\atikvmag.dll
    0xBF196000 \SystemRoot\System32\atiok3x2.dll
    0xBF1FC000 \SystemRoot\System32\ati3duag.dll
    0xBF563000 \SystemRoot\System32\ativvaxx.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xA9350000 \SystemRoot\system32\DRIVERS\pavdrv51.sys
    0xA9363000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xBA3A8000 \SystemRoot\system32\DRIVERS\RtNdPt5x.sys
    0xBA2E8000 \??\C:\WINDOWS\system32\PavTPK.sys
    0xA902B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA8F5B000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA8E94000 \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys
    0xA8D2C000 \??\C:\WINDOWS\system32\PavSRK.sys
    0xA86D3000 \SystemRoot\system32\drivers\av5flt.sys
    0xA857A000 \SystemRoot\System32\Drivers\HTTP.sys
    0xA85DB000 \??\C:\WINDOWS\gdrv.sys
    0xABF67000 \??\C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys
    0xBA5FE000 \??\C:\Program Files\GIGABYTE\ET6\atidgllk.sys
    0xA7B62000 \??\C:\DOCUME~1\Terry\LOCALS~1\Temp\pwdoapod.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 47):
    0 System Idle Process
    4 System
    1060 C:\WINDOWS\system32\smss.exe
    1136 csrss.exe
    1172 C:\WINDOWS\system32\winlogon.exe
    1216 C:\WINDOWS\system32\services.exe
    1228 C:\WINDOWS\system32\lsass.exe
    1404 C:\WINDOWS\system32\svchost.exe
    1472 svchost.exe
    1596 C:\WINDOWS\system32\svchost.exe
    1632 C:\Program Files\Panda Global Protection 2010\TPSrv.exe
    1824 svchost.exe
    2036 svchost.exe
    1812 C:\WINDOWS\system32\spoolsv.exe
    564 svchost.exe
    1532 C:\WINDOWS\system32\svchost.exe
    1952 C:\Program Files\Java\jre6\bin\jqs.exe
    1908 C:\Program Files\Panda Global Protection 2010\PsCtrlS.exe
    864 C:\Program Files\Panda Global Protection 2010\PavFnSvr.exe
    156 C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe
    360 C:\Program Files\Toolkit\PCPitstopScheduleService.exe
    644 C:\Program Files\Panda Global Protection 2010\FIREWALL\PSHost.exe
    1540 C:\Program Files\Panda Global Protection 2010\PsImSvc.exe
    660 C:\Program Files\Panda Global Protection 2010\psksvc.exe
    1300 C:\Program Files\Macrium\Reflect\ReflectService.exe
    656 C:\Program Files\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
    1004 C:\Program Files\Toolkit\Fighters\SPAMfighter\sfus.exe
    280 C:\WINDOWS\explorer.exe
    312 C:\WINDOWS\system32\svchost.exe
    1744 C:\Program Files\Fighters\FighterSuiteService.exe
    2752 wdfmgr.exe
    3028 C:\Program Files\Panda Global Protection 2010\PAVSRV51.EXE
    3736 C:\Program Files\Panda Global Protection 2010\AVENGINE.EXE
    2020 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIABE.EXE
    2168 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3032 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    3260 C:\Program Files\Toolkit\Fighters\SPAMfighter\sfagent.exe
    3908 C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe
    4064 C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    624 C:\WINDOWS\system32\ctfmon.exe
    3072 alg.exe
    2328 C:\WINDOWS\system32\svchost.exe
    4104 C:\Program Files\Panda Global Protection 2010\PavBckPT.exe
    5680 C:\Program Files\GIGABYTE\smart6\timelock\AlarmClock.exe
    4532 C:\Program Files\Panda Global Protection 2010\WebProxy.exe
    4292 C:\WINDOWS\system32\wscntfy.exe
    2276 C:\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive1 at offset 0x00000012`a14c0000 (NTFS)
    \\.\G: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
    \\.\H: --> \\.\PhysicalDrive2 at offset 0x00000012`a14c0000 (NTFS)
    \\.\I: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive1 Model Number: ST3500418AS, Rev: CC38
    PhysicalDrive2 Model Number: ST3500418AS, Rev: CC38
    PhysicalDrive0 Model Number: ST3802110A, Rev: 3.AAJ

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive1 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    465 GB \\.\PhysicalDrive2 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
    Howattee,
    #5
  7. 2010/12/07
    Howattee Lifetime Subscription

    Howattee Well-Known Member Thread Starter

    Joined:
    2010/02/10
    Messages:
    146
    Likes Received:
    1
    DDS.txt


    DDS (Ver_10-12-05.01) - NTFSx86
    Run by Terry at 14:52:51.98 on 07/12/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3579.3001 [GMT 0:00]

    AV: Panda Global Protection 2010 *On-access scanning enabled* (Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}
    FW: Panda Personal Firewall 2010 *enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\Program Files\Panda Global Protection 2010\TPSrv.exe
    svchost.exe
    svchost.exe
    C:\PROGRAM FILES\PANDA GLOBAL PROTECTION 2010\WebProxy.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\system32\svchost -k Panda
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Panda Global Protection 2010\PsCtrls.exe
    C:\Program Files\Panda Global Protection 2010\PavFnSvr.exe
    C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
    C:\Program Files\Toolkit\PCPitstopScheduleService.exe
    c:\program files\panda global protection 2010\firewall\PSHOST.EXE
    C:\Program Files\Panda Global Protection 2010\PsImSvc.exe
    C:\Program Files\Panda Global Protection 2010\PskSvc.exe
    C:\Program Files\Macrium\Reflect\ReflectService.exe
    C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
    C:\Program Files\Toolkit\Fighters\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Fighters\FighterSuiteService.exe
    C:\Program Files\Panda Global Protection 2010\pavsrv51.exe
    C:\Program Files\Panda Global Protection 2010\AVENGINE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Panda Global Protection 2010\ApVxdWin.exe
    C:\Program Files\Toolkit\Fighters\SPAMfighter\sfagent.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Panda Global Protection 2010\SRVLOAD.EXE
    C:\Program Files\Panda Global Protection 2010\PavBckPT.exe
    C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe
    C:\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.open.ac.uk/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    uRun: [StartMenu7] "c:\program files\toolkit\start menu 7\StartMenu7.exe "
    uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe "
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [APVXDWIN] "c:\program files\panda global protection 2010\APVXDWIN.EXE" /s
    mRun: [SCANINICIO] "c:\program files\panda global protection 2010\Inicio.exe "
    mRun: [EPSON Stylus D88 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB002" /M "Stylus D88 "
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [EasyTuneVI] c:\program files\gigabyte\et6\ETcall.exe
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [sfagent] c:\program files\toolkit\fighters\spamfighter\sfagent.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [{082547C1-3441-4450-A440-1C1600E9E45F}] c:\docume~1\terry\locals~1\temp\glb9.tmp c:\docume~1\terry\locals~1\temp\glfe.tmp\settings.ini
    IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287573427312
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avldr - avldr.dll

    ================= FIREFOX ===================

    FF - ProfilePath -
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2010-6-20 28552]
    R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2007-10-20 11776]
    R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2010-6-20 75016]
    R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2010-6-20 53128]
    R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2010-6-20 22072]
    R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2010-6-20 193800]
    R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2010-6-20 159112]
    R1 PSFileDsk;PSFileDsk;c:\windows\system32\drivers\psfiledsk.sys [2007-10-20 14848]
    R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2010-6-20 41144]
    R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2010-6-20 46728]
    R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?]
    R2 Panda Software Controller;Panda Software Controller;c:\program files\panda global protection 2010\PsCtrlS.exe [2010-6-20 173312]
    R2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2010-6-20 84024]
    R2 PAVFNSVR;Panda Function Service;c:\program files\panda global protection 2010\PavFnSvr.exe [2010-6-20 169216]
    R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2010-6-20 163336]
    R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2010-6-20 62768]
    R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda global protection 2010\PAVSRV51.EXE [2010-6-20 291584]
    R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\toolkit\PCPitstopScheduleService.exe [2010-6-20 90352]
    R2 PskSvcRetail;Panda PSK service;c:\program files\panda global protection 2010\psksvc.exe [2010-6-20 28928]
    R2 ReflectService;Macrium Reflect Scheduling Services;c:\program files\macrium\reflect\ReflectService.exe [2007-10-20 192512]
    R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2010-6-20 22016]
    R2 Smart TimeLock;Smart TimeLock Service;c:\program files\gigabyte\smart6\timelock\TimeMgmtDaemon.exe [2010-10-13 114688]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\toolkit\fighters\spamfighter\sfus.exe [2010-11-12 214664]
    R2 Suite Service;Suite Service;c:\program files\fighters\FighterSuiteService.exe [2010-11-12 1145992]
    R3 AODDriver;AODDriver;c:\program files\gigabyte\et6\i386\AODDriver.sys [2009-2-22 7168]
    R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
    R3 NETIMFLT01060039;PANDA NDIS IM Filter Miniport v1.6.0.39;c:\windows\system32\drivers\neti1639.sys [2010-6-20 199432]
    R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
    R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
    R4 atidgllk;atidgllk;c:\program files\gigabyte\et6\atidgllk.sys [2006-7-19 12048]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-6-20 1691480]
    S3 etdrv;etdrv;c:\windows\etdrv.sys [2010-10-13 17488]
    S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2010-6-20 29440]
    S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2010-6-20 17536]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
    SUnknown GVTDrv;GVTDrv; [x]

    =============== File Associations ===============

    JSEFile=c:\progra~1\pandag~1\PAVSCRIP.EXE "%1" %*
    VBEFile=c:\progra~1\pandag~1\PAVSCRIP.EXE "%1" %*
    VBSFile=c:\progra~1\pandag~1\PAVSCRIP.EXE "%1" %*

    =============== Created Last 30 ================

    2010-12-07 14:36:43 296448 ----a-w- C:\GMER.exe
    2010-12-07 14:32:51 624128 ----a-w- C:\dds.scr
    2010-12-07 14:31:34 -------- d-----w- C:\WindowsBBS Logs
    2010-12-07 14:29:53 80384 ----a-w- C:\MBRCheck.exe
    2010-12-07 14:28:01 296448 ----a-w- C:\89e4pyf7.exe
    2010-12-07 14:23:28 -------- d-----w- c:\docume~1\terry\applic~1\Malwarebytes
    2010-12-07 14:21:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-07 14:21:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-12-07 14:21:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-07 14:21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-07 14:20:16 7622112 ----a-w- C:\mbam-setup-1.50.0.0.exe
    2010-12-07 13:54:31 446464 ----a-w- C:\TFC.exe
    2010-12-06 17:33:57 19985265 ----a-w- c:\temp\vlc-1.1.5-win32.exe
    2010-12-06 17:33:47 -------- d-----w- C:\Temp
    2010-12-06 15:44:29 -------- d-----w- C:\symbols
    2010-12-06 15:28:22 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
    2010-12-02 16:05:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-12-02 16:05:38 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2010-11-30 16:44:41 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
    2010-11-30 16:44:41 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2010-11-29 16:47:10 -------- d-----w- c:\program files\common files\Wise Installation Wizard
    2010-11-25 14:14:23 -------- d-----w- c:\docume~1\terry\applic~1\CBS Interactive
    2010-11-16 11:23:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\TomTom
    2010-11-16 11:23:25 -------- d-----w- c:\docume~1\terry\applic~1\TomTom
    2010-11-16 11:23:24 -------- d-----w- c:\docume~1\terry\locals~1\applic~1\TomTom
    2010-11-16 11:22:44 -------- d-----w- c:\program files\TomTom International B.V
    2010-11-16 11:22:35 -------- d-----w- c:\program files\TomTom HOME 2
    2010-11-16 11:19:36 -------- d-----w- c:\program files\TomTom DesktopSuite
    2010-11-16 10:28:00 -------- d-----w- c:\program files\Fighters
    2010-11-16 10:27:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\Fighters
    2010-11-16 10:27:50 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{6EC84E37-AC72-4404-9ED2-B16DE7E9EAEF}

    ==================== Find3M ====================

    2010-12-07 14:51:13 17488 ----a-w- c:\windows\gdrv.sys
    2010-12-06 15:14:59 17488 ----a-w- c:\windows\etdrv.sys
    2010-12-02 16:05:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ------w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl

    ============= FINISH: 14:53:35.89 ===============
     
    Howattee,
    #6
  8. 2010/12/07
    Howattee Lifetime Subscription

    Howattee Well-Known Member Thread Starter

    Joined:
    2010/02/10
    Messages:
    146
    Likes Received:
    1
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-05.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 20/06/2010 17:22:52
    System Uptime: 07/12/2010 14:50:20 (0 hours ago)

    Motherboard: Gigabyte Technology Co., Ltd. | | P55M-UD2
    Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | Socket 1156 | 2664/133mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 75 GiB total, 57.736 GiB free.
    D: is FIXED (NTFS) - 391 GiB total, 382.101 GiB free.
    E: is CDROM ()
    G: is FIXED (NTFS) - 75 GiB total, 61.353 GiB free.
    H: is FIXED (NTFS) - 391 GiB total, 367.426 GiB free.
    I: is FIXED (NTFS) - 75 GiB total, 72.687 GiB free.
    Q: is Removable
    R: is Removable
    S: is Removable
    T: is Removable
    U: is Removable
    V: is Removable
    W: is Removable
    X: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
    Description: Realtek High Definition Audio
    Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0887&SUBSYS_1458A002&REV_1002\4&35A89E12&0&0201
    Manufacturer: Realtek
    Name: Realtek High Definition Audio
    PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0887&SUBSYS_1458A002&REV_1002\4&35A89E12&0&0201
    Service: IntcAzAudAddService

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    7-Zip 4.42
    ABC Amber Outlook Express Converter
    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 9.4.1
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    AI RoboForm (All Users)
    Ant Renamer
    ArcSoft PhotoBase 3
    ArcSoft PhotoStudio 5
    Ask Toolbar
    ATI AVIVO Codecs
    ATI Catalyst Install Manager
    ATI Display Driver
    ATI Problem Report Wizard
    BlueJ 2.1.3
    Canon CanoScan Toolbox 4.1
    CanoScan LiDE20,30 Manual
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center HydraVision Full
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Clipboard Magic 4.01
    CNET TechTracker
    Debugging Tools for Windows (x86)
    Diagnostic Utility
    DMIView B8.0717.01
    Easy Tune 6 B09.1120.1
    EPSON Attach To Email
    EPSON File Manager
    EPSON Printer Software
    EPSON Scan Assistant
    EPSON Web-To-Page
    ExplorerXP (remove only)
    GIMP 2.6.8
    GoodSync
    HDR Darkroom Basic version
    High Definition Audio Driver Package - KB835221
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB981793)
    ImgBurn
    J2SE Runtime Environment 5.0 Update 4
    Java 1.6 Documentation
    Java Auto Updater
    Java DB 10.3.1.4
    Java(TM) 6 Update 22
    Java(TM) 6 Update 7
    Java(TM) SE Development Kit 6 Update 7
    M255 Software
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Office 2000 Disc 2
    Microsoft Office 2000 Professional
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Windows SDK for Windows 7 (7.1)
    Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
    Mozilla Firefox (3.5.9)
    MSXML 6 Service Pack 2 (KB973686)
    Norton PartitionMagic
    Norton PartitionMagic 8.0
    Notepad++
    OmniPage SE
    Outlook Express To HTML Converter v1.2.1
    Panda Global Protection 2010
    PandoraRecovery (Remove Only)
    PC Pitstop Optimize3 3.0
    PDF Settings
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    Reasonable NoClone 2010 Home
    Reflect
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Smart 6 B9.1211.1
    SPAMfighter
    SPAMfighter Client
    Start Menu 7 3.65
    TextBridge Pro 11.0
    TomTom HOME 2.7.6.2056
    TomTom HOME Visual Studio Merge Modules
    TreeSize Professional 4.3.2
    Unlocker 1.8.5
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2362765)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VLC media player 1.0.3
    WebFldrs XP
    Winamp
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows XP Service Pack 3
    Wisdom-soft Set up ScreenHunter 5.1 Free

    ==== Event Viewer Messages From Past Week ========

    07/12/2010 14:06:12, error: Service Control Manager [7034] - The Panda On-Access Anti-Malware Service service terminated unexpectedly. It has done this 1 time(s).
    07/12/2010 14:06:01, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Smart TimeLock Service service to connect.
    07/12/2010 14:06:01, error: Service Control Manager [7000] - The Smart TimeLock Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    07/12/2010 14:04:28, error: Service Control Manager [7031] - The Smart TimeLock Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    07/12/2010 13:58:31, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'NetAdapt.cfg' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    07/12/2010 13:55:28, error: Service Control Manager [7034] - The Suite Service service terminated unexpectedly. It has done this 1 time(s).
    07/12/2010 13:55:28, error: Service Control Manager [7034] - The Panda IManager Service service terminated unexpectedly. It has done this 1 time(s).
    07/12/2010 13:55:27, error: Service Control Manager [7034] - The SPAMfighter Update Service service terminated unexpectedly. It has done this 1 time(s).
    07/12/2010 13:55:27, error: Service Control Manager [7034] - The Panda Software Controller service terminated unexpectedly. It has done this 1 time(s).
    07/12/2010 13:55:27, error: Service Control Manager [7034] - The Panda PSK service service terminated unexpectedly. It has done this 1 time(s).
    07/12/2010 13:55:27, error: Service Control Manager [7034] - The Panda Host Service service terminated unexpectedly. It has done this 1 time(s).
    07/12/2010 13:55:27, error: Service Control Manager [7034] - The Panda Function Service service terminated unexpectedly. It has done this 1 time(s).
    07/12/2010 13:55:27, error: Service Control Manager [7034] - The Macrium Reflect Scheduling Services service terminated unexpectedly. It has done this 1 time(s).
    07/12/2010 13:55:10, error: Service Control Manager [7034] - The PCPitstop Scheduling service terminated unexpectedly. It has done this 1 time(s).
    07/12/2010 13:55:10, error: Service Control Manager [7034] - The Panda Process Protection Service service terminated unexpectedly. It has done this 1 time(s).
    07/12/2010 13:55:10, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    03/12/2010 14:32:39, error: System Error [1003] - Error code 00000050, parameter1 fffffff4, parameter2 00000000, parameter3 805beaef, parameter4 00000000.

    ==== End Of File ===========================
     
    Howattee,
    #7
  9. 2010/12/07
    Howattee Lifetime Subscription

    Howattee Well-Known Member Thread Starter

    Joined:
    2010/02/10
    Messages:
    146
    Likes Received:
    1
    I apologise most profusely. I have created 2 threads for my reports. Would someone join them together if possible.

    In my defence, I was a bit boggled by the character limit of 55000 & wasn't really thinking about the threads.

    Sorry again.
     
    Howattee,
    #8
  10. 2010/12/07
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Merged
     
    PeteC,
    #9
  11. 2010/12/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    So far, I don't see any "baddies ".

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #10
  12. 2010/12/12
    Howattee Lifetime Subscription

    Howattee Well-Known Member Thread Starter

    Joined:
    2010/02/10
    Messages:
    146
    Likes Received:
    1
    Broni, thanks. My Combofix report is this:

    ComboFix 10-12-11.06 - Terry 12/12/2010 16:32:52.1.4 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3579.3019 [GMT 0:00]
    Running from: c:\documents and settings\Terry\Desktop\ComboFix.exe
    AV: Panda Global Protection 2010 *Disabled/Updated* {8BF935E7-731F-4115-B7A5-789FF5087595}
    FW: Panda Personal Firewall 2010 *Disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Terry\Recent\Thumbs.db
    C:\Thumbs.db
    c:\windows\system32\Thumbs.db

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-12 to 2010-12-12 )))))))))))))))))))))))))))))))
    .

    2010-12-07 18:54 . 2010-12-07 18:54 -------- d-----w- c:\program files\Smart Projects
    2010-12-07 18:34 . 2010-12-07 18:58 -------- d-----w- C:\XP_CD
    2010-12-07 16:51 . 2010-12-07 17:25 -------- d-----w- C:\XP_SP3
    2010-12-07 14:36 . 2010-12-07 14:36 296448 ----a-w- C:\GMER.exe
    2010-12-07 14:32 . 2010-12-07 14:33 624128 ----a-w- C:\dds.scr
    2010-12-07 14:31 . 2010-12-07 14:55 -------- d-----w- C:\WindowsBBS Logs
    2010-12-07 14:29 . 2010-12-07 14:29 80384 ----a-w- C:\MBRCheck.exe
    2010-12-07 14:28 . 2010-12-07 14:28 296448 ----a-w- C:\89e4pyf7.exe
    2010-12-07 14:23 . 2010-12-07 14:23 -------- d-----w- c:\documents and settings\Terry\Application Data\Malwarebytes
    2010-12-07 14:21 . 2010-11-29 17:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-07 14:21 . 2010-12-07 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-12-07 14:21 . 2010-12-07 14:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-07 14:21 . 2010-11-29 17:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-07 14:20 . 2010-12-07 14:20 7622112 ----a-w- C:\mbam-setup-1.50.0.0.exe
    2010-12-07 13:54 . 2010-12-07 13:54 446464 ----a-w- C:\TFC.exe
    2010-12-06 17:33 . 2010-12-06 17:35 19985265 ----a-w- c:\temp\vlc-1.1.5-win32.exe
    2010-12-06 17:33 . 2010-12-06 17:33 -------- d-----w- C:\Temp
    2010-12-06 17:33 . 2010-12-06 17:33 -------- d-----w- c:\documents and settings\Terry\Application Data\dvdcss
    2010-12-06 16:34 . 2010-12-07 11:46 -------- d-----w- c:\documents and settings\Terry\Application Data\vlc
    2010-12-06 15:44 . 2010-12-06 15:44 -------- d-----w- C:\symbols
    2010-12-06 15:28 . 2010-12-06 15:44 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
    2010-12-06 15:26 . 2010-12-06 15:26 -------- d-----w- c:\program files\Microsoft SDKs
    2010-12-06 15:13 . 2010-12-06 15:13 -------- d-----w- c:\program files\Microsoft.NET
    2010-12-02 16:05 . 2010-12-02 16:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-12-02 16:05 . 2010-12-02 16:05 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2010-11-30 16:44 . 2008-04-13 20:18 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
    2010-11-30 16:44 . 2008-04-13 20:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2010-11-29 16:47 . 2010-11-29 16:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-11-25 14:14 . 2010-11-25 14:14 -------- d-----w- c:\documents and settings\Terry\Application Data\CBS Interactive
    2010-11-16 11:23 . 2010-11-16 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
    2010-11-16 11:23 . 2010-11-16 11:23 -------- d-----w- c:\documents and settings\Terry\Application Data\TomTom
    2010-11-16 11:23 . 2010-11-16 11:23 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\TomTom
    2010-11-16 11:22 . 2010-11-16 11:22 -------- d-----w- c:\program files\TomTom International B.V
    2010-11-16 11:22 . 2010-11-16 11:22 -------- d-----w- c:\program files\TomTom HOME 2
    2010-11-16 11:19 . 2010-11-16 11:19 -------- d-----w- c:\program files\TomTom DesktopSuite
    2010-11-16 10:28 . 2010-11-16 10:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\Fighters
    2010-11-16 10:28 . 2010-11-16 10:28 -------- d-----w- c:\program files\Fighters
    2010-11-16 10:27 . 2010-11-16 10:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
    2010-11-16 10:27 . 2010-11-16 10:28 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{6EC84E37-AC72-4404-9ED2-B16DE7E9EAEF}

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-12 13:56 . 2010-10-13 15:19 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
    2010-12-12 13:55 . 2010-10-13 15:18 17488 ----a-w- c:\windows\gdrv.sys
    2010-12-06 15:14 . 2010-10-13 15:24 17488 ----a-w- c:\windows\etdrv.sys
    2010-12-02 16:05 . 2010-10-13 14:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-18 11:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartMenu7 "= "c:\program files\Toolkit\Start Menu 7\StartMenu7.exe" [2010-05-12 2779000]
    "RoboForm "= "c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-06-21 160592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "APVXDWIN "= "c:\program files\Panda Global Protection 2010\APVXDWIN.EXE" [2009-09-25 906496]
    "SCANINICIO "= "c:\program files\Panda Global Protection 2010\Inicio.exe" [2009-08-12 56064]
    "EPSON Stylus D88 Series "= "c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE" [2005-01-27 98304]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "EasyTuneVI "= "c:\program files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
    "ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
    "ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
    "RTHDCPL "= "RTHDCPL.EXE" [2009-12-08 18789920]
    "sfagent "= "c:\program files\Toolkit\Fighters\SPAMfighter\sfagent.exe" [2010-11-12 821384]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
    2008-03-18 15:58 58672 ----a-w- c:\windows\system32\avldr.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\c:\0autocheck autochk *\0&

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
    @= "Service "

    [HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^CNET TechTracker.lnk]
    path=c:\documents and settings\Terry\Start Menu\Programs\Startup\CNET TechTracker.lnk
    backup=c:\windows\pss\CNET TechTracker.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
    2002-05-23 16:11 49152 ----a-w- c:\program files\ScanSoft\TextBridgePro11.0\opware32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reflect Scheduler]
    2007-10-20 17:42 204800 ----a-w- c:\program files\Macrium\Reflect\RefSched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2009-12-08 10:29 18789920 ----a-w- c:\windows\RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2010-02-02 22:26 98304 ----a-w- c:\program files\ATI\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    2006-09-07 07:58 15360 ----a-w- c:\program files\Toolkit\Unlocker\UnlockerAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Ati HotKey Poller "=2 (0x2)
    "TomTomHOMEService "=2 (0x2)
    "Bonjour Service "=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=

    R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [20/06/2010 17:44 28552]
    R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [20/10/2007 17:42 11776]
    R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [20/06/2010 17:45 75016]
    R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [20/06/2010 17:46 53128]
    R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [20/06/2010 17:45 22072]
    R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [20/06/2010 17:46 193800]
    R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [20/06/2010 17:45 159112]
    R1 PSFileDsk;PSFileDsk;c:\windows\system32\drivers\psfiledsk.sys [20/10/2007 17:42 14848]
    R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [20/06/2010 17:44 41144]
    R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [20/06/2010 17:46 46728]
    R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
    R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [20/06/2010 17:44 163336]
    R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\Toolkit\PCPitstopScheduleService.exe [20/06/2010 18:40 90352]
    R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Global Protection 2010\psksvc.exe [20/06/2010 17:45 28928]
    R2 ReflectService;Macrium Reflect Scheduling Services;c:\program files\Macrium\Reflect\ReflectService.exe [20/10/2007 17:42 192512]
    R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [20/06/2010 17:57 22016]
    R2 Smart TimeLock;Smart TimeLock Service;c:\program files\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [13/10/2010 15:13 114688]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Toolkit\Fighters\SPAMfighter\sfus.exe [12/11/2010 09:31 214664]
    R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [12/11/2010 09:31 1145992]
    R3 AODDriver;AODDriver;c:\program files\GIGABYTE\ET6\i386\AODDriver.sys [22/02/2009 23:16 7168]
    R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
    R3 NETIMFLT01060039;PANDA NDIS IM Filter Miniport v1.6.0.39;c:\windows\system32\drivers\neti1639.sys [20/06/2010 17:45 199432]
    R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
    R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
    R4 atidgllk;atidgllk;c:\program files\GIGABYTE\ET6\atidgllk.sys [19/07/2006 11:25 12048]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [20/06/2010 18:00 1691480]
    S3 etdrv;etdrv;c:\windows\etdrv.sys [13/10/2010 15:24 17488]
    S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [20/06/2010 17:57 29440]
    S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [20/06/2010 17:57 17536]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
    S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/08/2010 09:38 92008]
    SUnknown GVTDrv;GVTDrv; [x]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - AODDRIVER

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    panda REG_MULTI_SZ Gwmsrv
    .
    Contents of the 'Scheduled Tasks' folder

    2010-06-20 c:\windows\Tasks\Basic clean-up.job
    - c:\program files\Panda Global Protection 2010\PlaTasks.exe [2010-06-20 12:46]

    2010-12-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-02-04 15:50]

    2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{EDB04C8C-BBAC-4FDC-8E30-2BBAD0120518}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.open.ac.uk/
    uInternet Settings,ProxyOverride = *.local
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    FF - ProfilePath -
    FF - HiddenExt: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-12 16:34
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1172)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    c:\windows\system32\avldr.dll
    .
    Completion time: 2010-12-12 16:35:34
    ComboFix-quarantined-files.txt 2010-12-12 16:35

    Pre-Run: 60,763,795,456 bytes free
    Post-Run: 60,884,500,480 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug= "do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - B51AD881C3F21075E89DB621564A455A
     
    Howattee,
    #11
  13. 2010/12/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Uninstall Ask Toolbar, known adware.

    Combofix log looks clean as well :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #12
  14. 2010/12/13
    Howattee Lifetime Subscription

    Howattee Well-Known Member Thread Starter

    Joined:
    2010/02/10
    Messages:
    146
    Likes Received:
    1
    Righto - OTL.txt:

    OTL logfile created on: 13/12/2010 16:33:41 - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Terry\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
    5.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 56.62 Gb Free Space | 75.98% Space Free | Partition Type: NTFS
    Drive D: | 391.24 Gb Total Space | 381.75 Gb Free Space | 97.58% Space Free | Partition Type: NTFS
    Drive F: | 29.80 Gb Total Space | 3.29 Gb Free Space | 11.03% Space Free | Partition Type: NTFS
    Drive G: | 74.52 Gb Total Space | 61.35 Gb Free Space | 82.33% Space Free | Partition Type: NTFS
    Drive H: | 391.24 Gb Total Space | 367.43 Gb Free Space | 93.91% Space Free | Partition Type: NTFS
    Drive I: | 74.52 Gb Total Space | 72.69 Gb Free Space | 97.54% Space Free | Partition Type: NTFS
    Drive J: | 668.83 Gb Total Space | 415.63 Gb Free Space | 62.14% Space Free | Partition Type: NTFS

    Computer Name: OFFICEPC | User Name: Terry | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/13 16:32:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terry\Desktop\OTL.exe
    PRC - [2010/11/12 09:31:52 | 001,145,992 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Fighters\FighterSuiteService.exe
    PRC - [2010/11/12 09:31:30 | 000,214,664 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Toolkit\Fighters\SPAMfighter\sfus.exe
    PRC - [2010/11/12 09:31:25 | 000,821,384 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Toolkit\Fighters\SPAMfighter\sfagent.exe
    PRC - [2010/06/21 13:52:40 | 000,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    PRC - [2010/05/12 16:30:38 | 002,779,000 | ---- | M] (OrdinarySoft) -- C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe
    PRC - [2009/10/15 20:47:48 | 001,003,520 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files\GIGABYTE\smart6\timelock\AlarmClock.exe
    PRC - [2009/10/13 15:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
    PRC - [2009/09/25 11:51:04 | 000,906,496 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Global Protection 2010\ApVxdWin.exe
    PRC - [2009/09/17 11:17:26 | 000,291,584 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Global Protection 2010\PAVSRV51.EXE
    PRC - [2009/09/07 15:40:04 | 000,198,400 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Global Protection 2010\AVENGINE.EXE
    PRC - [2009/08/25 12:28:20 | 000,028,928 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Global Protection 2010\psksvc.exe
    PRC - [2009/08/10 12:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Global Protection 2010\PsCtrlS.exe
    PRC - [2009/08/10 12:45:52 | 000,169,216 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Global Protection 2010\PavFnSvr.exe
    PRC - [2009/08/10 12:45:48 | 000,111,872 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Global Protection 2010\PavBckPT.exe
    PRC - [2009/04/26 13:29:24 | 000,090,352 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\Toolkit\PCPitstopScheduleService.exe
    PRC - [2009/04/23 11:31:16 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Global Protection 2010\WebProxy.exe
    PRC - [2009/04/17 09:17:24 | 000,157,440 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Global Protection 2010\TPSrv.exe
    PRC - [2009/04/08 09:56:24 | 000,226,560 | ---- | M] (Panda Security International) -- c:\Program Files\Panda Global Protection 2010\FIREWALL\PSHost.exe
    PRC - [2008/06/27 12:23:00 | 000,091,392 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Global Protection 2010\SrvLoad.exe
    PRC - [2008/06/19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files\Panda Global Protection 2010\PsImSvc.exe
    PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/02/04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe
    PRC - [2007/10/20 17:42:56 | 000,192,512 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
    PRC - [2005/02/17 06:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    PRC - [2005/01/27 04:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIABE.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010/12/13 16:32:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terry\Desktop\OTL.exe
    MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2009/10/29 19:54:12 | 000,025,320 | ---- | M] (OrdinarySoft) -- C:\Program Files\Toolkit\Start Menu 7\VistaStartMenu.dll
    MOD - [2009/08/10 12:45:54 | 000,095,488 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Global Protection 2010\PavOEpl.dll
    MOD - [2009/03/30 17:22:58 | 000,518,400 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\PavSHook.dll
    MOD - [2007/02/08 09:53:40 | 000,107,568 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\SYSTOOLS.DLL


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/11/12 09:31:52 | 001,145,992 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\Fighters\FighterSuiteService.exe -- (Suite Service)
    SRV - [2010/11/12 09:31:30 | 000,214,664 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\Toolkit\Fighters\SPAMfighter\sfus.exe -- (SPAMfighter Update Service)
    SRV - [2010/08/24 09:38:18 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2010/06/21 19:17:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
    SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
    SRV - [2009/10/13 15:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
    SRV - [2009/09/17 11:17:26 | 000,291,584 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Global Protection 2010\pavsrv51.exe -- (PAVSRV)
    SRV - [2009/08/25 12:28:20 | 000,028,928 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Global Protection 2010\PskSvc.exe -- (PskSvcRetail)
    SRV - [2009/08/10 12:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Global Protection 2010\PsCtrls.exe -- (Panda Software Controller)
    SRV - [2009/08/10 12:45:52 | 000,169,216 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Global Protection 2010\PavFnSvr.exe -- (PAVFNSVR)
    SRV - [2009/04/26 13:29:24 | 000,090,352 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\Toolkit\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
    SRV - [2009/04/17 09:17:24 | 000,157,440 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Global Protection 2010\TPSrv.exe -- (TPSrv)
    SRV - [2009/04/08 09:56:24 | 000,226,560 | ---- | M] (Panda Security International) [Auto | Running] -- c:\program files\panda global protection 2010\firewall\PSHOST.EXE -- (PSHost)
    SRV - [2008/07/02 13:09:36 | 000,060,160 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Global Protection 2010\GWMsrv.dll -- (Gwmsrv)
    SRV - [2008/06/19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Global Protection 2010\PsImSvc.exe -- (PSIMSVC)
    SRV - [2008/02/04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)
    SRV - [2007/10/20 17:42:56 | 000,192,512 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\PavTPK.sys -- (PavTPK.sys)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\PavSRK.sys -- (PavSRK.sys)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Terry\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\av5flt.sys -- (AvFlt)
    DRV - [2010/12/13 13:40:50 | 000,024,944 | ---- | M] () [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv)
    DRV - [2010/12/13 13:40:15 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
    DRV - [2010/12/06 15:14:59 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\etdrv.sys -- (etdrv)
    DRV - [2010/03/22 08:30:22 | 000,222,672 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2010/02/03 04:52:08 | 004,605,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2009/12/08 10:03:00 | 006,017,568 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2009/11/17 23:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
    DRV - [2009/11/17 23:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2009/10/12 02:10:54 | 000,029,440 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS -- (RTLTEAMING)
    DRV - [2009/09/30 22:07:44 | 000,075,016 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPFLT.SYS -- (APPFLT)
    DRV - [2009/09/09 09:29:18 | 000,199,432 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\neti1639.sys -- (NETIMFLT01060039)
    DRV - [2009/06/30 16:17:12 | 000,163,336 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
    DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\pavboot.sys -- (pavboot)
    DRV - [2009/06/16 12:33:02 | 000,046,728 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wnmflt.sys -- (WNMFLT)
    DRV - [2009/06/16 12:33:00 | 000,159,112 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NETFLTDI.SYS -- (NETFLTDI)
    DRV - [2009/06/16 12:32:58 | 000,193,800 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idsflt.sys -- (IDSFLT)
    DRV - [2009/06/16 12:32:58 | 000,053,128 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dsaflt.sys -- (DSAFLT)
    DRV - [2009/02/22 23:16:22 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys -- (AODDriver)
    DRV - [2009/02/16 09:35:06 | 000,017,536 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
    DRV - [2008/07/09 06:11:34 | 000,022,016 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys -- (RtNdPt5x)
    DRV - [2008/04/28 16:35:14 | 000,084,024 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pavdrv51.sys -- (PAVDRV)
    DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/03/28 10:25:06 | 000,022,072 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fnetmon.sys -- (FNETMON)
    DRV - [2008/03/04 14:59:42 | 000,041,144 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShlDrv51.sys -- (ShldDrv)
    DRV - [2007/10/20 17:42:42 | 000,014,848 | ---- | M] (Macrium Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\psfiledsk.sys -- (PSFileDsk)
    DRV - [2007/10/20 17:42:40 | 000,011,776 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pssnap.sys -- (pssnap)
    DRV - [2006/07/19 11:25:10 | 000,012,048 | R--- | M] (ATI Technologies Inc.) [Kernel | Disabled | Running] -- C:\Program Files\GIGABYTE\ET6\atidgllk.sys -- (atidgllk)
    DRV - [2004/05/05 20:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.open.ac.uk/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/06/21 13:52:57 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/20 18:49:08 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/02 16:05:38 | 000,000,000 | ---D | M]

    [2010/11/16 11:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Mozilla\Extensions
    [2010/11/16 11:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Mozilla\Extensions\home2@tomtom.com
    [2010/12/02 16:05:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/12/02 16:05:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/12/02 16:05:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/03/15 16:49:06 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/03/15 16:49:06 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/03/15 16:49:06 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/03/15 16:49:06 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2010/12/12 16:34:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Global Protection 2010\APVXDWIN.EXE (Panda Security, S.L.)
    O4 - HKLM..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe ()
    O4 - HKLM..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Global Protection 2010\Inicio.exe (Panda Security, S.L.)
    O4 - HKLM..\Run: [sfagent] C:\Program Files\Toolkit\Fighters\SPAMfighter\sfagent.exe (SPAMfighter ApS)
    O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - HKCU..\Run: [StartMenu7] C:\Program Files\Toolkit\Start Menu 7\StartMenu7.exe (OrdinarySoft)
    O4 - HKLM..\RunOnce: [Panda_cleaner] C:\Program Files\Panda Global Protection 2010\pskdr.exe (Panda Security S.L.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1287573427312 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Security, S.L.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/06/20 16:21:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/06/05 18:42:47 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/06/20 16:21:24 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (&) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (70382354929025024)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/13 16:31:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Terry\Desktop\OTL.exe
    [2010/12/12 16:32:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/12/12 16:30:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/12/12 16:30:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/12/12 16:30:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/12/12 16:30:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/12/12 16:29:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/12/12 16:09:02 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/07 18:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\Smart Projects
    [2010/12/07 18:34:47 | 000,000,000 | ---D | C] -- C:\XP_CD
    [2010/12/07 16:51:02 | 000,000,000 | ---D | C] -- C:\XP_SP3
    [2010/12/07 14:31:34 | 000,000,000 | ---D | C] -- C:\WindowsBBS Logs
    [2010/12/07 14:23:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Application Data\Malwarebytes
    [2010/12/07 14:21:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/12/07 14:21:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/12/07 14:21:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/12/07 14:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/12/07 14:20:16 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.50.0.0.exe
    [2010/12/07 13:54:31 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\TFC.exe
    [2010/12/06 17:33:47 | 000,000,000 | ---D | C] -- C:\Temp
    [2010/12/06 17:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Application Data\dvdcss
    [2010/12/06 16:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Application Data\vlc
    [2010/12/06 15:44:29 | 000,000,000 | ---D | C] -- C:\symbols
    [2010/12/06 15:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)
    [2010/12/06 15:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
    [2010/12/06 15:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2010/12/03 14:40:40 | 000,052,224 | ---- | C] (NirSoft) -- C:\Documents and Settings\Terry\Desktop\BlueScreenView.exe
    [2010/12/02 16:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/11/29 16:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2010/11/25 14:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\My Documents\Downloads
    [2010/11/25 14:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Application Data\CBS Interactive
    [2010/11/16 11:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\My Documents\TomTom
    [2010/11/16 11:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TomTom
    [2010/11/16 11:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Application Data\TomTom
    [2010/11/16 11:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Application Data\Mozilla
    [2010/11/16 11:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Local Settings\Application Data\TomTom
    [2010/11/16 11:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
    [2010/11/16 11:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
    [2010/11/16 11:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom DesktopSuite
    [2010/11/16 10:59:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010/11/16 10:28:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Fighters
    [2010/11/16 10:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\Fighters
    [2010/11/16 10:27:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fighters
    [2010/11/16 10:27:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{6EC84E37-AC72-4404-9ED2-B16DE7E9EAEF}

    ========== Files - Modified Within 30 Days ==========

    [2010/12/13 16:32:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terry\Desktop\OTL.exe
    [2010/12/13 16:19:21 | 000,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
    [2010/12/13 16:11:44 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\Terry\Application Data\Microsoft\Internet Explorer\Quick Launch\ScreenHunter 5.1 Free.lnk
    [2010/12/13 14:48:16 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EDB04C8C-BBAC-4FDC-8E30-2BBAD0120518}.job
    [2010/12/13 14:45:35 | 000,001,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\pfdnnt.act
    [2010/12/13 13:42:28 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Terry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/13 13:41:37 | 000,303,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
    [2010/12/13 13:41:37 | 000,303,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
    [2010/12/13 13:41:37 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck
    [2010/12/13 13:41:37 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg
    [2010/12/13 13:41:37 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck
    [2010/12/13 13:41:37 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg
    [2010/12/13 13:41:36 | 000,418,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck
    [2010/12/13 13:41:36 | 000,418,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls
    [2010/12/13 13:41:36 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck
    [2010/12/13 13:41:36 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
    [2010/12/13 13:41:36 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck
    [2010/12/13 13:41:36 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg
    [2010/12/13 13:41:36 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt
    [2010/12/13 13:41:36 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck
    [2010/12/13 13:41:36 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg
    [2010/12/13 13:40:50 | 000,024,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
    [2010/12/13 13:40:35 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg.bck
    [2010/12/13 13:40:35 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg
    [2010/12/13 13:40:35 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck
    [2010/12/13 13:40:35 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt
    [2010/12/13 13:39:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/12/12 16:51:31 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Terry\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
    [2010/12/12 16:46:28 | 000,001,537 | ---- | M] () -- C:\Documents and Settings\Terry\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
    [2010/12/12 16:34:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/12/12 16:32:15 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/12/12 16:30:05 | 003,988,679 | R--- | M] () -- C:\Documents and Settings\Terry\Desktop\ComboFix.exe
    [2010/12/12 13:55:03 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/12/07 18:54:26 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\IsoBuster.lnk
    [2010/12/07 14:36:43 | 000,296,448 | ---- | M] () -- C:\GMER.exe
    [2010/12/07 14:33:12 | 000,624,128 | ---- | M] () -- C:\dds.scr
    [2010/12/07 14:29:53 | 000,080,384 | ---- | M] () -- C:\MBRCheck.exe
    [2010/12/07 14:28:01 | 000,296,448 | ---- | M] () -- C:\89e4pyf7.exe
    [2010/12/07 14:20:50 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.50.0.0.exe
    [2010/12/07 13:54:40 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\TFC.exe
    [2010/12/07 13:51:29 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt.bck
    [2010/12/07 10:51:08 | 000,493,236 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/12/07 10:51:08 | 000,083,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/12/06 16:00:28 | 000,004,294 | ---- | M] () -- C:\f1.jpg
    [2010/12/03 17:02:57 | 000,001,491 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\Solitaire.lnk
    [2010/12/03 14:31:48 | 177,504,256 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
    [2010/12/03 11:42:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/12/02 14:35:59 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\Terry\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/11/30 20:26:49 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\Terry\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel.lnk
    [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/29 15:04:23 | 000,052,224 | ---- | M] (NirSoft) -- C:\Documents and Settings\Terry\Desktop\BlueScreenView.exe
    [2010/11/25 14:14:24 | 000,001,197 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\CNET TechTracker.lnk
    [2010/11/24 16:27:50 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Terry\My Documents\spider.sav
    [2010/11/19 21:05:55 | 000,025,601 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
    [2010/11/16 13:57:21 | 000,000,179 | ---- | M] () -- C:\WINDOWS\ScreenHunter.INI
    [2010/11/16 10:24:33 | 001,539,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/11/15 16:44:14 | 000,002,437 | ---- | M] () -- C:\Documents and Settings\Terry\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Publisher.lnk

    ========== Files Created - No Company Name ==========

    [2010/12/13 16:11:44 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\Terry\Application Data\Microsoft\Internet Explorer\Quick Launch\ScreenHunter 5.1 Free.lnk
    [2010/12/12 16:32:15 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/12/12 16:32:12 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/12/12 16:30:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/12/12 16:30:58 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/12/12 16:30:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/12/12 16:30:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/12/12 16:30:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/12/12 14:07:40 | 003,988,679 | R--- | C] () -- C:\Documents and Settings\Terry\Desktop\ComboFix.exe
    [2010/12/07 18:54:26 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\IsoBuster.lnk
    [2010/12/07 14:36:43 | 000,296,448 | ---- | C] () -- C:\GMER.exe
    [2010/12/07 14:32:51 | 000,624,128 | ---- | C] () -- C:\dds.scr
    [2010/12/07 14:29:53 | 000,080,384 | ---- | C] () -- C:\MBRCheck.exe
    [2010/12/07 14:28:01 | 000,296,448 | ---- | C] () -- C:\89e4pyf7.exe
    [2010/12/06 16:13:44 | 000,004,294 | ---- | C] () -- C:\f1.jpg
    [2010/12/06 15:27:50 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Terry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/03 17:02:52 | 000,001,491 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\Solitaire.lnk
    [2010/12/03 17:02:33 | 000,001,502 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\Spider Solitaire.lnk
    [2010/11/25 14:14:24 | 000,001,197 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\CNET TechTracker.lnk
    [2010/11/19 21:05:55 | 000,025,601 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
    [2010/10/16 13:48:22 | 000,000,179 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
    [2010/10/13 15:19:05 | 000,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
    [2010/10/13 15:13:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\CommCmd.dll
    [2010/10/13 15:11:43 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
    [2010/06/21 14:18:04 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2010/06/21 14:05:15 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDED88.ini
    [2010/06/21 13:14:52 | 000,001,045 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
    [2010/06/21 09:28:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2010/06/21 09:28:52 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
    [2010/06/21 09:28:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
    [2010/06/20 17:54:27 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
    [2010/06/20 17:08:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

    ========== LOP Check ==========

    [2010/06/20 17:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup
    [2010/11/16 10:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Toolkit Suite
    [2010/11/16 10:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fighters
    [2010/06/21 13:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
    [2010/06/20 18:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
    [2010/06/20 17:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
    [2010/12/13 13:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
    [2010/06/21 13:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
    [2010/11/01 17:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2010/11/01 17:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
    [2010/06/21 13:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
    [2010/11/16 11:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
    [2010/06/21 14:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
    [2010/11/16 10:28:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6EC84E37-AC72-4404-9ED2-B16DE7E9EAEF}
    [2010/12/13 13:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Canon
    [2010/11/25 14:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\CBS Interactive
    [2010/11/16 10:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Common Toolkit Suite
    [2010/10/18 13:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Elluminate
    [2010/11/16 10:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Fighters
    [2010/06/21 15:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\GoodSync
    [2010/06/21 18:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\ImgBurn
    [2010/10/19 14:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\JAM Software
    [2010/11/25 15:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Notepad++
    [2010/06/20 17:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Panda Security
    [2010/10/18 13:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Reasonable Software House Ltd
    [2010/06/21 13:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\ScanSoft
    [2010/12/07 14:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Start Menu 7
    [2010/11/16 11:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\TomTom
    [2010/06/20 17:45:58 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\Basic clean-up.job
    [2010/12/13 14:48:16 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EDB04C8C-BBAC-4FDC-8E30-2BBAD0120518}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/12/07 14:28:01 | 000,296,448 | ---- | M] () -- C:\89e4pyf7.exe
    [2010/06/20 16:21:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/12/03 11:42:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/12/12 16:32:15 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/12/12 16:35:34 | 000,018,032 | ---- | M] () -- C:\ComboFix.txt
    [2010/06/20 16:21:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/12/07 14:33:12 | 000,624,128 | ---- | M] () -- C:\dds.scr
    [2010/12/06 15:47:56 | 000,017,115 | ---- | M] () -- C:\debuglog.txt
    [2010/12/06 16:00:28 | 000,004,294 | ---- | M] () -- C:\f1.jpg
    [2010/12/07 14:36:43 | 000,296,448 | ---- | M] () -- C:\GMER.exe
    [2010/06/20 16:21:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/12/07 14:20:50 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.50.0.0.exe
    [2010/12/07 14:29:53 | 000,080,384 | ---- | M] () -- C:\MBRCheck.exe
    [2010/06/20 16:21:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2006/02/28 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/10/27 16:30:02 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/12/13 13:39:39 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2010/12/07 13:54:40 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\TFC.exe

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2010/06/20 16:21:09 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/07/06 10:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2010/06/20 17:06:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2010/06/20 17:06:05 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2010/06/20 17:06:05 | 000,950,272 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2010/10/27 16:33:21 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/10/27 17:55:48 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Terry\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2010/06/20 17:06:29 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Terry\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/29 15:04:23 | 000,052,224 | ---- | M] (NirSoft) -- C:\Documents and Settings\Terry\Desktop\BlueScreenView.exe
    [2010/12/12 16:30:05 | 003,988,679 | R--- | M] () -- C:\Documents and Settings\Terry\Desktop\ComboFix.exe
    [2010/12/13 16:32:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terry\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/10/27 17:55:48 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Terry\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/12/13 13:41:33 | 000,196,608 | ---- | M] () -- C:\Documents and Settings\Terry\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2008/04/14 00:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 00:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 00:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 14:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 17:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 00:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 18:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 18:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 18:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
    Howattee,
    #13
  15. 2010/12/13
    Howattee Lifetime Subscription

    Howattee Well-Known Member Thread Starter

    Joined:
    2010/02/10
    Messages:
    146
    Likes Received:
    1
    And Extras.txt:

    OTL Extras logfile created on: 13/12/2010 16:33:41 - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Terry\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
    5.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 56.62 Gb Free Space | 75.98% Space Free | Partition Type: NTFS
    Drive D: | 391.24 Gb Total Space | 381.75 Gb Free Space | 97.58% Space Free | Partition Type: NTFS
    Drive F: | 29.80 Gb Total Space | 3.29 Gb Free Space | 11.03% Space Free | Partition Type: NTFS
    Drive G: | 74.52 Gb Total Space | 61.35 Gb Free Space | 82.33% Space Free | Partition Type: NTFS
    Drive H: | 391.24 Gb Total Space | 367.43 Gb Free Space | 93.91% Space Free | Partition Type: NTFS
    Drive I: | 74.52 Gb Total Space | 72.69 Gb Free Space | 97.54% Space Free | Partition Type: NTFS
    Drive J: | 668.83 Gb Total Space | 415.63 Gb Free Space | 62.14% Space Free | Partition Type: NTFS

    Computer Name: OFFICEPC | User Name: Terry | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .js [@ = JSFile] -- C:\Program Files\Panda Global Protection 2010\PAVSCRIP.EXE (Panda Security, S.L.)
    .jse [@ = JSEFile] -- C:\Program Files\Panda Global Protection 2010\PAVSCRIP.EXE (Panda Security, S.L.)
    .vbe [@ = VBEFile] -- C:\Program Files\Panda Global Protection 2010\PAVSCRIP.EXE (Panda Security, S.L.)
    .vbs [@ = VBSFile] -- C:\Program Files\Panda Global Protection 2010\PAVSCRIP.EXE (Panda Security, S.L.)
    .wsf [@ = WSFFile] -- C:\Program Files\Panda Global Protection 2010\PAVSCRIP.EXE (Panda Security, S.L.)
    .wsh [@ = WSHFile] -- C:\Program Files\Panda Global Protection 2010\PAVSCRIP.EXE (Panda Security, S.L.)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
    jsfile [open] -- C:\PROGRA~1\PANDAG~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
    jsefile [open] -- C:\PROGRA~1\PANDAG~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    vbefile [open] -- C:\PROGRA~1\PANDAG~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
    vbsfile [open] -- C:\PROGRA~1\PANDAG~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
    wsffile [open] -- C:\PROGRA~1\PANDAG~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
    wshfile [open] -- C:\PROGRA~1\PANDAG~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\Toolkit\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\Toolkit\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
    "DisableMonitoring" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
    "DisableMonitoring" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
    "{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{0746324A-74A1-DD6E-3DC7-89FF5432D29D}" = CCC Help Thai
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0A2D1DFE-5362-6CCF-46D7-07006D726383}" = CCC Help Russian
    "{0DA693CA-9AE8-0780-E49C-3D49E099077B}" = Catalyst Control Center Localization All
    "{0E3673BA-262D-61D0-3F2F-D6DE0F687F62}" = ATI AVIVO Codecs
    "{10BC9ED1-5D41-54C6-862C-2C00E5C434EF}" = CCC Help Portuguese
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1BE326D9-BA06-A574-72AA-C428C6F09549}" = CCC Help German
    "{1D0AB230-E7BC-41CB-A50C-F282273E897B}" = SPAMfighter Client
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F4814EB-4453-B4ED-29C9-C7F1AE76152F}" = Catalyst Control Center Core Implementation
    "{1F574BD4-0F5E-47FB-9B25-E9C529710096}" = TextBridge Pro 11.0
    "{1FDDECB1-702D-C574-295B-BC9CCE51C795}" = CCC Help Italian
    "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
    "{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
    "{246DB002-665C-CD60-390A-DE2BE952C7CC}" = CCC Help Dutch
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
    "{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java(TM) SE Development Kit 6 Update 7
    "{33D322FB-0F56-79B5-13A5-B72C901AB4AB}" = Catalyst Control Center Graphics Light
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3894D9AB-D4A7-4D51-9516-D729058F1F76}" = Reasonable NoClone 2010 Home
    "{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B9.1211.1
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
    "{408018E8-85F0-832D-851F-11C31FF939BD}" = ccc-core-static
    "{427E8045-62BF-DD85-079C-21AE345BA815}" = CCC Help Finnish
    "{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B09.1120.1
    "{46DCE6DC-6C9B-0E3F-F9F0-662B8BAFDCA5}" = CCC Help English
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
    "{62A7970B-2586-D420-AC6D-F8CA0E7B5B81}" = Catalyst Control Center Graphics Full Existing
    "{651E63E0-772C-CC4F-2C2E-9AF3114925F0}" = CCC Help Spanish
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
    "{732A305A-88E0-D5ED-EA88-5D9A9B9B8783}" = CCC Help Greek
    "{75C659EA-EA00-AC02-9F97-5EFDC53AB699}" = ccc-utility
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{777A1FE5-9C56-F3D6-A387-79BBE18030DB}" = CCC Help Hungarian
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7BECB8AC-C406-0434-509F-351A17000E8F}" = CCC Help Japanese
    "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{81A25967-DB85-4B48-A8A7-D25AC191DEE4}" = Panda Global Protection 2010
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{85EC876D-27B4-D811-1419-BB021AEA351C}" = CCC Help Danish
    "{8A211E60-DD55-FF66-1C10-FFA05BB32CDA}" = CCC Help Chinese Traditional
    "{8BD970EF-2149-4775-B0A1-69B06945868D}" = Panda Global Protection 2010
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A57C8520-5970-3FE0-9BC2-520FB6D447D1}" = Catalyst Control Center HydraVision Full
    "{ABAD9CD0-08A4-4E21-A2EA-678FC83C5AF3}" = Reflect
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{ADB458D8-A0E2-FC9E-6271-DD22CA464A6F}" = CCC Help Polish
    "{B1C4983E-7720-3970-5F21-5AFF18AEF5BD}" = CCC Help Swedish
    "{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
    "{B360A8E5-C171-4AAE-9777-65B3CDB0072C}" = CanoScan LiDE20,30 Manual
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B6E14B01-0C5F-6509-0F27-C92F44DBF34C}" = CCC Help Chinese Standard
    "{B98898CD-9097-6D0E-C5B8-418433A00717}" = CCC Help Turkish
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
    "{C07B4B1F-0BD1-7C1A-5765-FAC354EB9AD7}" = CCC Help Korean
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C388FB07-1679-E1EF-7DE4-172E3FDB595E}" = CCC Help Norwegian
    "{C617EC41-9E21-3915-AA7E-F156B74F7D07}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D32E70CD-819B-6196-0319-42AC224A8982}" = ATI Catalyst Install Manager
    "{D6900D91-35A7-5DC4-07D4-AF3123BB3422}" = ATI Problem Report Wizard
    "{D8318C33-701B-2E7B-AAE7-9DB37D367D65}" = ccc-core-preinstall
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
    "{E940C734-8AFB-4F22-F102-A00AC8B3069B}" = CCC Help French
    "{EA7CFDF5-3C98-7906-E7F6-9758C1415622}" = Catalyst Control Center Graphics Previews Common
    "{EFBF0779-93EE-4261-9CF3-EA68FA7E1152}" = CCC Help Czech
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F989A261-EA16-C585-D081-DEB21EF6784A}" = Catalyst Control Center InstallProxy
    "{FCD92A32-25B2-D2C1-7B7B-DFA2E78AD3AC}" = Catalyst Control Center Graphics Full New
    "7-Zip" = 7-Zip 4.42
    "ABC Amber Outlook Express Converter" = ABC Amber Outlook Express Converter
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
    "AI RoboForm" = AI RoboForm (All Users)
    "Ant Renamer 2_is1" = Ant Renamer
    "ATI Display Driver" = ATI Display Driver
    "BlueJ_is1" = BlueJ 2.1.3
    "Clipboard Magic_is1" = Clipboard Magic 4.01
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "EPSON Printer and Utilities" = EPSON Printer Software
    "ExplorerXP" = ExplorerXP (remove only)
    "HDR Darkroom" = HDR Darkroom Basic version
    "ie8" = Windows Internet Explorer 8
    "ImgBurn" = ImgBurn
    "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
    "InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
    "InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B09.1120.1
    "IsoBuster_is1" = IsoBuster 2.8
    "Java 1.6 Documentation" = Java 1.6 Documentation
    "M255 Software" = M255 Software
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
    "Notepad++" = Notepad++
    "Outlook Express To HTML Converter_is1" = Outlook Express To HTML Converter v1.2.1
    "PandoraRecovery" = PandoraRecovery (Remove Only)
    "PC Pitstop Optimize3_is1" = PC Pitstop Optimize3 3.0
    "SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
    "SPAMfighter" = SPAMfighter
    "Start Menu 7_is1" = Start Menu 7 3.65
    "TomTom HOME" = TomTom HOME 2.7.6.2056
    "TreeSize Professional_is1" = TreeSize Professional 4.3.2
    "Unlocker" = Unlocker 1.8.5
    "VLC media player" = VLC media player 1.0.3
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WIC" = Windows Imaging Component
    "Winamp" = Winamp
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinGimp-2.0_is1" = GIMP 2.6.8
    "Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "CNET TechTracker" = CNET TechTracker

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 23/11/2010 10:25:10 | Computer Name = OFFICEPC | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 23/11/2010 10:26:07 | Computer Name = OFFICEPC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module oleaut32.dll, version 5.1.2600.5512, fault address 0x000048a4.

    Error - 23/11/2010 10:26:12 | Computer Name = OFFICEPC | Source = Application Error | ID = 1001
    Description = Fault bucket 1192721345.

    Error - 25/11/2010 13:06:50 | Computer Name = OFFICEPC | Source = Application Error | ID = 1000
    Description = Faulting application pavjobs.exe, version 10.9.4.1, faulting module
    ntdll.dll, version 5.1.2600.5755, fault address 0x00011da1.

    Error - 25/11/2010 13:07:11 | Computer Name = OFFICEPC | Source = Application Error | ID = 1001
    Description = Fault bucket 1539357937.

    Error - 29/11/2010 10:36:18 | Computer Name = OFFICEPC | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 29/11/2010 10:41:06 | Computer Name = OFFICEPC | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 06/12/2010 12:35:07 | Computer Name = OFFICEPC | Source = Application Hang | ID = 1002
    Description = Hanging application vlc.exe, version 1.0.3.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 07/12/2010 10:48:05 | Computer Name = OFFICEPC | Source = Application Error | ID = 1000
    Description = Faulting application apvxdwin.exe, version 10.9.10.1, faulting module
    config.dll, version 10.9.3.2, fault address 0x0007678f.

    Error - 13/12/2010 11:03:56 | Computer Name = OFFICEPC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module pavlsphook.dll, version 9.2.0.0, fault address 0x00004aaf.

    [ System Events ]
    Error - 27/10/2010 11:36:52 | Computer Name = OFFICEPC | Source = Service Control Manager | ID = 7034
    Description = The PCPitstop Scheduling service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 27/10/2010 11:37:20 | Computer Name = OFFICEPC | Source = Service Control Manager | ID = 7034
    Description = The Common Toolkit Service service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 27/10/2010 11:37:35 | Computer Name = OFFICEPC | Source = Service Control Manager | ID = 7034
    Description = The Macrium Reflect Scheduling Services service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 27/10/2010 11:37:52 | Computer Name = OFFICEPC | Source = Service Control Manager | ID = 7034
    Description = The SPAMfighter Update Service service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 27/10/2010 11:38:03 | Computer Name = OFFICEPC | Source = Service Control Manager | ID = 7031
    Description = The Smart TimeLock Service service terminated unexpectedly. It has
    done this 1 time(s). The following corrective action will be taken in 100 milliseconds:
    Restart the service.

    Error - 27/10/2010 12:11:03 | Computer Name = OFFICEPC | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80090006: Windows XP Service Pack 3 (KB936929).


    < End of report >
     
    Howattee,
    #14
  16. 2010/12/13
    Howattee Lifetime Subscription

    Howattee Well-Known Member Thread Starter

    Joined:
    2010/02/10
    Messages:
    146
    Likes Received:
    1
    Oh and I have removed the ask toolbar. Thanks again.
     
    Howattee,
    #15
  17. 2010/12/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    We need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ================================================================

    OTL log looks clean as well.

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #16
  18. 2010/12/14
    Howattee Lifetime Subscription

    Howattee Well-Known Member Thread Starter

    Joined:
    2010/02/10
    Messages:
    146
    Likes Received:
    1
    I have a question for you Broni. Why do I have to save everything to my desktop?
     
    Howattee,
    #17
  19. 2010/12/14
    Howattee Lifetime Subscription

    Howattee Well-Known Member Thread Starter

    Joined:
    2010/02/10
    Messages:
    146
    Likes Received:
    1
    Security Check results:

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Disabled!
    Panda Global Protection 2010
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java 1.6 Documentation
    Java(TM) 6 Update 22
    Java(TM) SE Development Kit 6 Update 7
    Java DB 10.3.1.4
    Out of date Java installed!
    Adobe Flash Player
    Adobe Reader 9.4.1
    Mozilla Firefox (3.5.9) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    panda global protection 2010 firewall PSHOST.EXE
    ````````````````````````````````
    DNS Vulnerability Check:
    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
    Howattee,
    #18
  20. 2010/12/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Two reasons:
    - at some point we'll run OTL Cleanup, which will be removing most of the tools, we've been using and it'll be looking for those tools at your desktop
    - any tools, which you'll have to delete manually, are easier to find in plain view (desktop)

    ==============================================================

    Unless you're Java developer, uninstall the following:
    - Java DB 10.3.1.4
    - Java(TM) SE Development Kit 6 Update 7
    - Java 1.6 Documentation

    ============================================================

    Update Firefox to the current 3.6.13 version.

    You still owe me Eset scan....
     
    broni,
    #19
  21. 2010/12/15
    Howattee Lifetime Subscription

    Howattee Well-Known Member Thread Starter

    Joined:
    2010/02/10
    Messages:
    146
    Likes Received:
    1
    Ok Broni, That info about the Desktop makes sense.

    I am currently studying OOP with Java with the Open University, so I guess I need to keep some of this Java stuff.

    I don't want to update Firefox because Roboform does not like the later version, I very rarely use Firefox so I may be better simply uninstalling it?

    I have had a few problems running the Eset scan, mainly due to my workload with OOP studies, but I will be running it later today and will post results then.

    Thanks for your assistance.
     
    Howattee,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...